date:20100115

RE: More Efficient (Faster) Method

2010-01-15 Thread Eric Nicholas Sweeney


Leigh - 

I believe it is when it is shipped TO you. (When the customer can expect it
to show up.)  It's based on the pricing/shipping matrix on FTD. (I need to
duplicate their structure)

http://www.ftd.com/delivery-charges/ 

They provide detailed charts of pricing and when Items can be expected based
on what day (and time of day) you order it. I am slightly simplifying mine
by eliminating the "Time of Day" - and assuming all orders are placed AFTER
2pm... (Because I know they will be)

So "NextDay" Fee is determined by a few things:
 - What Day are you ordering on
 - How Expensive is the item you are buying

Saturdays are a fixed rate of 35.99
Others are variable based on the price of the item.


-Original Message-
From: Leigh [mailto:cfsearch...@yahoo.com] 
Sent: Friday, January 15, 2010 7:53 PM
To: cf-talk
Subject: Re: More Efficient (Faster) Method


> 
> 
>#qryGetShipCosts.NextDay#

What are the prices relative to: when the item is shipped by you, or when it
is delivered?




  



~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329724
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: More Efficient (Faster) Method

2010-01-15 Thread Eric Nicholas Sweeney


You are absolutely right Qing - a little sloppy of me in the coding. Fixed
now. Thanks!

As for the UDF - I am not sure that works - as I need Saturday as an
option... 

Are there any thoughts on the cfifs and loops?  Is that the "best" way to
handle this?  I may have to run this as a UDF several times on a  page - and
I Was just wondering about performance.

I am trying to learn how to make things go "faster" - or more streamlined...
And this seems like the perfect case - but I don't know what else to do... 

- Nick



~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329723
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Recent SQL Injection attacks

2010-01-15 Thread Al Musella, DPM

What I do is similar..  IF I detect a sql injection, I also add the 
ip address of the user to my banned IP list. I ban them for a week.. 
this way if they manage to find a page that isn't protected, they 
can't do any damage.  I use a server variable to hold the list of 
banned IP addresses, so I can share the list among the few websites I host.
  Then whenever anyone requests a page, I check if their ip is on the 
banned list, if so, I just log it and display an error page saying 
the website is down for maintenance and return soon.

At 06:02 PM 1/15/2010, Chung Chow wrote:

>On the SQL injection subject, here's something I add in all my projects.
>I usually use this snippet of code to intercept at the top level. It
>helps.
>
>
> 
> if ( isdefined("cgi.query_string") and (
>findnocase("DECLARE",cgi.query_string) or
>findnocase("CAST(",cgi.query_string) or
>findnocase("EXEC(",cgi.query_string) or
>findnocase("EXEC%",cgi.query_string)or len(cgi.query_string) gte 700
>) ) return true;
> else return false;
> 
>
>
> > -Original Message-
> > From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
> > Sent: Friday, January 15, 2010 2:44 PM
> > To: cf-talk
> > Subject: RE: Recent SQL Injection attacks
> >
> >
> > For coldfusion, I use Fusionreactor..  I look at the request history,
> > and you see the templates that were recently called with the  url
> > parameters..   when an attack is in progress, you see a lot of them
> > with big url parameters. Easy to see at a glance.  Best part is then
> > you can view the sql queries that ran  and how many rows were
> > affected!I can verify that they don't get through to the real
> > database - just the query logging the attempt in my HACK database!
>
>

~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329719
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Recent SQL Injection attacks

2010-01-15 Thread Al Musella, DPM

What I do is similar..  IF I detect a sql injection, I also add the 
ip address of the user to my banned IP list. I ban them for a week.. 
this way if they manage to find a page that isn't protected, they 
can't do any damage.  I use a server variable to hold the list of 
banned IP addresses, so I can share the list among the few websites I host.
  Then whenever anyone requests a page, I check if their ip is on the 
banned list, if so, I just log it and display an error page saying 
the website is down for maintenance and return soon.

At 06:02 PM 1/15/2010, Chung Chow wrote:

>On the SQL injection subject, here's something I add in all my projects.
>I usually use this snippet of code to intercept at the top level. It
>helps.
>
>
> 
> if ( isdefined("cgi.query_string") and (
>findnocase("DECLARE",cgi.query_string) or
>findnocase("CAST(",cgi.query_string) or
>findnocase("EXEC(",cgi.query_string) or
>findnocase("EXEC%",cgi.query_string)or len(cgi.query_string) gte 700
>) ) return true;
> else return false;
> 
>
>
> > -Original Message-
> > From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
> > Sent: Friday, January 15, 2010 2:44 PM
> > To: cf-talk
> > Subject: RE: Recent SQL Injection attacks
> >
> >
> > For coldfusion, I use Fusionreactor..  I look at the request history,
> > and you see the templates that were recently called with the  url
> > parameters..   when an attack is in progress, you see a lot of them
> > with big url parameters. Easy to see at a glance.  Best part is then
> > you can view the sql queries that ran  and how many rows were
> > affected!I can verify that they don't get through to the real
> > database - just the query logging the attempt in my HACK database!
>
>

~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329718
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Recent SQL Injection attacks

2010-01-15 Thread Al Musella, DPM

What I do is similar..  IF I detect a sql injection, I also add the 
ip address of the user to my banned IP list. I ban them for a week.. 
this way if they manage to find a page that isn't protected, they 
can't do any damage.  I use a server variable to hold the list of 
banned IP addresses, so I can share the list among the few websites I host.
  Then whenever anyone requests a page, I check if their ip is on the 
banned list, if so, I just log it and display an error page saying 
the website is down for maintenance and return soon.

At 06:02 PM 1/15/2010, Chung Chow wrote:

>On the SQL injection subject, here's something I add in all my projects.
>I usually use this snippet of code to intercept at the top level. It
>helps.
>
>
> 
> if ( isdefined("cgi.query_string") and (
>findnocase("DECLARE",cgi.query_string) or
>findnocase("CAST(",cgi.query_string) or
>findnocase("EXEC(",cgi.query_string) or
>findnocase("EXEC%",cgi.query_string)or len(cgi.query_string) gte 700
>) ) return true;
> else return false;
> 
>
>
> > -Original Message-
> > From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
> > Sent: Friday, January 15, 2010 2:44 PM
> > To: cf-talk
> > Subject: RE: Recent SQL Injection attacks
> >
> >
> > For coldfusion, I use Fusionreactor..  I look at the request history,
> > and you see the templates that were recently called with the  url
> > parameters..   when an attack is in progress, you see a lot of them
> > with big url parameters. Easy to see at a glance.  Best part is then
> > you can view the sql queries that ran  and how many rows were
> > affected!I can verify that they don't get through to the real
> > database - just the query logging the attempt in my HACK database!
>
>

~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329716
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Recent SQL Injection attacks

2010-01-15 Thread Al Musella, DPM

What I do is similar..  IF I detect a sql injection, I also add the 
ip address of the user to my banned IP list. I ban them for a week.. 
this way if they manage to find a page that isn't protected, they 
can't do any damage.  I use a server variable to hold the list of 
banned IP addresses, so I can share the list among the few websites I host.
  Then whenever anyone requests a page, I check if their ip is on the 
banned list, if so, I just log it and display an error page saying 
the website is down for maintenance and return soon.

At 06:02 PM 1/15/2010, Chung Chow wrote:

>On the SQL injection subject, here's something I add in all my projects.
>I usually use this snippet of code to intercept at the top level. It
>helps.
>
>
> 
> if ( isdefined("cgi.query_string") and (
>findnocase("DECLARE",cgi.query_string) or
>findnocase("CAST(",cgi.query_string) or
>findnocase("EXEC(",cgi.query_string) or
>findnocase("EXEC%",cgi.query_string)or len(cgi.query_string) gte 700
>) ) return true;
> else return false;
> 
>
>
> > -Original Message-
> > From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
> > Sent: Friday, January 15, 2010 2:44 PM
> > To: cf-talk
> > Subject: RE: Recent SQL Injection attacks
> >
> >
> > For coldfusion, I use Fusionreactor..  I look at the request history,
> > and you see the templates that were recently called with the  url
> > parameters..   when an attack is in progress, you see a lot of them
> > with big url parameters. Easy to see at a glance.  Best part is then
> > you can view the sql queries that ran  and how many rows were
> > affected!I can verify that they don't get through to the real
> > database - just the query logging the attempt in my HACK database!
>
>

~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329722
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

RE: Recent SQL Injection attacks

2010-01-15 Thread Al Musella, DPM

What I do is similar..  IF I detect a sql injection, I also add the 
ip address of the user to my banned IP list. I ban them for a week.. 
this way if they manage to find a page that isn't protected, they 
can't do any damage.  I use a server variable to hold the list of 
banned IP addresses, so I can share the list among the few websites I host.
  Then whenever anyone requests a page, I check if their ip is on the 
banned list, if so, I just log it and display an error page saying 
the website is down for maintenance and return soon.

At 06:02 PM 1/15/2010, Chung Chow wrote:

>On the SQL injection subject, here's something I add in all my projects.
>I usually use this snippet of code to intercept at the top level. It
>helps.
>
>
> 
> if ( isdefined("cgi.query_string") and (
>findnocase("DECLARE",cgi.query_string) or
>findnocase("CAST(",cgi.query_string) or
>findnocase("EXEC(",cgi.query_string) or
>findnocase("EXEC%",cgi.query_string)or len(cgi.query_string) gte 700
>) ) return true;
> else return false;
> 
>
>
> > -Original Message-
> > From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
> > Sent: Friday, January 15, 2010 2:44 PM
> > To: cf-talk
> > Subject: RE: Recent SQL Injection attacks
> >
> >
> > For coldfusion, I use Fusionreactor..  I look at the request history,
> > and you see the templates that were recently called with the  url
> > parameters..   when an attack is in progress, you see a lot of them
> > with big url parameters. Easy to see at a glance.  Best part is then
> > you can view the sql queries that ran  and how many rows were
> > affected!I can verify that they don't get through to the real
> > database - just the query logging the attempt in my HACK database!
>
>

~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329717
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

RE: Recent SQL Injection attacks

2010-01-15 Thread Al Musella, DPM

What I do is similar..  IF I detect a sql injection, I also add the 
ip address of the user to my banned IP list. I ban them for a week.. 
this way if they manage to find a page that isn't protected, they 
can't do any damage.  I use a server variable to hold the list of 
banned IP addresses, so I can share the list among the few websites I host.
  Then whenever anyone requests a page, I check if their ip is on the 
banned list, if so, I just log it and display an error page saying 
the website is down for maintenance and return soon.

At 06:02 PM 1/15/2010, Chung Chow wrote:

>On the SQL injection subject, here's something I add in all my projects.
>I usually use this snippet of code to intercept at the top level. It
>helps.
>
>
> 
> if ( isdefined("cgi.query_string") and (
>findnocase("DECLARE",cgi.query_string) or
>findnocase("CAST(",cgi.query_string) or
>findnocase("EXEC(",cgi.query_string) or
>findnocase("EXEC%",cgi.query_string)or len(cgi.query_string) gte 700
>) ) return true;
> else return false;
> 
>
>
> > -Original Message-
> > From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
> > Sent: Friday, January 15, 2010 2:44 PM
> > To: cf-talk
> > Subject: RE: Recent SQL Injection attacks
> >
> >
> > For coldfusion, I use Fusionreactor..  I look at the request history,
> > and you see the templates that were recently called with the  url
> > parameters..   when an attack is in progress, you see a lot of them
> > with big url parameters. Easy to see at a glance.  Best part is then
> > you can view the sql queries that ran  and how many rows were
> > affected!I can verify that they don't get through to the real
> > database - just the query logging the attempt in my HACK database!
>
>

~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329721
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Recent SQL Injection attacks

2010-01-15 Thread Al Musella, DPM

What I do is similar..  IF I detect a sql injection, I also add the 
ip address of the user to my banned IP list. I ban them for a week.. 
this way if they manage to find a page that isn't protected, they 
can't do any damage.  I use a server variable to hold the list of 
banned IP addresses, so I can share the list among the few websites I host.
  Then whenever anyone requests a page, I check if their ip is on the 
banned list, if so, I just log it and display an error page saying 
the website is down for maintenance and return soon.

At 06:02 PM 1/15/2010, Chung Chow wrote:

>On the SQL injection subject, here's something I add in all my projects.
>I usually use this snippet of code to intercept at the top level. It
>helps.
>
>
> 
> if ( isdefined("cgi.query_string") and (
>findnocase("DECLARE",cgi.query_string) or
>findnocase("CAST(",cgi.query_string) or
>findnocase("EXEC(",cgi.query_string) or
>findnocase("EXEC%",cgi.query_string)or len(cgi.query_string) gte 700
>) ) return true;
> else return false;
> 
>
>
> > -Original Message-
> > From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
> > Sent: Friday, January 15, 2010 2:44 PM
> > To: cf-talk
> > Subject: RE: Recent SQL Injection attacks
> >
> >
> > For coldfusion, I use Fusionreactor..  I look at the request history,
> > and you see the templates that were recently called with the  url
> > parameters..   when an attack is in progress, you see a lot of them
> > with big url parameters. Easy to see at a glance.  Best part is then
> > you can view the sql queries that ran  and how many rows were
> > affected!I can verify that they don't get through to the real
> > database - just the query logging the attempt in my HACK database!
>
>

~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329720
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: CFFILE move is copying

2010-01-15 Thread brad


Hmm, I've used that form many times and never had any problems.  If
you're on CF9, you can try the public bug tracker:
http://cfbugs.adobe.com/cfbugreport/flexbugui/cfbugtracker/main.html

If you really are having troubles submitting a bug via the go/wish form,
your best bet might be to try and ping Ben Forta or Adam Lehman.

~Brad


 Original Message 
Subject: Re: CFFILE move is copying
From: Scott Brady 
Date: Fri, January 15, 2010 7:36 pm
To: cf-talk 


Well, I tried to, but every time I submit the form (using FireFox on
Mac OS X), it says I haven't filled out forms I most certainly have
filled out (e-mail address, etc.).

Anyone know how to submit a bug report for their bug report form? :)



~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329715
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: More Efficient (Faster) Method

2010-01-15 Thread Leigh


> 
> 
>#qryGetShipCosts.NextDay#

What are the prices relative to: when the item is shipped by you, or when it is 
delivered?




  

~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329714
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: CFFILE move is copying

2010-01-15 Thread Scott Brady

Well, I tried to, but every time I submit the form (using FireFox on
Mac OS X), it says I haven't filled out forms I most certainly have
filled out (e-mail address, etc.).

Anyone know how to submit a bug report for their bug report form?  :)

On Fri, Jan 15, 2010 at 1:38 PM,   wrote:
>
> Either way, you should write up all the details and some sample code and
> submit it to Adobe.
>
> http://www.adobe.com/go/wish
>
> ~Brad
>
>  Original Message 
> Subject: Re: CFFILE move is copying
> From: Scott Brady 
> Date: Fri, January 15, 2010 5:18 am
> To: cf-talk 
>
>
> Actually, I found a way around it. I'm using the underlying Java file
> reader (which is what I assume  uses) that also
> includes a "close()" method that fixes it. I would think 
> would do that automatically once you exit the loop (whether upon the
> end of the file or prematurely), but maybe there are times you
> wouldn't want it to.
>
> Scott
>
>
>
>
> 

~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329713
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

RE: Recent SQL Injection attacks

2010-01-15 Thread Chung Chow


On the SQL injection subject, here's something I add in all my projects.
I usually use this snippet of code to intercept at the top level. It
helps. 



if ( isdefined("cgi.query_string") and (
findnocase("DECLARE",cgi.query_string) or
findnocase("CAST(",cgi.query_string) or
findnocase("EXEC(",cgi.query_string) or
findnocase("EXEC%",cgi.query_string)or len(cgi.query_string) gte 700
) ) return true;
else return false;



> -Original Message-
> From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
> Sent: Friday, January 15, 2010 2:44 PM
> To: cf-talk
> Subject: RE: Recent SQL Injection attacks
> 
> 
> For coldfusion, I use Fusionreactor..  I look at the request history,
> and you see the templates that were recently called with the  url
> parameters..   when an attack is in progress, you see a lot of them
> with big url parameters. Easy to see at a glance.  Best part is then
> you can view the sql queries that ran  and how many rows were
> affected!I can verify that they don't get through to the real
> database - just the query logging the attempt in my HACK database!

~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329712
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: More Efficient (Faster) Method

2010-01-15 Thread Qing Xia

Check out this UDF: http://www.cflib.org/udf/BusinessDaysAdd

Also, if I may venture to suggest:

   1. You don't need sharp signs inside ColdFusion tags
   2. It would be nice to use cfqueryparam to pass in those variables to
   your query--faster and more secure.

Happy Friday! [?]

On Fri, Jan 15, 2010 at 5:21 PM, Nick Sweeney wrote:

>
> Hey everyone - I was wondering if anyone could suggest a "better" method of
> doing this.
>
> Essentially I am creating a dropdown list of Shipping Prices - based on the
> day they are making the purchase. (Customer defined "Next Day Shipping"
> prices - not UPS)
>
> It's Working - but I wonder if there is a more efficient way of doing the
> same thing... Not so many loops or cfif's...
>
> Thoughts? Ideas?  Thanks! - Nick
>
> Live Example here: http://cf.bigfatdesigns.com/cart/ShipCostTest.cfm
>
> Code:
> 
> 
>
> 
> 
>
>
> 
>  username="#Application.username#" password="#Application.password#">
> SELECT SCostID, MinItemPrice, MaxItemPrice, Standard, TwoDay, NextDay,
> Saturday
> FROM ShipCostChart
> WHERE MinItemPrice < #ThisItemPrice#
> AND MaxItemPrice > #ThisItemPrice#
> 
>
> 
> 
> 
>
> 
> 
>
> 
> 
>
> 
> 
>
> 
> 
>
> 
> 
>
> 
> 
>
> 
>
> START > TODAY > #DayOfWeekAsString(DayOfWeek(TodaysDate))#   #NewDay#
> 
> LIST will actually be a SELECT Drop Down
> 
> 
>
>
>#LSDateFormat(NewDay, 'mmm-dd-')# -
> #DayOfWeekAsString(DayOfWeek(NewDay))#
>
>
>
>
>#qryGetShipCosts.NextDay#
>
>
>#qryGetShipCosts.TwoDay#
>
>
>#qryGetShipCosts.Standard#
>
>#qryGetShipCosts.Saturday#
>
>
>
>
>
>
>
>
> 
> 
>
> 
>
> 

~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329711
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Recent SQL Injection attacks

2010-01-15 Thread Al Musella, DPM


For coldfusion, I use Fusionreactor..  I look at the request history, 
and you see the templates that were recently called with the  url 
parameters..   when an attack is in progress, you see a lot of them 
with big url parameters. Easy to see at a glance.  Best part is then 
you can view the sql queries that ran  and how many rows were 
affected!I can verify that they don't get through to the real 
database - just the query logging the attempt in my HACK database!
   I wouldn't run a cold fusion server without a tool like fusion 
reactor.   I created my website with coldfusion 2.0, and a lot of the 
pages haven't been updated (except for sql injection proofing) since 
then.and I learned a lot since then..  fusion reactor gives me the 
list of slow running pages, and I try to improve at least one of them 
every day. I made the entire site much faster, and concentrated on 
the most frequently used pages.  Before fusionreactor, I had no idea 
which pages were the slowest, and what was being looked at right now 
and by whom, and how the querries were doing - timewise and memory wise.


For the forms,   my website deals with some mentally challenged 
people and really important stuff.. so I try to make it easy for 
them.   I log all attempts to login.  I get an alert if someone fails 
more than twice.  I get a screen with the username they are trying, 
the passwords they tried, the real password, name , location (so I 
know the time zone) & phone number - as well as a way to unlock it ( 
it gets locked after 3 unsuccessful attempts).  I can tell if it is a 
real person struggling or if it is someone trying to break in.  If 
they are trying to break in, I add their ip address to our list of 
banned ip addresses.  If it is a real person, and the local time is 
reasonable, I call them and help them get in. I am planning on adding 
chat capability soon.

  I usually turn off ftp on my server, except when I need someone to 
upload a large file like an mri. I had it on recently and noticed the 
log file was way too big (it is usually 1-2k, and now it was like 
100k).. so I looked through it and saw someone was alternating 
between trying administrator and webmaster as the user names, and 
many password.  Never got in. I don't have an administrator or 
webmaster account allowed for ftp access:)




At 04:11 PM 1/13/2010, you wrote:
>How do you guys monitor these attacks?  The webserver logs?



~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329710
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

More Efficient (Faster) Method

2010-01-15 Thread Nick Sweeney


Hey everyone - I was wondering if anyone could suggest a "better" method of 
doing this.

Essentially I am creating a dropdown list of Shipping Prices - based on the day 
they are making the purchase. (Customer defined "Next Day Shipping" prices - 
not UPS)

It's Working - but I wonder if there is a more efficient way of doing the same 
thing... Not so many loops or cfif's...  

Thoughts? Ideas?  Thanks! - Nick

Live Example here: http://cf.bigfatdesigns.com/cart/ShipCostTest.cfm 

Code:









SELECT SCostID, MinItemPrice, MaxItemPrice, Standard, TwoDay, NextDay, Saturday
FROM ShipCostChart 
WHERE MinItemPrice < #ThisItemPrice#
AND MaxItemPrice > #ThisItemPrice#


























START > TODAY > #DayOfWeekAsString(DayOfWeek(TodaysDate))#   #NewDay# 
LIST will actually be a SELECT Drop Down




#LSDateFormat(NewDay, 'mmm-dd-')# - 
#DayOfWeekAsString(DayOfWeek(NewDay))#  




#qryGetShipCosts.NextDay#


#qryGetShipCosts.TwoDay#


#qryGetShipCosts.Standard#

#qryGetShipCosts.Saturday#





   

 



 

~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329709
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: CFFILE move is copying

2010-01-15 Thread brad


Either way, you should write up all the details and some sample code and
submit it to Adobe.  

http://www.adobe.com/go/wish

~Brad

 Original Message 
Subject: Re: CFFILE move is copying
From: Scott Brady 
Date: Fri, January 15, 2010 5:18 am
To: cf-talk 


Actually, I found a way around it. I'm using the underlying Java file
reader (which is what I assume  uses) that also
includes a "close()" method that fixes it. I would think 
would do that automatically once you exit the loop (whether upon the
end of the file or prematurely), but maybe there are times you
wouldn't want it to.

Scott




~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329708
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Login protection and verification

2010-01-15 Thread Justin Scott


> I want to protect my site login.  I first want to lock users
> out after so many failed login attempts.  Lock them out for
> a specified amount of time.

The way I usually approach this is to use a logging table.  Each time a
login is attempted it gets put into a table with the username, a timestamp,
their IP, and the failure reason.  Before each login is tried, I pull a
count of the login attempts from the table within the last X minutes.  If
the count is over some threshold (usually 3 or 5) then I fail the login
immediately the return an error.  Once X minutes passes, the query would no
longer return a count over the threshold and the account can be used again.
Simple way to do auto-lockout without having to rely on scheduled processes
at all.  Alternatively, you can have the lockout routine set a bit on the
account to permanently lock it out as well if desired.


-Justin



~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329707
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: CF5 download

2010-01-15 Thread Dave Watts


> Maybe Halliwells should enter the 'comedy causer of the year' instead :-)
>
> --
> Helping to enthusiastically iterate sticky visionary infomediaries as part of
> the IT team of the year, '09 and '08

I don't know, today's sounds more like a porn vendor, with the "sticky
visionary infomediaries".

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our training centers, online, or onsite.

~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329706
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: CF5 download

2010-01-15 Thread Tom Chiverton


Maybe Halliwells should enter the 'comedy causer of the year' instead :-)

-- 
Helping to enthusiastically iterate sticky visionary infomediaries as part of 
the IT team of the year, '09 and '08



This email is sent for and on behalf of Halliwells LLP.

Halliwells LLP is a limited liability partnership registered in England and 
Wales under registered number OC307980 whose registered office address is at 
Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB.  A list 
of members is available for inspection at the registered office together with a 
list of those non members who are referred to as partners.  We use the word 
partner to refer to a member of the LLP, or an employee or consultant with 
equivalent standing and qualifications. Regulated by the Solicitors Regulation 
Authority.

CONFIDENTIALITY

This email is intended only for the use of the addressee named above and may be 
confidential or legally privileged.  If you are not the addressee you must not 
read it and must not use any information contained in nor copy it nor inform 
any person other than Halliwells LLP or the addressee of its existence or 
contents.  If you have received this email in error please delete it and notify 
Halliwells LLP IT Department on 0870 365 2500.

For more information about Halliwells LLP visit www.halliwells.co

~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329705
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: CFFILE move is copying

2010-01-15 Thread Scott Brady


Actually, I found a way around it.  I'm using the underlying Java file
reader (which is what I assume  uses) that also
includes a "close()" method that fixes it.  I would think 
would do that automatically once you exit the loop (whether upon the
end of the file or prematurely), but maybe there are times you
wouldn't want it to.

Scott



-- 
-
Scott Brady
http://www.scottbrady.net/

~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329704
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

RE: More Efficient (Faster) Method

RE: More Efficient (Faster) Method

RE: Recent SQL Injection attacks

RE: Recent SQL Injection attacks

RE: Recent SQL Injection attacks

RE: Recent SQL Injection attacks

RE: Recent SQL Injection attacks

RE: Recent SQL Injection attacks

RE: Recent SQL Injection attacks

RE: CFFILE move is copying

Re: More Efficient (Faster) Method

Re: CFFILE move is copying

RE: Recent SQL Injection attacks

Re: More Efficient (Faster) Method

RE: Recent SQL Injection attacks

More Efficient (Faster) Method

RE: CFFILE move is copying

RE: Login protection and verification

Re: CF5 download

Re: CF5 download

Re: CFFILE move is copying

21 matches

Site Navigation

Mail list logo

Footer information