Re: Santizing User Input

[Andrew Scott]

The AntiSamy project is maybe the best way to sanitize any user input out
there.


-- 
Regards,
Andrew Scott
WebSite: http://www.andyscott.id.au/
Google+: http://plus.google.com/108193156965451149543




On Thu, Feb 2, 2012 at 8:33 AM, douglas cohn  wrote:

>
> I recently received a notice that my PCI security scan failed.
>
> One further review it seems we have a PDF that we use to show some of our
> products and the PDF was created from a POWERPOINT Presentation.
>
> It appears there is a single HTM page that caused the alert.  The company
> stated the following (see below).  What I am looking for is a way to
> control user input within CF.  I found an MS page that has a VB script but
> would prefer something in CF.
> http://msdn.microsoft.com/en-us/library/ms525361%28v=vs.90%29.aspx
>
> From the Security Company
>
> You will need to make sure all user input is being sanitized of all
> special characters. This may not be bringing up the alert, but because the
> special characters are not sanitized, it leaves open the possibility that a
> malicious attacker could get their scripts to execute.
>
> Thanks so much for any assistance
>
> Doug
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349738
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Santizing User Input

[Eric Roberts]

You can wrap any user input in xmlformat() to rid yourself of any special
characters.  I would use that around the function that sends the stuff to
your security software.

-Original Message-
From: Matt Quackenbush [mailto:quackfu...@gmail.com] 
Sent: Wednesday, February 01, 2012 3:46 PM
To: cf-talk
Subject: Re: Santizing User Input


That VB script just uses a regular expression (already written for you).
All you need to do is use it in conjunction with ColdFusion's built-in
`reFind()` or `reFindNoCase()` functions.

http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e08
11cbec22c24-7e9a.html
http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e08
11cbec22c24-7e99.html

So, something like so:

if ( reFind( "^[\w\.:\?&=/]*$" , myString ) ) {
// oops, they failed... handle appropriately }

HTH


On Wed, Feb 1, 2012 at 3:33 PM, douglas cohn  wrote:

>
> I recently received a notice that my PCI security scan failed.
>
> One further review it seems we have a PDF that we use to show some of 
> our products and the PDF was created from a POWERPOINT Presentation.
>
> It appears there is a single HTM page that caused the alert.  The 
> company stated the following (see below).  What I am looking for is a 
> way to control user input within CF.  I found an MS page that has a VB 
> script but would prefer something in CF.
> http://msdn.microsoft.com/en-us/library/ms525361%28v=vs.90%29.aspx
>
> From the Security Company
>
> You will need to make sure all user input is being sanitized of all 
> special characters. This may not be bringing up the alert, but because 
> the special characters are not sanitized, it leaves open the 
> possibility that a malicious attacker could get their scripts to execute.
>
> Thanks so much for any assistance
>
> Doug
>
> 



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349737
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Opinion: Abuse of session variables

[Mike Chabot]

In addition to AJAX (and Flex/Flash remoting calls) and framesets (and
iframes), issues with session variables can also occur if a user has
two separate browser tabs open, double clicks links or form submit
buttons (some users double click everything), rapidly and repeatedly
presses a submit button or the refresh button because a page is slow
to load, submits a form, then makes a quick change before the form
disappears from the screen, and submits again, requests a page but
presses the browser back button before the page loads, rapidly toggles
through multiple pages using a fast-loading navigation element
(possibly controlled by a URL variable), starts running a page that
takes so long to process that they hit the browser timeout before the
code finishes processing, so they run it again, and likely some other
scenarios.

-Mike Chabot

On Wed, Feb 1, 2012 at 7:37 PM, James Holmes  wrote:
>
> Race conditions in session variables can only occur when two requests from
> the same session execute concurrently. This is more likely with ajax
> requests or framesets. Since everyone uses ajax requests these days (even
> though no-one uses framesets any more), it is still an issue, as you say.
> --
> Shu Ha Ri: Agile and .NET blog
> http://www.bifrost.com.au/
>
>
> On 2 February 2012 05:53, Mike Chabot  wrote:
>
>>
>> Race conditions are what I am referring to and they are a problem,
>> even in CF9. Many developers either heard or read that the earlier
>> problems with session variables have been fixed and that they no
>> longer need to ever lock them, but this is not true.
>
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349736
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Escaping #

[Eric Roberts]

All forms are in the form scope...

It's always a good idea to scope your variables for security reasons.  It
ensures that you know exactly where the data is coming from and not
potentially from a misnamed variable that is higher up in the scope order of
precendence...

Eric

-Original Message-
From: Rob Voyle [mailto:robvo...@voyle.com] 
Sent: Wednesday, February 01, 2012 12:03 PM
To: cf-talk
Subject: Re: Escaping #


Hi Dave

My forms up until this time have been very simple and I have never defined
or specified the scope or structure of variables.

Is there a syntax for the cfloop if no structure is defined or is that when
i would need to use evaluate?

Thanks

Rob  

On 1 Feb 2012 at 12:46, Dave Watts wrote:

> 
> > What you had suggested didn't work as I hadn't scoped the
> variables so I got a
> > not defined error message when I tried 
> > #variables["namefirst" & i]#
> 
> You can use whatever scope the variables are in, though:
> 
> #form["namefirst" & i]#
> 
> > I tried #["namefirst" & i]# but that didn't 
> > work.
> 
> Right. The brackets indicate membership in a structure, but you didn't 
> specify the structure
> 
> structure[key]
> 
> Variable scopes are exposed as structures.
> 
> Dave Watts, CTO, Fig Leaf Software
> http://www.figleaf.com/
> http://training.figleaf.com/
> 
> Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA 
> Schedule, and provides the highest caliber vendor-authorized 
> instruction at our training centers, online, or onsite.
> 
> 
> ~|
> Order the Adobe Coldfusion Anthology now!
> http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=
> houseoffusion
> Archive:
> http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:34
> 9719
> Subscription:
> http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
> Unsubscribe:
> http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
> 






~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349735
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Crossed Accounts Issue

[Eric Roberts]

Best thing to do is to cflock the db action so that you can get a unique
record.  If the call to the cfc is what hands the entirety of the user
authentication...put a lock around that call so that no other users are
taking action until the first is done.

-Original Message-
From: Eric Williams [mailto:e99...@gmail.com] 
Sent: Wednesday, February 01, 2012 9:44 AM
To: cf-talk
Subject: Re: Crossed Accounts Issue


> > I have an issue that I am hoping one of you can help me out with. 
>  The issue is caused when more than one user logs in
> > with a few tenths of a second of each other.  This happens maybe
> once every few weeks on a high volume application.
> > The problem is with user information getting mixed up when
> authenticating.
> >
> > As you can see from the code below the authenticate component is
> called right before setting the session username.
> > The authenticate component does all the basic checks and returns the
> user info.  In these rare instances the
> > session.RetAuth.username and all the info returned from the
> component are for another user that is logging in at the same
> > time.
> >
> > 
> >        if(NOT IsDefined("APPLICATION.oUser")){
> >                APPLICATION.oUser=CreateObject("component",
> "#APPLICATION.G.CFC_PATH#User");
> >        }
> >        APPLICATION.oUser.DSN=this.DSN;
> >        
> >         Login,form.Password)>
> >        
> 
> This is a race condition issue. You can solve it by implementing 
> locking, either around this code or perhaps within your component.
> 
> Dave Watts, CTO, Fig Leaf Software
> http://www.figleaf.com/
> http://training.figleaf.com/
> 
> Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA 
> Schedule, and provides the highest caliber vendor-authorized 
> instruction at our

Dave,

I already have a lock in the component, I create a unique uuid on each
request for the lock.  Did not solve the problem.  Might try a lock around
the entire login code.



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349734
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Opinion: Abuse of session variables

[James Holmes]

Race conditions in session variables can only occur when two requests from
the same session execute concurrently. This is more likely with ajax
requests or framesets. Since everyone uses ajax requests these days (even
though no-one uses framesets any more), it is still an issue, as you say.
--
Shu Ha Ri: Agile and .NET blog
http://www.bifrost.com.au/


On 2 February 2012 05:53, Mike Chabot  wrote:

>
> Race conditions are what I am referring to and they are a problem,
> even in CF9. Many developers either heard or read that the earlier
> problems with session variables have been fixed and that they no
> longer need to ever lock them, but this is not true.


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349733
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Working with an API - help

[Gerald Guido]

>>the cf syntax isn't much different.

+1

Here is an example of some of the syntax. The code is really similar so if
you have examples in VB,C# etc you can pretty much harvest it and tweak it
to work with CFScript.


oMailbox.Postoffice = domainname;
oMailbox.Mailbox = mailname ;
oMailbox.Limit = -1;
oMailbox.RedirectAddress = "";
oMailbox.RedirectStatus = "0";
oMailbox.Status = "1";
MailboxResult = oMailbox.AddMailbox();

oAUTHLogin.Account = domainname;
oAUTHLogin.Description = "";
oAUTHLogin.Password = mailpass;
oAUTHLogin.Rights = "USER";
oAUTHLogin.Status = 1 ;
oAUTHLogin.UserName = UserName;
LoginResult = oAUTHLogin.AddLogin();

oAddressMap.Account = domainname;
oAddressMap.DestinationAddress = "[SF:" & domainname & "/" & mailname & "]";
oAddressMap.Scope = "";
oAddressMap.SourceAddress = sTemp;
oAddressMapResult = oAddressMap.AddAddressMap();






On Wed, Feb 1, 2012 at 6:18 PM, Russ Michaels  wrote:

>
> the cf syntax isn't much different.
>
> 
>
> http://cfquickdocs.com/cf9/#createobject.comobject
>
> then you just call the methods of  objUserProfile
>
> 
>
>
>
>
> On Wed, Feb 1, 2012 at 11:04 PM, jack Lemay  >wrote:
>
> >
> > Hey everyone,
> >
> > I've been asked to work on a website that interacts with a database via
> an
> > API. I have the manual to the API and think I may be in over my head, but
> > would like to explore this a little more. Is it as Daunting as it looks?
> > The database is set up and the current old website (php) uses this API to
> > interact with the website, mostly letting customers update account info
> > from the website. I don't have access to the current website files.
> >
> > About the API:
> >
> > This ..." API is a COM+ application. It
> > provides a set of COM objects that can be manipulated by COM-
> > compliant development tools such as Visual Basic, Visual C++, Visual
> > C#, VSTA and so on. "
> >
> > The manual lists classes with input paramaters and return values like:
> >
> > "Example
> >
> > The following example shows how to create a new user profile once the
> > account has been validated:
> >
> > Dim objUserProfile as Object
> > Dim lRetCode as Integer
> > ‘
> > Set objUserProfile = CreateObject("API.cUserInfo")
> >
> > "
> >
> > I've been using CF for years, but don't know how to integrate with this.
> >
> > Any tips or suggestions on where to look for help on this? Or does this
> > require knowledge of a different language altogether?
> >
> >
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349732
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Working with an API - help

[Russ Michaels]

the cf syntax isn't much different.



http://cfquickdocs.com/cf9/#createobject.comobject

then you just call the methods of  objUserProfile






On Wed, Feb 1, 2012 at 11:04 PM, jack Lemay wrote:

>
> Hey everyone,
>
> I've been asked to work on a website that interacts with a database via an
> API. I have the manual to the API and think I may be in over my head, but
> would like to explore this a little more. Is it as Daunting as it looks?
> The database is set up and the current old website (php) uses this API to
> interact with the website, mostly letting customers update account info
> from the website. I don't have access to the current website files.
>
> About the API:
>
> This ..." API is a COM+ application. It
> provides a set of COM objects that can be manipulated by COM-
> compliant development tools such as Visual Basic, Visual C++, Visual
> C#, VSTA and so on. "
>
> The manual lists classes with input paramaters and return values like:
>
> "Example
>
> The following example shows how to create a new user profile once the
> account has been validated:
>
> Dim objUserProfile as Object
> Dim lRetCode as Integer
> ‘
> Set objUserProfile = CreateObject("API.cUserInfo")
>
> "
>
> I've been using CF for years, but don't know how to integrate with this.
>
> Any tips or suggestions on where to look for help on this? Or does this
> require knowledge of a different language altogether?
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349731
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Working with an API - help

[.jonah]

You're on the right path with using CreateObject().

First off, your server of course has to be Windows and can't be 64bit 
which doesn't have COM support.

Then you install and register the COM object on your server.

Once that's done, you instantiate it the way you're getting at:
API = createObject("com", "registeredComObjectNameHere");

then access the methods on it:
userProfile = API.cUserInfo();



On 2/1/12 3:04 PM, jack Lemay wrote:
> Hey everyone,
>
> I've been asked to work on a website that interacts with a database via an 
> API. I have the manual to the API and think I may be in over my head, but 
> would like to explore this a little more. Is it as Daunting as it looks? The 
> database is set up and the current old website (php) uses this API to 
> interact with the website, mostly letting customers update account info from 
> the website. I don't have access to the current website files.
>
> About the API:
>
> This ..." API is a COM+ application. It
> provides a set of COM objects that can be manipulated by COM-
> compliant development tools such as Visual Basic, Visual C++, Visual
> C#, VSTA and so on. "
>
> The manual lists classes with input paramaters and return values like:
>
> "Example
>
> The following example shows how to create a new user profile once the
> account has been validated:
>
> Dim objUserProfile as Object
> Dim lRetCode as Integer
> ‘
> Set objUserProfile = CreateObject("API.cUserInfo")
>
> "
>
> I've been using CF for years, but don't know how to integrate with this.
>
> Any tips or suggestions on where to look for help on this? Or does this 
> require knowledge of a different language altogether?
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349730
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Working with an API - help

[jack Lemay]

Hey everyone, 

I've been asked to work on a website that interacts with a database via an API. 
I have the manual to the API and think I may be in over my head, but would like 
to explore this a little more. Is it as Daunting as it looks? The database is 
set up and the current old website (php) uses this API to interact with the 
website, mostly letting customers update account info from the website. I don't 
have access to the current website files.

About the API:

This ..." API is a COM+ application. It 
provides a set of COM objects that can be manipulated by COM-
compliant development tools such as Visual Basic, Visual C++, Visual 
C#, VSTA and so on. "

The manual lists classes with input paramaters and return values like:

"Example 
 
The following example shows how to create a new user profile once the 
account has been validated: 
 
Dim objUserProfile as Object 
Dim lRetCode as Integer 
‘ 
Set objUserProfile = CreateObject("API.cUserInfo") 

"

I've been using CF for years, but don't know how to integrate with this. 

Any tips or suggestions on where to look for help on this? Or does this require 
knowledge of a different language altogether?

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349729
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Opinion: Abuse of session variables

[Mike Chabot]

Race conditions are what I am referring to and they are a problem,
even in CF9. Many developers either heard or read that the earlier
problems with session variables have been fixed and that they no
longer need to ever lock them, but this is not true. It is one of the
most common CF misconceptions, even among experienced CF programmers.
The problem generally only shows up on high-traffic data intensive
sites, but even with 1000 simultaneous users and 250 session variables
I would expect that the application will at some point have a
seemingly random and rare issue when updating large structures of
session variables or processing giant form submissions that could
ultimately be traced back to a race condition where competing code
execution process are accessing the same shared resource on different
threads. The cflock tag still exists, and it is usually not used as
frequently as it needs to be used, which is why I mentioned the
problem. The use of the cflock tag is not simply a matter of
preference. It solves an actual problem related to the multi-threaded
code accessing shared resources, such as session variables.

>From the CF9 manual:
"ColdFusion lets you lock access to sections of code to ensure that
ColdFusion does not attempt to run the code, or access the data that
it uses, simultaneously or in an unpredictable order. This locking
feature is important for ensuring the consistency of all shared data,
including data in external sources in addition to data in persistent
scopes."

I think many developers would prefer to ignore the issue because
locking isn't fun and race conditions are a challenging issue to
understand.

-Mike Chabot

On Wed, Feb 1, 2012 at 3:03 PM, Cameron Childress  wrote:
> This is largely false since the release of CF6. Race conditions being the
> primary exception.
>
> -Cameron

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349728
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Santizing User Input

[Matt Quackenbush]

That VB script just uses a regular expression (already written for you).
All you need to do is use it in conjunction with ColdFusion's built-in
`reFind()` or `reFindNoCase()` functions.

http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7e9a.html
http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7e99.html

So, something like so:

if ( reFind( "^[\w\.:\?&=/]*$" , myString ) )
{
// oops, they failed... handle appropriately
}

HTH


On Wed, Feb 1, 2012 at 3:33 PM, douglas cohn  wrote:

>
> I recently received a notice that my PCI security scan failed.
>
> One further review it seems we have a PDF that we use to show some of our
> products and the PDF was created from a POWERPOINT Presentation.
>
> It appears there is a single HTM page that caused the alert.  The company
> stated the following (see below).  What I am looking for is a way to
> control user input within CF.  I found an MS page that has a VB script but
> would prefer something in CF.
> http://msdn.microsoft.com/en-us/library/ms525361%28v=vs.90%29.aspx
>
> From the Security Company
>
> You will need to make sure all user input is being sanitized of all
> special characters. This may not be bringing up the alert, but because the
> special characters are not sanitized, it leaves open the possibility that a
> malicious attacker could get their scripts to execute.
>
> Thanks so much for any assistance
>
> Doug
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349727
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Santizing User Input

[douglas cohn]

I recently received a notice that my PCI security scan failed.

One further review it seems we have a PDF that we use to show some of our 
products and the PDF was created from a POWERPOINT Presentation. 

It appears there is a single HTM page that caused the alert.  The company 
stated the following (see below).  What I am looking for is a way to control 
user input within CF.  I found an MS page that has a VB script but would prefer 
something in CF.
http://msdn.microsoft.com/en-us/library/ms525361%28v=vs.90%29.aspx

>From the Security Company

You will need to make sure all user input is being sanitized of all special 
characters. This may not be bringing up the alert, but because the special 
characters are not sanitized, it leaves open the possibility that a malicious 
attacker could get their scripts to execute. 

Thanks so much for any assistance

Doug

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349726
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Opinion: Abuse of session variables

[Russ Michaels]

Fyi cf officially did away with need for manual locking some time ago. The
only sitation where you need to lock now is where you have potential race
conditions. Some folks still like to lock anyway though.

Regards
Russ Michaels
>From my mobile
On 1 Feb 2012 18:57, "Mike Chabot"  wrote:

>
> I would agree with what some others have written, in that an apparent
> over-use of session variables is not inherently bad, unless it is
> causing server instability or memory problems. Make sure the
> programmer is using session variables for a specific reason, and that
> he is aware of the issues that using session variables can cause. Out
> of all the faults one can find when examining a Web site, using too
> many session variables is fairly low on the priority list. 1000 users
> on a site at a time with 250 session variables per user doesn't seem
> that bad to me on the surface. Storing frequently accessed database
> data in the session scope is often used as a caching optimization
> technique to reduce the database bottleneck. It is a technique I use
> and recommend, especially for very busy Web applications. In general,
> the busier the Web application, the more you are going to want to
> store in-memory to reduce the database usage, assuming your server has
> sufficient RAM. Really giant Web sites, like Facebook and YouTube,
> make extensive use of in-memory databases, like memcached.
> 
>
> One thing most developers neglect to do when using lots of session
> variables is making the session code thread safe, which takes a
> relatively high skill and experience level to accomplish. Unless you
> see a lot of cflock tags to mitigate the possible problems, a site
> with 1000 simultaneous users and 250 session variables might have
> random problems that could be traced back to the use of session
> variables. Threading problems can be hard to diagnose and are usually
> not discovered until the code gets put into a production environment.
>
> If the programmer is aware of the memory usage and threading issues,
> using lots of session variables is likely a minor concern, and
> potentially is a good thing if he is using them as a technique to
> speed up the Web application.
>
> You wrote "I see no scope referencing in these Vars," which I find odd
> if you are referring to variables in the session scope. All the
> in-memory variables should have their scope referenced when they are
> used.
>
> -Mike Chabot
>
> On Tue, Jan 31, 2012 at 11:37 AM, Robert Harrison
>  wrote:
> >
> > Thanks for all the input.  Besides the fact that the application could
> conceivably have hundreds of thousands of session Vars in memory, I'm
> concerned about collision too.
> >
> > I see no scope referencing in these Vars and see they are all 'common
> names'. I also see no routines to clear any vars after completion of an
> operation is over.
> >
> > Oh well.
> >
> > Robert B. Harrison
> > Director of Interactive Services
> > Austin & Williams
> > 125 Kennedy Drive, Suite 100
> > Hauppauge NY 11788
> > P : 631.231.6600 Ext. 119
> > F : 631.434.7022
> > http://www.austin-williams.co
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349725
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Opinion: Abuse of session variables

[Cameron Childress]

On Wed, Feb 1, 2012 at 1:55 PM, Mike Chabot  wrote:

> One thing most developers neglect to do when using lots of session
> variables is making the session code thread safe, which takes a
> relatively high skill and experience level to accomplish. Unless you
> see a lot of cflock tags to mitigate the possible problems, a site
> with 1000 simultaneous users and 250 session variables might have
> random problems that could be traced back to the use of session
> variables.


This is largely false since the release of CF6. Race conditions being the
primary exception.

-Cameron

...


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349724
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Opinion: Abuse of session variables

[Mike Chabot]

I would agree with what some others have written, in that an apparent
over-use of session variables is not inherently bad, unless it is
causing server instability or memory problems. Make sure the
programmer is using session variables for a specific reason, and that
he is aware of the issues that using session variables can cause. Out
of all the faults one can find when examining a Web site, using too
many session variables is fairly low on the priority list. 1000 users
on a site at a time with 250 session variables per user doesn't seem
that bad to me on the surface. Storing frequently accessed database
data in the session scope is often used as a caching optimization
technique to reduce the database bottleneck. It is a technique I use
and recommend, especially for very busy Web applications. In general,
the busier the Web application, the more you are going to want to
store in-memory to reduce the database usage, assuming your server has
sufficient RAM. Really giant Web sites, like Facebook and YouTube,
make extensive use of in-memory databases, like memcached.


One thing most developers neglect to do when using lots of session
variables is making the session code thread safe, which takes a
relatively high skill and experience level to accomplish. Unless you
see a lot of cflock tags to mitigate the possible problems, a site
with 1000 simultaneous users and 250 session variables might have
random problems that could be traced back to the use of session
variables. Threading problems can be hard to diagnose and are usually
not discovered until the code gets put into a production environment.

If the programmer is aware of the memory usage and threading issues,
using lots of session variables is likely a minor concern, and
potentially is a good thing if he is using them as a technique to
speed up the Web application.

You wrote "I see no scope referencing in these Vars," which I find odd
if you are referring to variables in the session scope. All the
in-memory variables should have their scope referenced when they are
used.

-Mike Chabot

On Tue, Jan 31, 2012 at 11:37 AM, Robert Harrison
 wrote:
>
> Thanks for all the input.  Besides the fact that the application could 
> conceivably have hundreds of thousands of session Vars in memory, I'm 
> concerned about collision too.
>
> I see no scope referencing in these Vars and see they are all 'common names'. 
> I also see no routines to clear any vars after completion of an operation is 
> over.
>
> Oh well.
>
> Robert B. Harrison
> Director of Interactive Services
> Austin & Williams
> 125 Kennedy Drive, Suite 100
> Hauppauge NY 11788
> P : 631.231.6600 Ext. 119
> F : 631.434.7022
> http://www.austin-williams.co

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349723
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Escaping #

[Dave Watts]

> Is there a syntax for the cfloop if no structure is defined or is that when i 
> would
> need to use evaluate?

When you create variables, they are in one scope or another. Those
structures are always defined. Just use the one that happens to
contain your variables.

If you submit a form, variables from that form are in the Form scope.
If you have variables retrieved from a URL, they're URL variables.
Etc, etc.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our training centers, online, or onsite.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349722
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Escaping #

[Dominic Watson]

A variable will *always* live in a scope. If you POST a form to your
server, the form's inputs will be available in the FORM scope. If you
send the form using GET or if you hit a page with URL parameters (in
effect the same thing), the form inputs / url parameters will be
available in the URL scope.

Now, the fun part. If you don't specify a scope when addressing
variables, ColdFusion will search all the scopes until it finds your
variable. Addressing variables without scope can lead to unexpected
behaviour should you have the same variable name in different scopes.
This seems to explain it well:

http://www.garyrgilbert.com/tutorials/coldfusion/beginner/scope.cfm

In short though, it is good practice to always declare the scope of
your variables when accessing them. You should never need to use
Eval() in this situation.

HTH

Dominic

On 1 February 2012 18:03, Rob Voyle  wrote:
>
> Hi Dave
>
> My forms up until this time have been very simple and I have never defined or
> specified the scope or structure of variables.
>
> Is there a syntax for the cfloop if no structure is defined or is that when i 
> would
> need to use evaluate?
>
> Thanks
>
> Rob
>
> On 1 Feb 2012 at 12:46, Dave Watts wrote:
>
>>
>> > What you had suggested didn't work as I hadn't scoped the
>> variables so I got a
>> > not defined error message when I tried
>> > #variables["namefirst" & i]#
>>
>> You can use whatever scope the variables are in, though:
>>
>> #form["namefirst" & i]#
>>
>> > I tried #["namefirst" & i]#
>> > but that didn't work.
>>
>> Right. The brackets indicate membership in a structure, but you
>> didn't
>> specify the structure
>>
>> structure[key]
>>
>> Variable scopes are exposed as structures.
>>
>> Dave Watts, CTO, Fig Leaf Software
>> http://www.figleaf.com/
>> http://training.figleaf.com/
>>
>> Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
>> GSA Schedule, and provides the highest caliber vendor-authorized
>> instruction at our training centers, online, or onsite.
>>
>> 
>> ~|
>> Order the Adobe Coldfusion Anthology now!
>> http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=
>> houseoffusion
>> Archive:
>> http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:34
>> 9719
>> Subscription:
>> http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
>> Unsubscribe:
>> http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
>>
>
>
>
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349721
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Escaping #

[Rob Voyle]

Hi Dave

My forms up until this time have been very simple and I have never defined or 
specified the scope or structure of variables.

Is there a syntax for the cfloop if no structure is defined or is that when i 
would 
need to use evaluate?

Thanks

Rob  

On 1 Feb 2012 at 12:46, Dave Watts wrote:

> 
> > What you had suggested didn't work as I hadn't scoped the
> variables so I got a
> > not defined error message when I tried
> > #variables["namefirst" & i]#
> 
> You can use whatever scope the variables are in, though:
> 
> #form["namefirst" & i]#
> 
> > I tried #["namefirst" & i]#
> > but that didn't work.
> 
> Right. The brackets indicate membership in a structure, but you
> didn't
> specify the structure
> 
> structure[key]
> 
> Variable scopes are exposed as structures.
> 
> Dave Watts, CTO, Fig Leaf Software
> http://www.figleaf.com/
> http://training.figleaf.com/
> 
> Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
> GSA Schedule, and provides the highest caliber vendor-authorized
> instruction at our training centers, online, or onsite.
> 
> 
> ~|
> Order the Adobe Coldfusion Anthology now!
> http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=
> houseoffusion
> Archive:
> http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:34
> 9719
> Subscription:
> http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
> Unsubscribe:
> http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
> 




~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349720
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Escaping #

[Dave Watts]

> What you had suggested didn't work as I hadn't scoped the variables so I got a
> not defined error message when I tried
> #variables["namefirst" & i]#

You can use whatever scope the variables are in, though:

#form["namefirst" & i]#

> I tried #["namefirst" & i]#
> but that didn't work.

Right. The brackets indicate membership in a structure, but you didn't
specify the structure

structure[key]

Variable scopes are exposed as structures.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our training centers, online, or onsite.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349719
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Escaping #

[Rob Voyle]

Hi Dave

What you had suggested didn't work as I hadn't scoped the variables so I got a 
not defined error message when I tried 
#variables["namefirst" & i]#

I tried #["namefirst" & i]#
but that didn't work.

Rob

On 1 Feb 2012 at 11:39, Dave Watts wrote:

> 
> > Here is what I got to work
> >
> > 
> > 
> >  >   value="#Evaluate('namefirst' & i)#" />
> > 
> > 
> >
> > I needed the  tag because it wasn't reading the
> name=namefirst#i#
> > and then needed to evaluate the variable which gets rid of the
> multiple ## .
> 
> That will work as well, but in general it's more expensive to use
> evaluate (which has to do more work under the covers, to convert
> an
> arbitrary string to executable code) than the solution I proposed,
> which looks for a key within a structure.
> 
> Dave Watts, CTO, Fig Leaf Software
> http://www.figleaf.com/
> http://training.figleaf.com/
> 
> Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
> GSA Schedule, and provides the highest caliber vendor-authorized
> instruction at our training centers, online, or onsite
> 


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349718
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Escaping #

[Dave Watts]

> Here is what I got to work
>
> 
> 
>    value="#Evaluate('namefirst' & i)#" />
> 
> 
>
> I needed the  tag because it wasn't reading the name=namefirst#i#
> and then needed to evaluate the variable which gets rid of the multiple ## .

That will work as well, but in general it's more expensive to use
evaluate (which has to do more work under the covers, to convert an
arbitrary string to executable code) than the solution I proposed,
which looks for a key within a structure.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our training centers, online, or onsite

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349717
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Extending App.cfc and file paths

[Mike P]

I have a setup where I grab the root path of my application in app.cfc using 
GetDirectoryFromPath(GetCurrentTemplatePath()) and set it in the application 
scope through OnApplicationStart. This works great for most of the site, but I 
have one subfolder where I've extended app.cfc to add a login script to 
OnRequestStart.  The problem I'm having is if the application starts up from 
that subfolder, the extended app.cfc sets the root path from the subfolder 
instead of the root folder where the original app.cfc is located.

Anyone know a way to fix this? 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349716
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Escaping #

[Rob Voyle]

Hi Dave and Steve

Thanks for the help

What I am doing is creating a series of pages to register students for a class.
I have a set of variables namefirst1 namefirst2 namefirst3 etc. which yield 
names such as Fred, Sam, Mary etc. that evenutally get passed by hidden input 
to a confirmation page after the person pays

Here is what I got to work







I needed the  tag because it wasn't reading the name=namefirst#i#
and then needed to evaluate the variable which gets rid of the multiple ## .

Thanks for your help.

Rob




On 1 Feb 2012 at 10:10, Dave Watts wrote:

> 
> > I can't get the loop to work
> >
> > 
> >  >   value="#'namefirst' & i#" />
> > 
> 
> What is this supposed to output?
> 
> #'namefirst' & i#
> 
> If you want to output the value contained in a variable whose name
> consists of the string "namefirst1", "namefirst2", etc, here's one
> way
> to do it:
> 
> #variables["namefirst" & i]#
> 
> Dave Watts, CTO, Fig Leaf Software
> http://www.figleaf.com/
> http://training.figleaf.com/
> 
> Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
> GSA Schedule, and provides the highest caliber vendor-authorized
> instruction at our training centers, online, or onsite


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349715
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: the ##2 will not print with Bar Code 39 f HR cfprint comand

[Dave Watts]

> Yes they are all in CF Administrator

Then, I got nothin. Sorry.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our training centers, online, or onsite.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349714
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: the ##2 will not print with Bar Code 39 f HR cfprint comand

[Keith McGee]

Yes they are all in CF Administrator

 > Yes, it prints from the server fine if I open the pdf and print from 
> acrobat reader. it just wont print the #2 with the cfprint command.
> 
> If you go into the fonts list in CF Administrator, are all the fonts
> used by your PDF listed there?
> 
> Dave Watts, CTO, Fig Leaf Software
> http://www.figleaf.com/
> http://training.figleaf.com/
> 
> Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
> GSA Schedule, and provides the highest caliber vendor-authorized
> instruction at our training centers, online, or onsite.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349713
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: the ##2 will not print with Bar Code 39 f HR cfprint comand

[Keith McGee]

Yes they are there

> > Yes, it prints from the server fine if I open the pdf and print from 
> acrobat reader. it just wont print the #2 with the cfprint command.
> 
> If you go into the fonts list in CF Administrator, are all the fonts
> used by your PDF listed there?
> 
> Dave Watts, CTO, Fig Leaf Software
> http://www.figleaf.com/
> http://training.figleaf.com/
> 
> Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
> GSA Schedule, and provides the highest caliber vendor-authorized
> instruction at our training centers, online, or onsite.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349712
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Crossed Accounts Issue

[Eric Williams]

> > I have an issue that I am hoping one of you can help me out with. 
>  The issue is caused when more than one user logs in
> > with a few tenths of a second of each other.  This happens maybe 
> once every few weeks on a high volume application.
> > The problem is with user information getting mixed up when 
> authenticating.
> >
> > As you can see from the code below the authenticate component is 
> called right before setting the session username.
> > The authenticate component does all the basic checks and returns the 
> user info.  In these rare instances the
> > session.RetAuth.username and all the info returned from the 
> component are for another user that is logging in at the same
> > time.
> >
> > 
> >        if(NOT IsDefined("APPLICATION.oUser")){
> >                APPLICATION.oUser=CreateObject("component",
> "#APPLICATION.G.CFC_PATH#User");
> >        }
> >        APPLICATION.oUser.DSN=this.DSN;
> >        
> >         Login,form.Password)>
> >        
> 
> This is a race condition issue. You can solve it by implementing
> locking, either around this code or perhaps within your component.
> 
> Dave Watts, CTO, Fig Leaf Software
> http://www.figleaf.com/
> http://training.figleaf.com/
> 
> Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
> GSA Schedule, and provides the highest caliber vendor-authorized
> instruction at our 

Dave,

I already have a lock in the component, I create a unique uuid on each request 
for the lock.  Did not solve the problem.  Might try a lock around the entire 
login code.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349711
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Crossed Accounts Issue

[Anene Isioma Wealth]

try using the cflock tag. It helps to isolate profiles. Also, consider allowing 
client to have unique usernames such as email addresses or something, then get 
the profile based on these unique usernames. in this case, no one will have 
another's profile.




>
> From: Eric Williams 
>To: cf-talk  
>Sent: Wednesday, February 1, 2012 4:28 PM
>Subject: Crossed Accounts Issue
> 
>
>I have an issue that I am hoping one of you can help me out with.  The issue 
>is caused when more than one user logs in with a few tenths of a second of 
>each other.  This happens maybe once every few weeks on a high volume 
>application.  The problem is with user information getting mixed up when 
>authenticating.  
>
>As you can see from the code below the authenticate component is called right 
>before setting the session username. The authenticate component does all the 
>basic checks and returns the user info.  In these rare instances the 
>session.RetAuth.username and all the info returned from the component are for 
>another user that is logging in at the same time.  
>
>
>    if(NOT IsDefined("APPLICATION.oUser")){
>        
>APPLICATION.oUser=CreateObject("component","#APPLICATION.G.CFC_PATH#User");
>    }
>    APPLICATION.oUser.DSN=this.DSN;
>    
>    session.RetAuth=APPLICATION.oUser.authenticate(form.Login,form.Password)>
>     
>
>

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349710
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: the ####2 will not print with Bar Code 39 f HR cfprint comand

[Keith McGee]

Yes they are there


> > Yes, it prints from the server fine if I open the pdf and print from 
> acrobat reader. it just wont print the #2 with the cfprint command.
> 
> If you go into the fonts list in CF Administrator, are all the fonts
> used by your PDF listed there?
> 
> Dave Watts, CTO, Fig Leaf Software
> http://www.figleaf.com/
> http://training.figleaf.com/
> 
> Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
> GSA Schedule, and provides the highest caliber vendor-authorized
> instruction at our training centers, online, or onsite.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349709
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Crossed Accounts Issue

[Dave Watts]

> I have an issue that I am hoping one of you can help me out with.  The issue 
> is caused when more than one user logs in
> with a few tenths of a second of each other.  This happens maybe once every 
> few weeks on a high volume application.
> The problem is with user information getting mixed up when authenticating.
>
> As you can see from the code below the authenticate component is called right 
> before setting the session username.
> The authenticate component does all the basic checks and returns the user 
> info.  In these rare instances the
> session.RetAuth.username and all the info returned from the component are for 
> another user that is logging in at the same
> time.
>
> 
>        if(NOT IsDefined("APPLICATION.oUser")){
>                
> APPLICATION.oUser=CreateObject("component","#APPLICATION.G.CFC_PATH#User");
>        }
>        APPLICATION.oUser.DSN=this.DSN;
>        
>         session.RetAuth=APPLICATION.oUser.authenticate(form.Login,form.Password)>
>        

This is a race condition issue. You can solve it by implementing
locking, either around this code or perhaps within your component.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our t

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349708
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: the ##2 will not print with Bar Code 39 f HR cfprint comand

[Dave Watts]

> Yes, it prints from the server fine if I open the pdf and print from acrobat 
> reader. it just wont print the #2 with the cfprint command.

If you go into the fonts list in CF Administrator, are all the fonts
used by your PDF listed there?

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our training centers, online, or onsite.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349707
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: the ##2 will not print with Bar Code 39 f HR cfprint comand

[Keith McGee]

Yes, it prints from the server fine if I open the pdf and print from acrobat 
reader. it just wont print the #2 with the cfprint command. 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349706
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Returning errors from MySQL to AjaxCFC

[David Torres]

This sure worked Russ, but I noticed that I made a mistake earlier in my 
function. I placed the cftry tags in the wrong place. Anyway, here is what I 
did returning a struct and a string.

USING A STRING:




...













USING STRUCT:
  



...













Thank you 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349705
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Crossed Accounts Issue

[Eric Williams]

I have an issue that I am hoping one of you can help me out with.  The issue is 
caused when more than one user logs in with a few tenths of a second of each 
other.  This happens maybe once every few weeks on a high volume application.  
The problem is with user information getting mixed up when authenticating.  

As you can see from the code below the authenticate component is called right 
before setting the session username. The authenticate component does all the 
basic checks and returns the user info.  In these rare instances the 
session.RetAuth.username and all the info returned from the component are for 
another user that is logging in at the same time.  


if(NOT IsDefined("APPLICATION.oUser")){

APPLICATION.oUser=CreateObject("component","#APPLICATION.G.CFC_PATH#User");
}
APPLICATION.oUser.DSN=this.DSN;


 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349704
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: jboss cfcontent variable xls file no lopnger working.

[morchella]

well this was an easy fix.

in CfAdmin there is a setting under the Advanced Settings to Enable binary
large object retrieval (BLOB). In my case, it was unchecked. On the New
server instance.
On Jan 30, 2012 7:13 PM, "morchella"  wrote:

> so we have our file data stored in a blob.
> upgrading from websphere cf7 to jboss. cf9
>
> for some reason i cant for the life of me trouble shoot correctly.
> some/most xls are no longer downloading correctly.
>
> if i upload a simple xls it works.
> so does an xls.
> but existing binary data from a blob field is not consistently downloading.
>
> pdfs are all good.
>
> any idea how i can debug the issue?
> thanks guys
> -p
>


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349703
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Escaping #

[DURETTE, STEVEN J]

I agree, but I flipped it out quickly without knowing what he really wanted to 
do with value.

However it did fix his issue with not having cfoutputs around #i# in name. Well 
it would have if I had typed i instead of 1.

As always, I defer to the Master!

Steve

-Original Message-
From: Dave Watts [mailto:dwa...@figleaf.com] 
Sent: Wednesday, February 01, 2012 10:18 AM
To: cf-talk
Subject: Re: Escaping #


> Try this:
>
> 
>        
>                 value="#namefirst##i#" />
>        
> 

I don't think that's going to get the value of a variable called, say,
"namefirst1".

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our training centers, on



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349702
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: the #2 will not print with Bar Code 39 f HR cfprint comand

[Dave Watts]

> I am creating a pdf file with a bar code. If I open the pdf and hit print the 
> bar code prints fine. If i use cfprint to print
> the same pdf. all letters and numbers will print in the bar code font except 
> the #2. This is driving me crazy.
>
> I did have to do this fix to get the bar code to print at all with cfprint. 
> http://kb2.adobe.com/cps/405/kb405588.html

Did you install all the fonts used by this PDF on your CF server?

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our training centers, online, or onsite.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349701
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Escaping #

[Dave Watts]

> Try this:
>
> 
>        
>                 value="#namefirst##i#" />
>        
> 

I don't think that's going to get the value of a variable called, say,
"namefirst1".

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our training centers, on

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349700
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Escaping #

[DURETTE, STEVEN J]

Try this:







-Original Message-
From: Rob Voyle [mailto:robvo...@voyle.com] 
Sent: Wednesday, February 01, 2012 10:04 AM
To: cf-talk
Subject: Re: Escaping #


Hi 

thanks to all the guys who have helped on this project. Most of it is working 
but...

I am passing hidden variables to a confirmation page this line of code works:



I can't get the loop to work





Thanks

Rob
Robert J. Voyle, Psy.D.
Director, Clergy Leadership Institute
For Coaching and Training in Appreciative Inquiry
Author: Restoring Hope: Appreciative Strategies
 to Resolve Grief and Resentment
http://www.appreciativeway.com/
503-647-2378 or 503-647-2382






~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349699
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Escaping #

[Dave Watts]

> I can't get the loop to work
>
> 
>    value="#'namefirst' & i#" />
> 

What is this supposed to output?

#'namefirst' & i#

If you want to output the value contained in a variable whose name
consists of the string "namefirst1", "namefirst2", etc, here's one way
to do it:

#variables["namefirst" & i]#

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our training centers, online, or onsite

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349698
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Returning errors from MySQL to AjaxCFC

[David Torres]

I sure thought about that Russ. The only thing is where and how to set the 
struct with the cfcatch errors in order to return the struct. If you have an 
idea let me now. I will look into that in the meantime. 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349697
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Escaping #

[Rob Voyle]

Hi 

thanks to all the guys who have helped on this project. Most of it is working 
but...

I am passing hidden variables to a confirmation page this line of code works:



I can't get the loop to work





Thanks

Rob
Robert J. Voyle, Psy.D.
Director, Clergy Leadership Institute
For Coaching and Training in Appreciative Inquiry
Author: Restoring Hope: Appreciative Strategies
 to Resolve Grief and Resentment
http://www.appreciativeway.com/
503-647-2378 or 503-647-2382




~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349696
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

the #2 will not print with Bar Code 39 f HR cfprint comand

[Keith McGee]

I am creating a pdf file with a bar code. If I open the pdf and hit print the 
bar code prints fine. If i use cfprint to print the same pdf. all letters and 
numbers will print in the bar code font except the #2. This is driving me 
crazy. 

I did have to do this fix to get the bar code to print at all with cfprint. 
http://kb2.adobe.com/cps/405/kb405588.html 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349695
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Opinion: Abuse of session variables

[Russ Michaels]

in the case I was referring to Dave, there was no locking, and it was
copying all scopes into sessions (variables, url and form) and then back
again
so it really was for no good reason :-)
however all programmers work different and have a tendency to slate the way
others have done things, thus why I suggested it would be better to just
ask him rather than make assumptions.Most of time we don;t have this option
as the original developer has long since gone.

On Wed, Feb 1, 2012 at 3:58 AM, Dave Watts  wrote:

>
> > I have come across some similar code also, moving variables scope into
> > sessions and back again for no reason.
>
> There's actually a reason why that might be, in some cases. Not a good
> reason, but a reason nonetheless. It used to be the case (CF 5 and
> earlier) that you had to worry about locking a lot more than you do
> now. So, people would do something like this:
>
> 
> 
> 
> 
>
> ... do a bunch of stuff with those variables ...
>
> 
> 
> 
> 
>
> Unfortunately, it didn't work very well in practice.
>
> > perhaps you could just ask him why he is doing it.
>
> I am not being sarcastic when I say this - this is a very good suggestion.
>
> Dave Watts, CTO, Fig Leaf Software
> http://www.figleaf.com/
> http://training.figleaf.com/
>
> Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
> GSA Schedule, and provides the highest caliber vendor-authorized
> instruction at our training centers, online, or onsite.
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349694
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm