Re: cfselect am I missing something.

[Raymond Camden]

Hmm, it was my understanding you returned a query for selects.
According to the docs - I'm half right. You can return a query, or a
2D array. It does not say you can return an AoS.

On 8/11/07, Jeremy Rottman <[EMAIL PROTECTED]> wrote:
> >What do you see in Firebug? I cannot stress enough (and this it to
> >_everyone_ who is playing with Ajax for the first time) the CRITICAL
> >important of Firebug. it lets you see the Ajax requests and what they
> >are returning.
> >
> >Now if I had to guess - I'd bet that this.dsn doesn't equal anything
> >as I didn't see it set. This is where Firebug would help. You would be
> >able to see the request, and response, and possibly the error I just
> >mentioned in the response.
> >
> >
> >>
>
> this.dsn was set further in in my cfc. The functions I posted where just part 
> of the over all cfc.
>
> I finally figured out what the issue was. It was because I was returning an 
> Array of Structures to the attribute. I still have yet to find a work around 
> for this issue. It seems that the bind element only accepts a 2d Array.
>
> I say bah to this. There has to be a away for the bind attribute to accept a 
> AoS as a viable datasource. Seeing as which the adobe api documentation says 
> that the cfc bind type is an AoS.
>
> Anyone have a clue how this can be done with an AoS?
>
> 

~|
Check out the new features and enhancements in the
latest product release - download the "What's New PDF" now
http://download.macromedia.com/pub/labs/coldfusion/cf8_beta_whatsnew_052907.pdf

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286041
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: The first CF site on everyone's mind

[Casey Dougall]

On 8/11/07, Will Tomlinson <[EMAIL PROTECTED]> wrote:
>
> >Not I.. hate coffee
> >
>
> I'd likely shrivel up and die without my daily cups of starbucks.
>
> they need some 's on that site too...


The same could happen if you drink too much starbucks.

 Gulp down 42.81 cups of Starbucks Tall
Coffeeand
you're history.

http://www.energyfiend.com/death-by-caffeine/

Even better for your morning joe is the following.

https://addons.mozilla.org/en-US/firefox/addon/2677

Morning Coffee 1.26
  Keeps track of daily routine websites and opens them in tabs...


~|
Create robust enterprise, web RIAs.
Upgrade to ColdFusion 8 and integrate with Adobe Flex
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286040
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: cfselect am I missing something.

[Jeremy Rottman]

>What do you see in Firebug? I cannot stress enough (and this it to
>_everyone_ who is playing with Ajax for the first time) the CRITICAL
>important of Firebug. it lets you see the Ajax requests and what they
>are returning.
>
>Now if I had to guess - I'd bet that this.dsn doesn't equal anything
>as I didn't see it set. This is where Firebug would help. You would be
>able to see the request, and response, and possibly the error I just
>mentioned in the response.
>
>
>>

this.dsn was set further in in my cfc. The functions I posted where just part 
of the over all cfc.

I finally figured out what the issue was. It was because I was returning an 
Array of Structures to the attribute. I still have yet to find a work around 
for this issue. It seems that the bind element only accepts a 2d Array. 

I say bah to this. There has to be a away for the bind attribute to accept a 
AoS as a viable datasource. Seeing as which the adobe api documentation says 
that the cfc bind type is an AoS.

Anyone have a clue how this can be done with an AoS? 

~|
Create robust enterprise, web RIAs.
Upgrade to ColdFusion 8 and integrate with Adobe Flex
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286039
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

RE: SOT: Google Indexing certain content, can I avoid it with JS?

[Dave Watts]

> Interestingly, not all the search engines pay 
> attention to robots.txt.

Google does, however.

Dave Watts, CTO, Fig Leaf Software


~|
ColdFusion 8 - Build next generation apps
today, with easy PDF and Ajax features - download now
http://download.macromedia.com/pub/labs/coldfusion/cf8_beta_whatsnew_052907.pdf

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286038
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: tinyMCE templates

[jake]

Yes, the button is in the editor and when I click it the popup.htm file 
displays.  I've changed that to be a popup.cfm and verified it works.  What I'm 
confused on is how do I get what I want inserted back into the editor?

Jake

Original Message ---
Did you add theme_advanced_buttons3_add : "template" or similar?

On 8/11/07, Jake Churchill <[EMAIL PROTECTED]> wrote:
> Anyone on this???  Anyone at all?  Sorry if this is off topic but I'm sure
> there are coldFusion people using various WYSIWYG editors.  Just hoping that
> someone uses tinyMCE.
>
> _
>
> Jake Churchill
> CF Webtools
> 11204 Davenport, Ste. 200b
> Omaha, NE  68154
> http://www.cfwebtools.com
> 402-408-3733 x103
>
>
> -Original Message-
> From: Jake Churchill [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 09, 2007 4:51 PM
> To: CF-Talk
> Subject: tinyMCE templates
>
> Has anyone done any work with tinyMCE and its template plugin?  I'm having a
> hard time getting this set up.  I have the init altered to provide the
> button and load the template files.  I've modified the default popup.htm to
> be popup.cfm and modified some content inside there.  Now, I'm wondering how
> to actually get an insert.  I've got a directory /tinymcetemplates where I
> will store all the templates.  So far I have one (listtemplate.cfm).  I've
> got this in my .init()
>
>
>
> template_templates : [
>
> {
>
> title : "List - Menu",
>
> src : "listtemplate.cfm?listclass=list",
>
> description : "Unordered List"
>
> }
>
> ]
>
>
>
> Here are the contents of listtemplate.cfm:
>
>
>
> 
>
>
>
> 
>
> 
>
> 
>
>   Item 1
>
>   Item 2
>
>   Item 3
>
> 
>
> 
>
> 
>
>
>
>
>
> How do I get that into my editor???
>
> _
>
> Jake Churchill
> CF Webtools
> 11204 Davenport, Ste. 200b
> Omaha, NE  68154
> HYPERLINK "http://www.cfwebtools.com"http://www.cfwebtools.com
> 402-408-3733 x103
>
>
>
>
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.476 / Virus Database: 269.11.10/943 - Release Date: 8/8/2007
> 5:38 PM
>
>
>
>
>
>
> 



~|
Check out the new features and enhancements in the
latest product release - download the "What's New PDF" now
http://download.macromedia.com/pub/labs/coldfusion/cf8_beta_whatsnew_052907.pdf

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286037
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: The first CF site on everyone's mind

[Will Tomlinson]

>Hey Will,
>
>Your email has been bouncing and your domain expired back on the 7th.  :-(
>
>Bill


Shoot me an email Bill. It's back up. 

Thanks,
Will 

~|
Enterprise web applications, build robust, secure 
scalable apps today - Try it now ColdFusion Today
ColdFusion 8 beta - Build next generation apps

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286036
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: SOT: Google Indexing certain content, can I avoid it with JS?

[Charles Sheehan-Miles]

Interestingly, not all the search engines pay attention to robots.txt.
Library of Congress uses Archive.org, and they were throwing a lot of errors
on my site by pulling up pages without url parameters, even though those
pages were in my robots.txt.  I finally got a hold of someone there and they
basically told me they ignore robots.txt because so many people tell them
not to archive images.


On 7/4/07 7:17 AM, "Will Tomlinson" <[EMAIL PROTECTED]> wrote:

> Can you use a robots.txt file to tell google to ignore these pages?
> 
> Will
> 
> 
> 

~|
Download the latest ColdFusion 8 utilities including Report Builder,
plug-ins for Eclipse and Dreamweaver updates.
http;//www.adobe.com/cfusion/entitlement/index.cfm?e=labs%5adobecf8%5Fbeta

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286035
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: cfselect am I missing something.

[Raymond Camden]

What do you see in Firebug? I cannot stress enough (and this it to
_everyone_ who is playing with Ajax for the first time) the CRITICAL
important of Firebug. it lets you see the Ajax requests and what they
are returning.

Now if I had to guess - I'd bet that this.dsn doesn't equal anything
as I didn't see it set. This is where Firebug would help. You would be
able to see the request, and response, and possibly the error I just
mentioned in the response.

On 8/11/07, Jeremy Rottman <[EMAIL PROTECTED]> wrote:
> I am playing around with my new coldfusion 8 install. I am trying to use Ben 
> Forta's example to bind data from two of my cfc's. But for some reason, my 
> tests don't work at all. It does not populate any of the inputs and gives no 
> errors
>
>
> Here is the code I am using
>
> test.cfm
>
> 
> 
> 
> Select Media Type:
>  bind="cfc:com.UtilityManager.List_Categories()"
> bindonload="true" />
> 
> 
> Select Art:
>  bind="cfc:com.UtilityManager.List_Sections({catUUID})" />
> 
> 
> 
>
>
> Function: List_Categories
> returntype="array">
>   
>  SELECT
> fld_category_UUID as catUUID,
> fld_category_Name as catName,
> fld_category_Alias
>  FROM
> tbl_classAd_Categories
>  ORDER BY
> fld_category_Order ASC
>   
>  
>  
>  
> 
>
>
>
> 
>  
>   
>
>
> Function: List_Sections
>
> returntype="array">
>   
>  
> SELECT
>fld_section_UUID,
>fld_section_Name,
>fld_section_Alias,
>fld_category_UUID
> FROM
>tbl_classAd_Sections
> WHERE
>fld_category_UUID =  value="#arguments.catUUID#" />
>  
>
>  
>  
>  
> 
>
>
>
>
> 
>  
>   
>
>
> 

~|
Download the latest ColdFusion 8 utilities including Report Builder,
plug-ins for Eclipse and Dreamweaver updates.
http;//www.adobe.com/cfusion/entitlement/index.cfm?e=labs%5adobecf8%5Fbeta

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286034
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

cfselect am I missing something.

[Jeremy Rottman]

I am playing around with my new coldfusion 8 install. I am trying to use Ben 
Forta's example to bind data from two of my cfc's. But for some reason, my 
tests don't work at all. It does not populate any of the inputs and gives no 
errors


Here is the code I am using

test.cfm




Select Media Type:



Select Art:






Function: List_Categories
   
  
 SELECT
fld_category_UUID as catUUID,
fld_category_Name as catName,
fld_category_Alias
 FROM
tbl_classAd_Categories
 ORDER BY
fld_category_Order ASC
  
 
 
 

   
   
   

 
  
   

Function: List_Sections

   
   
 
SELECT
   fld_section_UUID,
   fld_section_Name,
   fld_section_Alias,
   fld_category_UUID
FROM
   tbl_classAd_Sections
WHERE
   fld_category_UUID = 
 
 
 
 
 

   
   
   
   

 
  


~|
Create robust enterprise, web RIAs.
Upgrade to ColdFusion 8 and integrate with Adobe Flex
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286033
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: securing jsessionid

[Brian Kotek]

Yeah even if you encrypt it, if someone sniffs the connection and gets the
encrypted value, they can pass that the same way they would pass the normal
jsessionid. In other words, it doesn't make any difference. Maybe you could
salt the id with their IP address or something but then you could run into
problems with proxy servers. I'm still not clear on what the "security
issue" is, unless they think a cookie of any kind is a security issue.

On 8/11/07, Phil Wilson <[EMAIL PROTECTED]> wrote:
>
> To be honest, as a noob, there's a bunch of things that I don't know that
> I don't know. Unconcious incompetence. In this instance I saw a session id
> value and thought it best to encrypt it, because perhaps there was a way
> that I didn't know about that this could be exploited, especially since it
> was so easy to find.  That's all.
> >
> > What are you afraid they will do?
> >
> > What is the threat model you are so concerned about?
> >
> Jochem
>
> 

~|
Check out the new features and enhancements in the
latest product release - download the "What's New PDF" now
http://download.macromedia.com/pub/labs/coldfusion/cf8_beta_whatsnew_052907.pdf

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286032
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: securing jsessionid

[Phil Wilson]

To be honest, as a noob, there's a bunch of things that I don't know that I 
don't know. Unconcious incompetence. In this instance I saw a session id value 
and thought it best to encrypt it, because perhaps there was a way that I 
didn't know about that this could be exploited, especially since it was so easy 
to find.  That's all.
> 
> What are you afraid they will do?
> 
> What is the threat model you are so concerned about?
> 
Jochem 

~|
Check out the new features and enhancements in the
latest product release - download the "What's New PDF" now
http://download.macromedia.com/pub/labs/coldfusion/cf8_beta_whatsnew_052907.pdf

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286031
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: securing jsessionid

[Jochem van Dieten]

Phil Wilson wrote:
> What is TLS? Sorry for my ignorance. A quick google on it suggested it is to 
> do with SSL, which i have setup for this app.

It is. And if you have it set up you are safe from the man in the middle 
attack you were asking about.


> My thinking has been that with SSL in place the transfer of the value from 
> server to browser and back should be protected, but when viewing the 
> jsessionid cookie from the browser i can still see the unencrypted jessionid 
> value, and then be able to take advantage of it.

But that is not a man in the middle attack but an endpoint attack. And 
even then, how will they take advantage of it?


> I guess that means a hacker would need to have physical access to the pc of 
> the session they wanted to access (?) but it's still a hole i'd like to close 
> if I can.

What are you afraid they will do?


> If not, would it be more secure to not use J2EE Session Management and follow 
> wat Ben blogged in the link i left before?

I think what Ben blogged about does not offer more protection, only more 
control.
You, and whomever Ben wrote his blog article for, seem to be hung up on 
"The one problem that I haven't been able to resolve is that this 
JSESSIONID cookie is not secure." without at any point explaining why 
"this JSESSIONID cookie is not secure". For all I know his blog entry is 
not about browser security at all but the somebody for whom Ben wrote 
his article forgot the secure attribute on a cfcookie tag and some 
automated security testing tool got hung up on that. (And Ben forgot 
that attribute in his alternative so it doesn't score points there.)

What is the threat model you are so concerned about?

Jochem

~|
Check out the new features and enhancements in the
latest product release - download the "What's New PDF" now
http://download.macromedia.com/pub/labs/coldfusion/cf8_beta_whatsnew_052907.pdf

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286030
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: securing jsessionid

[Phil Wilson]

heh well I can't fault that logic 
Thanks for the common sense that I lost somewhere over the last few hours. 


>If the hacker had physical access to the machine, how would it matter
>whether the jsessionid was encrypted or not?
>
>
>> 

~|
ColdFusion 8 - Build next generation apps
today, with easy PDF and Ajax features - download now
http://download.macromedia.com/pub/labs/coldfusion/cf8_beta_whatsnew_052907.pdf

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286029
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: securing jsessionid

[Brian Kotek]

If the hacker had physical access to the machine, how would it matter
whether the jsessionid was encrypted or not?

On 8/11/07, Phil Wilson <[EMAIL PROTECTED]> wrote:
>
> What is TLS? Sorry for my ignorance. A quick google on it suggested it is
> to do with SSL, which i have setup for this app. My thinking has been that
> with SSL in place the transfer of the value from server to browser and back
> should be protected, but when viewing the jsessionid cookie from the browser
> i can still see the unencrypted jessionid value, and then be able to take
> advantage of it. I guess that means a hacker would need to have physical
> access to the pc of the session they wanted to access (?) but it's still a
> hole i'd like to close if I can. If not, would it be more secure to not use
> J2EE Session Management and follow wat Ben blogged in the link i left
> before? Have i mis/understood what you mean?  Thanks for your quick
> response.
>
> > Phil Wilson wrote:
> > > Hi I'm trying to figure out how I can encrypt or hide the jsessionid
> > value because as it stands with firefox and the webdeveloper add on,
> > it can be found in a number of seconds and then exploited by some man
> > in the middle hacker.
> >
> > You should encrypt it with TLS.
> >
> Jochem
>
> 

~|
ColdFusion is delivering applications solutions at at top companies 
around the world in government.  Find out how and where now
http://www.adobe.com/cfusion/showcase/index.cfm?event=finder&productID=1522&loc=en_us

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286028
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: securing jsessionid

[Phil Wilson]

No, as I'd like to use j2ee sessions, but either hide or encrypt jsessionid 
from prying eyes. It's very possible what i'm trying to do doesn't make sense i 
guess, i'm quite the noob, but if it doesn't i'd be grateful if you can help me 
understand why?  

>Have you turned off "Use J2EE session variables" in the administrator?
>
>
>> 

~|
Enterprise web applications, build robust, secure 
scalable apps today - Try it now ColdFusion Today
ColdFusion 8 beta - Build next generation apps

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286027
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: securing jsessionid

[Phil Wilson]

What is TLS? Sorry for my ignorance. A quick google on it suggested it is to do 
with SSL, which i have setup for this app. My thinking has been that with SSL 
in place the transfer of the value from server to browser and back should be 
protected, but when viewing the jsessionid cookie from the browser i can still 
see the unencrypted jessionid value, and then be able to take advantage of it. 
I guess that means a hacker would need to have physical access to the pc of the 
session they wanted to access (?) but it's still a hole i'd like to close if I 
can. If not, would it be more secure to not use J2EE Session Management and 
follow wat Ben blogged in the link i left before? Have i mis/understood what 
you mean?  Thanks for your quick response.

> Phil Wilson wrote:
> > Hi I'm trying to figure out how I can encrypt or hide the jsessionid 
> value because as it stands with firefox and the webdeveloper add on, 
> it can be found in a number of seconds and then exploited by some man 
> in the middle hacker.
> 
> You should encrypt it with TLS.
> 
Jochem 

~|
Enterprise web applications, build robust, secure 
scalable apps today - Try it now ColdFusion Today
ColdFusion 8 beta - Build next generation apps

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286026
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: securing jsessionid

[Brian Kotek]

Have you turned off "Use J2EE session variables" in the administrator?

On 8/11/07, Phil Wilson <[EMAIL PROTECTED]> wrote:
>
> Hi I'm trying to figure out how I can encrypt or hide the jsessionid value
> because as it stands with firefox and the webdeveloper add on, it can be
> found in a number of seconds and then exploited by some man in the middle
> hacker.  Iv turned off clientmanagement/clientcookies, but it is still
> showing up in the browser.  Iv googled for hours and tried a bunch of stuff,
> mainly centering around tweaking Ben's solution to this issue for
> CFID/CFToken:
> http://www.bennadel.com/blog/785-Ask-Ben-Hiding-Encrypting-ColdFusion-CFID-And-CFTOKEN-Values.htm
>   I
> just can't get to the bottom of this, any help or advice would really be
> appreciated.
>
> 

~|
Download the latest ColdFusion 8 utilities including Report Builder,
plug-ins for Eclipse and Dreamweaver updates.
http;//www.adobe.com/cfusion/entitlement/index.cfm?e=labs%5adobecf8%5Fbeta

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286025
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: securing jsessionid

[Jochem van Dieten]

Phil Wilson wrote:
> Hi I'm trying to figure out how I can encrypt or hide the jsessionid value 
> because as it stands with firefox and the webdeveloper add on, it can be 
> found in a number of seconds and then exploited by some man in the middle 
> hacker.

You should encrypt it with TLS.

Jochem

~|
Download the latest ColdFusion 8 utilities including Report Builder,
plug-ins for Eclipse and Dreamweaver updates.
http;//www.adobe.com/cfusion/entitlement/index.cfm?e=labs%5adobecf8%5Fbeta

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286024
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

securing jsessionid

[Phil Wilson]

Hi I'm trying to figure out how I can encrypt or hide the jsessionid value 
because as it stands with firefox and the webdeveloper add on, it can be found 
in a number of seconds and then exploited by some man in the middle hacker.  Iv 
turned off clientmanagement/clientcookies, but it is still showing up in the 
browser.  Iv googled for hours and tried a bunch of stuff, mainly centering 
around tweaking Ben's solution to this issue for CFID/CFToken: 
http://www.bennadel.com/blog/785-Ask-Ben-Hiding-Encrypting-ColdFusion-CFID-And-CFTOKEN-Values.htm
  I just can't get to the bottom of this, any help or advice would really be 
appreciated. 

~|
Download the latest ColdFusion 8 utilities including Report Builder,
plug-ins for Eclipse and Dreamweaver updates.
http;//www.adobe.com/cfusion/entitlement/index.cfm?e=labs%5adobecf8%5Fbeta

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286023
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: The first CF site on everyone's mind

[Bill Betournay]

Hey Will,

Your email has been bouncing and your domain expired back on the 7th.  :-(

Bill

-Original Message-
From: Will Tomlinson [mailto:[EMAIL PROTECTED] 
Sent: August 11, 2007 2:58 PM
To: CF-Talk
Subject: Re: The first CF site on everyone's mind

>Not I.. hate coffee
>

I'd likely shrivel up and die without my daily cups of starbucks. 

they need some 's on that site too... 



~|
ColdFusion is delivering applications solutions at at top companies 
around the world in government.  Find out how and where now
http://www.adobe.com/cfusion/showcase/index.cfm?event=finder&productID=1522&loc=en_us

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286022
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: The first CF site on everyone's mind

[Will Tomlinson]

>Not I.. hate coffee
>

I'd likely shrivel up and die without my daily cups of starbucks. 

they need some 's on that site too... 

~|
ColdFusion 8 - Build next generation apps
today, with easy PDF and Ajax features - download now
http://download.macromedia.com/pub/labs/coldfusion/cf8_beta_whatsnew_052907.pdf

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286021
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: The first CF site on everyone's mind

[Greg Morphis]

better error handling and the use of cfqueryparam.. Prime candidate
for SQL injection..

On 8/11/07, Greg Morphis <[EMAIL PROTECTED]> wrote:
> Not I.. hate coffee
>
> On 8/11/07, Will Tomlinson <[EMAIL PROTECTED]> wrote:
> > >So, hands up all those who do *not* have this excellent CF site as their
> > >homepage?
> > >   http://www.coffeereview.com/
> > >Shame on you!  What could be more perfect - CF and coffee?
> >
> > Shame on them. They need better error handling.   :)
> >
> > http://www.coffeereview.com/allreviews.cfm?search=aaa
> >
> >
> >
> > 

~|
Get the answers you are looking for on the ColdFusion Labs
Forum direct from active programmers and developers.
http://www.adobe.com/cfusion/webforums/forum/categories.cfm?forumid-72&catid=648

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286020
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: The first CF site on everyone's mind

[Greg Morphis]

Not I.. hate coffee

On 8/11/07, Will Tomlinson <[EMAIL PROTECTED]> wrote:
> >So, hands up all those who do *not* have this excellent CF site as their
> >homepage?
> >   http://www.coffeereview.com/
> >Shame on you!  What could be more perfect - CF and coffee?
>
> Shame on them. They need better error handling.   :)
>
> http://www.coffeereview.com/allreviews.cfm?search=aaa
>
>
>
> 

~|
Get involved in the latest ColdFusion discussions, product
development sharing, and articles on the Adobe Labs wiki.
http://labs/adobe.com/wiki/index.php/ColdFusion_8

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286019
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: The first CF site on everyone's mind

[Will Tomlinson]

>So, hands up all those who do *not* have this excellent CF site as their
>homepage?
>   http://www.coffeereview.com/
>Shame on you!  What could be more perfect - CF and coffee?

Shame on them. They need better error handling.   :)

http://www.coffeereview.com/allreviews.cfm?search=aaa



~|
Get involved in the latest ColdFusion discussions, product
development sharing, and articles on the Adobe Labs wiki.
http://labs/adobe.com/wiki/index.php/ColdFusion_8

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286018
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

RE: Is cfqueryparam worth it?

[Dave Watts]

> Lol-- Splitting hairs on technical verbiage are we?

Not at all.

> Call it what you want, but I prefer to see my database as a 
> sort of "server-superhero" who's spider sense tingles when I 
> make more than "6 modifications to a temporary table" inside 
> my stored procs.

You can prefer to see your database however you like. I (and Microsoft) have
described how it actually is. The point of my bringing this up earlier is
that there are plenty of cases where you might provide input values that are
not optimal for your current execution plan, but that the database will use
that execution plan nonetheless. Assuming that the database will simply take
care of it for you may provide suboptimal results.

> Hmm, all this talk of procs, prepared statements, and caching 
> reminds me of the debate over whether stored procs are better 
> than cfqeries using cfqueryparam.  My last DBA swore up and 
> down that stored procs would ALWAYS perform better than 
> ColdFusion's "inline queries".  
> I never really knew enough to debate definitively on the 
> subject with him, but always assumed there wasn't really much 
> of a difference.  Of course, there seems to be articles 
> supporting both points of view out there.

In general, no, that's not true. Prior to the existence of CFQUERYPARAM,
that would have been true much more often. Now, there's very little
difference between the performance of a stored procedure and a prepared
statement. However, you might choose to perform SQL operations in a stored
procedure that you wouldn't attempt in a passthrough statement, and the use
of those operations may provide significantly better performance. Also,
there are other reasons why you might choose to use stored procedures beside
performance.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/

Fig Leaf Software provides the highest caliber vendor-authorized
instruction at our training centers in Washington DC, Atlanta,
Chicago, Baltimore, Northern Virginia, or on-site at your location.
Visit http://training.figleaf.com/ for more information!


~|
ColdFusion is delivering applications solutions at at top companies 
around the world in government.  Find out how and where now
http://www.adobe.com/cfusion/showcase/index.cfm?event=finder&productID=1522&loc=en_us

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286017
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: tinyMCE templates

[James Holmes]

Did you add theme_advanced_buttons3_add : "template" or similar?

On 8/11/07, Jake Churchill <[EMAIL PROTECTED]> wrote:
> Anyone on this???  Anyone at all?  Sorry if this is off topic but I'm sure
> there are coldFusion people using various WYSIWYG editors.  Just hoping that
> someone uses tinyMCE.
>
> _
>
> Jake Churchill
> CF Webtools
> 11204 Davenport, Ste. 200b
> Omaha, NE  68154
> http://www.cfwebtools.com
> 402-408-3733 x103
>
>
> -Original Message-
> From: Jake Churchill [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 09, 2007 4:51 PM
> To: CF-Talk
> Subject: tinyMCE templates
>
> Has anyone done any work with tinyMCE and its template plugin?  I'm having a
> hard time getting this set up.  I have the init altered to provide the
> button and load the template files.  I've modified the default popup.htm to
> be popup.cfm and modified some content inside there.  Now, I'm wondering how
> to actually get an insert.  I've got a directory /tinymcetemplates where I
> will store all the templates.  So far I have one (listtemplate.cfm).  I've
> got this in my .init()
>
>
>
> template_templates : [
>
> {
>
> title : "List - Menu",
>
> src : "listtemplate.cfm?listclass=list",
>
> description : "Unordered List"
>
> }
>
> ]
>
>
>
> Here are the contents of listtemplate.cfm:
>
>
>
> 
>
>
>
> 
>
> 
>
> 
>
>   Item 1
>
>   Item 2
>
>   Item 3
>
> 
>
> 
>
> 
>
>
>
>
>
> How do I get that into my editor???
>
> _
>
> Jake Churchill
> CF Webtools
> 11204 Davenport, Ste. 200b
> Omaha, NE  68154
> HYPERLINK "http://www.cfwebtools.com"http://www.cfwebtools.com
> 402-408-3733 x103
>
>
>
>
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.476 / Virus Database: 269.11.10/943 - Release Date: 8/8/2007
> 5:38 PM
>
>
>
>
>
>
> 

~|
ColdFusion is delivering applications solutions at at top companies 
around the world in government.  Find out how and where now
http://www.adobe.com/cfusion/showcase/index.cfm?event=finder&productID=1522&loc=en_us

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286016
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

The first CF site on everyone's mind

[Damien McKenna]

So, hands up all those who do *not* have this excellent CF site as their
homepage?
http://www.coffeereview.com/
Shame on you!  What could be more perfect - CF and coffee?


Damien McKenna
Web Developer
The LIMU Company

~|
ColdFusion is delivering applications solutions at at top companies 
around the world in government.  Find out how and where now
http://www.adobe.com/cfusion/showcase/index.cfm?event=finder&productID=1522&loc=en_us

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286015
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: CF8 / CFGRID / HREFKEY

[Charles Sheehan-Miles]

That's the route I ended up taking, which is why I was asking about
selectonload.  Turns out you were right -- a little embarrassing, but it
turns out my local machine did have a beta version.  I updated this morning
and it works fine.


On 8/11/07 12:41 AM, "Brian Kotek" <[EMAIL PROTECTED]> wrote:

> I would just bind the grid to a JavaScript function using the cfajaxproxy.
> That JavaScript can trigger anything you want, including a page redirection.
> 
> On 8/9/07, Charles Sheehan-Miles <[EMAIL PROTECTED]> wrote:
>> 
>> All,
>> 
>> Just really getting started with CF8, so if this question is too basic,
>> such
>> is life.
>> 
>> I have a simple CFGRID.  I want to have one of the columns set that when a
>> user clicks on a particular record, it will open up a new page based on
>> that
>> key.  Can't seem to get it to work, I think I may just not understand the
>> syntax properly.  The grid populates just fine, but clicking on the link
>> does nothing.
>> 
>> 
>> 
>> > bind="cfc:com.remote.members.getMemberList
>> ({cfgridpage},{cfgridpagesize},{cf
>> gridsortcolumn},{cfgridsortdirection},#rscurrentweb.orgid#)">
>> > href="/admin/membermanage.cfm?page=modify&memberid=" hrefkey="MemberID">
>> 
>>   
>> 
>> 
>> --
>> Charles Sheehan-Miles | http://www.sheehanmiles.com
>> Author of Republic: A Novel of America's Future
>> 
>> Sparse, clean narrative... Pay attention to this new book... --
>> Pulitzer
>> Prize winning journalist John Hanchette, Niagara Falls Reporter
>> 
>> This novel ...may be prophetic...It will disturb you...It should. --
>> DailyKos
>> 
>> 
>> 
>> 
> 
> 

~|
Create robust enterprise, web RIAs.
Upgrade to ColdFusion 8 and integrate with Adobe Flex
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286014
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Is cfqueryparam worth it?

[Jochem van Dieten]

Porter, Benjamin L. wrote:
> 
> When you use cfqueryparam the statement that gets compiled uses
> sp_prepexec.

For which driver and which MS SQL Server version did you observe this?

Jochem

~|
Get involved in the latest ColdFusion discussions, product
development sharing, and articles on the Adobe Labs wiki.
http://labs/adobe.com/wiki/index.php/ColdFusion_8

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286013
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Is cfqueryparam worth it?

[Brad Wood]

Lol-- Splitting hairs on technical verbiage are we?  
Call it what you want, but I prefer to see my database as a sort of
"server-superhero" who's spider sense tingles when I make more than "6
modifications to a temporary table" inside my stored procs.

Hmm, all this talk of procs, prepared statements, and caching reminds me
of the debate over whether stored procs are better than cfqeries using
cfqueryparam.  My last DBA swore up and down that stored procs would
ALWAYS perform better than ColdFusion's "inline queries".  
I never really knew enough to debate definitively on the subject with
him, but always assumed there wasn't really much of a difference.  Of
course, there seems to be articles supporting both points of view out
there.

~Brad

-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED] 
Sent: Friday, August 10, 2007 8:33 PM
To: CF-Talk
Subject: RE: Is cfqueryparam worth it?

> Given that the DB is likely to recompile the code if it 
> senses that the current plan may not be optimal I assumed you 
> were pointing out that there would be overhead in the 
> generation of the new plan.

There are a set of specific things that will cause the database to
recompile
the plan. It's not really a matter of "sensing that the current plan may
not
be optimal".

~|
Enterprise web applications, build robust, secure 
scalable apps today - Try it now ColdFusion Today
ColdFusion 8 beta - Build next generation apps

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286012
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4