Take that proactive approach a step further and grab a known good image URL,
and a known bad image URL. Dump the headers and compare.
Worst case scenario, nothing seems out of the ordinary. Then you could do
something else like build a valid list of mime types (valid to you and your
app) and at
I am trying to run the following using CF6.1:
cfhttp
url=http://xmlfeed.laterooms.com/index.aspx?aid=1000rtype=4kword=cardiff;
method=get/cfhttp but despite getting status code 200 OK the content is
'Connection Failure'.
After looking at various threads and articles I've also tried these
Hi,
Just wondering - I know that in Coldfusion 8 you can have a chart with multiple
data series. BUT is it also possible to have multiple axes - so that each data
serie can have it's own y-axis?
~|
Want to reach the
Hi
Ive the below code and im trying to get it to check first that the confirmation
field in the comments table is equal to 1 before it send
at the minute its sending anyway
any tips
Thanks
cfquery name=qgetdetails datasource=#test#
Select *
From comments
where confirmation = 1
/cfquery
Hi
Ive the below code and im trying to get it to check first that the confirmation
field in the comments table is equal to 1 before it send
at the minute its sending anyway
any tips
Thanks
cfquery name=qgetdetails datasource=#test#
Select *
From comments
where confirmation = 1
/cfquery
Hi
Ive the below code and im trying to get it to check first that the confirmation
field in the comments table is equal to 1 before it send
at the minute its sending anyway
any tips
Thanks
cfquery name=qgetdetails datasource=#test#
Select *
From comments
where confirmation = 1
/cfquery
Running: MX 6.1
WINDOWS 2000 Server
I have configured to have ColdFusion process HTM and HTML pages and have
pointed IIS to point .htm and .html files to the ColdFusion engine as well as
updated the web.xml file.
The problem is, .html and .htm files won't bring up Windows security prompt to
just add a cfif around the mail
cfif qgetdetails.recordcount gt 0
cfmail.
/cfmail
/cfif
Rob
On Mon, Apr 19, 2010 at 11:52 AM, Damo Drumm
damien.dr...@quinn-group.comwrote:
Hi
Ive the below code and im trying to get it to check first that the
confirmation field in the comments table
cfif qgetdetails.recordcount
cfmail ...
/cfif
On Mon, Apr 19, 2010 at 10:52 AM, Damo Drumm
damien.dr...@quinn-group.comwrote:
Hi
Ive the below code and im trying to get it to check first that the
confirmation field in the comments table is equal to 1 before it send
at the minute its
Try the code below. I added:
cfif qgetdetails.recordcount gt 0
/cfif
Rick
cfquery name=qgetdetails datasource=#test#
Select *
From comments
where confirmation = 1
/cfquery
cfif qgetdetails.recordcount gt 0
cfmail to=t...@123.com
bcc=t...@123,t...@123
cfif qgetdetails.results gt 1 blah/cfif ? Rudimentary but would work
Tiffany Trott
Freelance CF Developer
codedaw...@gmail.com
-Original Message-
From: Damo Drumm [mailto:damien.dr...@quinn-group.com]
Sent: Monday, April 19, 2010 9:52 AM
To: cf-talk
Subject: cfmail
Hi
Ive the below
Like so?
http://www.coldfusionjedi.com/index.cfm/2008/11/11/Ask-a-Jedi-Two-yAxis-for-ColdFusion-Charts
On Mon, Apr 19, 2010 at 9:58 AM, marc -- m...@marcbakker.com wrote:
Hi,
Just wondering - I know that in Coldfusion 8 you can have a chart with
multiple data series. BUT is it also
cfhttp
url=http://xmlfeed.laterooms.com/index.aspx?aid=1000rtype=4kword=cardiff;
method=get/cfhttp but despite getting status code 200 OK the
content is 'Connection Failure'.
I had this problem too, with CF 7 and 8 and never been able to find a
solution.
It is such a problem for my
With such a small percentage of images with issues. Could there be issues of
the upload itself? I remember in the past alot of the issues I use to run into
with images not rendering via the upload usually came back to a bad connection.
Tested it with the clients help to verify. Its
When I clients having problems uploading images, I will usually ask
for one or more of the problem images to be sent to me so I can verify
their format or other issues.
Rick
-Original Message-
From: Christopher Stowell [mailto:christopher.stow...@yahoo.com]
Sent: Sunday, April 18, 2010
You actually have two problems here.
Let's talk about the first problem, as it sounds like you are uploading the
file directly to the images directory. This is a major security risk and you
should avoid this.
Second this gives you the opportunity to store the files into a temp
directory that is
Can you clarify this some, Andrew?
Let's talk about the first problem, as it sounds like you are uploading
the
file directly to the images directory. This is a major security risk and
you
should avoid this.
If appropriate formats are specified in the cffile accept parameter, what
risk is
RE: First problem.
Something like this is the problem:
http://www.coldfusionjedi.com/index.cfm/2009/9/21/How-Galleon-was-Hacked
- Gabriel
On Mon, Apr 19, 2010 at 1:33 PM, Rick Faircloth r...@whitestonemedia.comwrote:
Can you clarify this some, Andrew?
Let's talk about the first problem,
Just curious what people are using to make/manage CRUD screens these days
for data management applications. Anything new in this area over the last
couple of years?
-Justin
~|
Want to reach the ColdFusion community with
On 4/19/2010 10:33 AM, Rick Faircloth wrote:
If appropriate formats are specified in the cffile accept parameter, what
risk is there? Some kind of file that fakes its format or has malicious
code embedded in it?
Yes, that can happen.
And concerning your second concern below, I've
Is there a way to query to find out if I have any active CFSchedule items? I
tried to set up a cfschedule and it's not executing the file that I specified.
I don't have access to the CF server other than through code and I'm looking
for ways to trouble shoot this. I've not used cfschedule
We were aware of the security issues so we do upload to a temporary location,
we then check the sizing of the images and create thumbnails and reduce the
size to the correct size.
The weird thing is the images that do not work - are images. If we pull the
file down, open it in PhotoShop and
Thanks for the feedback, Ian.
I'll at least start making use of the isImage() function.
Rick
-Original Message-
From: Ian Skinner [mailto:h...@ilsweb.com]
Sent: Monday, April 19, 2010 1:57 PM
To: cf-talk
Subject: Re: Can this be done?
On 4/19/2010 10:33 AM, Rick Faircloth wrote:
If
Matt -
I have the same problem with a client - they receive images from a 3rd party
- and when they upload them they don't show up in IE. (They do in FF
though...) Resaving in photoshop doesn't always fix the issue either...
Sometimes we have to make a NEW image - then cut and paste the pic
Daniel:
We have the same 'relationship' with your servers, and although it is
kludgy, we manage to get by using the following code (just place it in a
file and visit it online to see what is scheduled):
cfschedule action=run task=__list
hope this helps
m
On Mon, Apr 19, 2010 at 1:00 PM,
There are several things which could be wrong.
- Unidentified, or incorrect, color profile
- Image is in CMYK. ColdFusion might not mind this, but many browsers won't
display these images.
andy
-Original Message-
From: Eric Nicholas Sweeney [mailto:n...@bigfatdesigns.com]
Sent:
I don't see where you mention what version of ColdFusion you are using, but if
you are using CF8+ then here is what I do. I also have a site that uploads
images.
cfimage action=read source=C:\ImgStore\TheUploadedImage.jpg name=myImage
cfset Info = ImageInfo(myImage)
!--- LOOK AT THE
Good stuff, Chuck!
I've been using cfimage like crazy since CF8, but there are so
many other image functions I haven't used or am not even aware of!
Time to have a look at them!
Rick
-Original Message-
From: Chuck Weidler [mailto:h...@coldfusionguru.com]
Sent: Monday, April 19, 2010
2 types of JPG that can cause problems: CMYK and progressive JPEG. As
others have noted on this thread, this is not just a problem with the
image engine used by CF, but is a problem with any browser as well.
CMYK images will *not* (in my experience) convert properly within CF
image
I have configured to have ColdFusion process HTM and HTML pages and have
pointed IIS to point .htm and .html files to the
ColdFusion engine as well as updated the web.xml file.
The problem is, .html and .htm files won't bring up Windows security prompt
to log in. All of the .cfm do. Any
I am trying to run the following using CF6.1:
cfhttp
url=http://xmlfeed.laterooms.com/index.aspx?aid=1000rtype=4kword=cardiff;
method=get/cfhttp but despite
getting status code 200 OK the content is 'Connection Failure'.
After looking at various threads and articles I've also tried these
I can't believe I got hit again. One of my old pages that is no
longer linked into the website didn't have a cfqueryparam.. I deleted
it from my local machine but forgot to delete it from the server.
I have a generic checker in my cfapplication, but it missed this
one.. here is the sequence
I use the Poster plug-in for FireFox and I get the expected results. When I
run this from ColdFusion I get your connection failure.
However when I did a cfdump of cfhttp - I noticed one thing.
Set-Cookie ASP.NET_SessionId=dz1h2vqepah1efatrmjk1445; path=/; HttpOnly
It looks like they are
Whenever you can get to something using your server's web browser, but
can't get to it via CFHTTP, you can simply examine the HTTP requests
and responses and see how they differ. Use a recorder of some sort
(Wireshark, HttpWatch, etc) and see what's different, and change your
CFHTTP
However when I did a cfdump of cfhttp - I noticed one thing.
Set-Cookie ASP.NET_SessionId=dz1h2vqepah1efatrmjk1445; path=/; HttpOnly
It looks like they are trying to set a cookie for authentication or at least
to maintain a session. This works great with a browser but not cfhttp. I
do
Fuseguard: http://foundeo.com/security/
Just add a couple lines to your App.cfc or App.cfm and bam, you're secure.
Worked awesome for a legacy CFML application that one of our customers
was having major SQL injection problems with.
Warm regards,
Jordan Michaels
Vivio Technologies
It looks like they are trying to set a cookie for authentication or
at least
to maintain a session.
If they check for a cookie and do not find it, they would return some
error message, but not a 200 status and a connection failure in the same
time.
And if it works under CF 5 and not under CF
Al,
These sort of attacks increase and decrease in waves unfortunately. I spent
a few hours fixing a customer server this week myself. Very similar
codewise:
http://www.coldfusionmuse.com/index.cfm/2010/4/16/SQLi-char-urchin
-Mark
Mark A. Kruger, MCSE, CFG
(402) 408-3733 ext 105
I'm in the same boat. Here's a little code I knowkced to gether to tell me
waht was going on for my CFMX8 instance
!-- put in server root --
ColdFusion Information - click on struct for infomationbr
cfoutput
brBase Template Path = #GetBaseTemplatePath()#p
cfdump var=#server#expand=no
FWIW I don't believe in silver bullets, but one can get a decent amount
of mileage by taking the SQL account that CF connects to the database
with and removing accessing to the system and information schema tables.
Chances are your app doesn't use those tables and a lot of SQLi attacks
revolve
And for the love of all that is
good in the world, don't ever let your
webs servers ever connect to your
database with sa.
sa, that is the SAfest account right ? ;)
~|
Want to reach the ColdFusion community with
I thought it was Secure Account???
=]
On Mon, Apr 19, 2010 at 4:27 PM, Leigh cfsearch...@yahoo.com wrote:
And for the love of all that is
good in the world, don't ever let your
webs servers ever connect to your
database with sa.
sa, that is the SAfest account right ? ;)
If you block this at the webserver, or better yet network level, you
won't incur any processing overhead, and less-than-secure code is at
least a bit protected.
Some apache rewrite rules have been posted that will at least stop it
at the webserver level, and I think someone posted the IIS plugin
I am curious to know if there's any Open-source free ColdFusion CMS out
there like Joomla?
Joomla is the latest craze in CMS making it easy for people to manage their
own websites. I'm wondering if there's anything comparable in CF? Currently
I build my own CMS depending on the site I'm doing
Take a look at Mura. Not as full featured yet but its only a little over a
year old.
On Apr 19, 2010 8:00 PM, Rick Sanders c...@webenergy.ca wrote:
I am curious to know if there's any Open-source free ColdFusion CMS out
there like Joomla?
Joomla is the latest craze in CMS making it easy for
AFAIK, no, unfortunately.
We have used it at times for projects it fit best over the last 4 years,
really wish there was something like it in CF-land. Closest thing I can
think of is Mura, if their open source plugin community started going nuts.
Eric
-Original Message-
From: Rick
+1 for Mura. Great CMS system and a great price too! (free)
http://www.getmura.com/
Warm regards,
Jordan Michaels
Vivio Technologies
http://www.viviotech.net/
Open BlueDragon Steering Committee
Railo Community Distributions
Rick Mason wrote:
Take a look at Mura. Not as full featured yet
Hey thanks for the link!
I just don't like losing to Joomla because of the fact it's free and many
not for profits use it.
-Original Message-
From: Jordan Michaels [mailto:jor...@viviotech.net]
Sent: Monday, April 19, 2010 9:40 PM
To: cf-talk
Subject: Re: Joomla?
+1 for Mura. Great
Take a look at Farcry CMS
http://www.farcrycore.org/
Version 6 is due real soon now
On 20 April 2010 07:58, Rick Sanders c...@webenergy.ca wrote:
I am curious to know if there's any Open-source free ColdFusion CMS out
there like Joomla?
Joomla is the latest craze in CMS making it
Hi Mark,
You missed the first part of my post.. they actually look up all
of the table names and field names! They don't do it by throwing random errors!
And it replaced all of the text instead of appending. Appending is
easier to fix. Luckily nothing of importance is stored in that
Have you tried CF9?
mxAjax / CFAjax docs and other useful articles:
http://www.bifrost.com.au/blog/
On 20 April 2010 01:01, wrote:
cfhttp
url=
http://xmlfeed.laterooms.com/index.aspx?aid=1000rtype=4kword=cardiff;
method=get/cfhttp but despite getting status code 200 OK the
content is
Have you tried CF9?
Actually no.
~|
Want to reach the ColdFusion community with something they want? Let them know
on the House of Fusion mailing lists
Archive:
I'd like to second Dave Watts' comments. It is true that cfhttp can't
handle compressed responses and if you are hitting a web server that is
gzipping the HTTP response you will get a Connection Failure message even
though that doesn't seem at all like the appropriate message for the
53 matches
Mail list logo
