Truncating pages SQL 2000
Hi all, Is there anything that could cause truncation of data in an ntext field, either by sql or coldfusion, or some other way? I have a CMS app that has been running a site for a few years and the content field of the CMS pages has become truncated. I need to determine whether this was user error, or if it could have happened in any other way. Many thanks, Jenny -- I am using the free version of SPAMfighter. SPAMfighter has removed 8643 of my spam emails to date. Get the free SPAMfighter here: http://www.spamfighter.com/len Do you have a slow PC? Try a Free scan http://www.spamfighter.com/SLOW-PCfighter?cid=sigen ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354558 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Truncating pages SQL 2000
Jenny, There is a limit on the amount of text that can be written to the database in CF. It's a part of the advanced settings for the database connection. Limit is 65000 characters by default. You can up that to anything. Hope that helps, Rob On 2013-02-18 8:06 AM, Jenny Gavin-Wear jenn...@fasttrackonline.co.uk wrote: Hi all, Is there anything that could cause truncation of data in an ntext field, either by sql or coldfusion, or some other way? I have a CMS app that has been running a site for a few years and the content field of the CMS pages has become truncated. I need to determine whether this was user error, or if it could have happened in any other way. Many thanks, Jenny -- I am using the free version of SPAMfighter. SPAMfighter has removed 8643 of my spam emails to date. Get the free SPAMfighter here: http://www.spamfighter.com/len Do you have a slow PC? Try a Free scan http://www.spamfighter.com/SLOW-PCfighter?cid=sigen ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354559 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Problem with Hackers on Donation form through Authorize.net
Al, I see values like this all of the time. In most cases, I'll see values like -1, -1' or 1' for input fields. I use a custom function to scan all form vars and if there is a match... I typically ban the IP address for a period of time. You'll *likely* find a pattern to the IP addresses that are problematic. Many IP subnets are repeat offenders. ~Che -Original Message- From: Al Musella, DPM [mailto:muse...@virtualtrials.com] Sent: Sunday, February 17, 2013 6:38 PM To: cf-talk Subject: RE: Problem with Hackers on Donation form through Authorize.net I added another filter today... I have always checked all form submissions for the bad keywords but I noticed that many of the attacks seem to start with them entering 1 or -1 as the first and or last name. Probably too lazy to put more keystrokes in when they are setting up the script. So now if a 1 or -1 is entered in any field that has the word name within the field name, they get added to my list of banned IP addresses and if they go to any page on any of the websites I run, they get an error page that looks like the website is down Anyone else seeing a lot of form submissions with -1 or 1 as the name? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354560 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Hosting A to Z
I've mentioned before how competent and pro-active are the folks at Viviotech. Let's talk about Viviotech a minute. I'm not sure where all of you work, but we have a small business. I'm on their site now. They've told me they don't offer CF on their shared hosting servers so I have to go with VPS. Leaving everything as standard except adding a Windows server ($7) and CF 9 ($35) that comes to $76.95/month or $923.40/year. Really? No one sees that as a hefty cost for a *small* business? A Railo or openBD server only has a setup cost but I'm assuming I'd have to make code adjustments for those - I don't know anything about them. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354561 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Hosting A to Z
Go with Hostek, affordable and great support. Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/113032480415921517411 On Tue, Feb 19, 2013 at 1:41 AM, Stephens, Larry V steph...@iu.edu wrote: I've mentioned before how competent and pro-active are the folks at Viviotech. Let's talk about Viviotech a minute. I'm not sure where all of you work, but we have a small business. I'm on their site now. They've told me they don't offer CF on their shared hosting servers so I have to go with VPS. Leaving everything as standard except adding a Windows server ($7) and CF 9 ($35) that comes to $76.95/month or $923.40/year. Really? No one sees that as a hefty cost for a *small* business? A Railo or openBD server only has a setup cost but I'm assuming I'd have to make code adjustments for those - I don't know anything about them. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354562 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Hosting A to Z
Larry, as the saying goes you get what you pay for. If you are looking for cheap hosting then there are thousands of hosts to choose from at the bottom end for 9.99 or so If you want management, better service and support then you should be prepared to pay extra for that. All the hosts I mentioned are on the TOP end of that scale. It depends how much you value your website and your on-line presence as to how much you spend. We often get customers quoting us that they lose thousands in orders if their site is down, yet they are only prepared to spend 9.99 a month on their hosting ??? doesn't make a lot of sense does it. It is also important to understand the difference between cloud and VPS and which one your getting. a Cheap 9.99 VPS is going to be very heavily contended (this is generally called cloud hosting). $76 for a VPS with CF is actually pretty good, go and look how much CF enterprise actually costs to buy, and then factor that into the equation. With the new CF10 licensing it is even harder for any hosts to scrape this money back and can only have a limited number of servers per license, so $35 per month for cf enterprise is very good. On Mon, Feb 18, 2013 at 2:41 PM, Stephens, Larry V steph...@iu.edu wrote: I've mentioned before how competent and pro-active are the folks at Viviotech. Let's talk about Viviotech a minute. I'm not sure where all of you work, but we have a small business. I'm on their site now. They've told me they don't offer CF on their shared hosting servers so I have to go with VPS. Leaving everything as standard except adding a Windows server ($7) and CF 9 ($35) that comes to $76.95/month or $923.40/year. Really? No one sees that as a hefty cost for a *small* business? A Railo or openBD server only has a setup cost but I'm assuming I'd have to make code adjustments for those - I don't know anything about them. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354563 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Hosting A to Z
On Mon, Feb 18, 2013 at 9:41 AM, Stephens, Larry V steph...@iu.edu wrote: Really? No one sees that as a hefty cost for a *small* business? From the sounds of it, you are currently spending a lot of time dealing with problems at your currently hosting company. Time = money. You currently spend alot of *time* dealing with issues with your hosting. You currently spend alot of *money* dealing with issues with your hosting. Since you don't pay them much money, they probably don't spend much time on your server issues. But it's not just you. They probably don't spend much time on anyone's shared server issues. Viviotech's pricing is very very competitive for what you get, which is awesome support. With Viviotech, you are paying them a rate that makes it worth their while to give that awesome customer support to you. In exchange, you don't waste a whole bunch of your time dealing with problems. Now, I may be mistaken and you may have all the time in the world to spend dealing with problems like this. However, as a small business owner myself, one of the most valuable things to me is my time, and I am certainly willing to pay a fair amount of money for services like solid hosting so that I can preserve that time for more profitable endeavors. -Cameron ... ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354564 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Truncating pages SQL 2000
Hi Rob, Thanks for your reply. I'm getting rusty! I forgot to enable long text retrieval on a new server. Cheers, Jenny -Original Message- From: Rob Parkhill [mailto:robert.parkh...@gmail.com] Sent: 18 February 2013 13:49 To: cf-talk Subject: Re: Truncating pages SQL 2000 Jenny, There is a limit on the amount of text that can be written to the database in CF. It's a part of the advanced settings for the database connection. Limit is 65000 characters by default. You can up that to anything. Hope that helps, Rob On 2013-02-18 8:06 AM, Jenny Gavin-Wear jenn...@fasttrackonline.co.uk wrote: Hi all, Is there anything that could cause truncation of data in an ntext field, either by sql or coldfusion, or some other way? I have a CMS app that has been running a site for a few years and the content field of the CMS pages has become truncated. I need to determine whether this was user error, or if it could have happened in any other way. Many thanks, Jenny -- I am using the free version of SPAMfighter. SPAMfighter has removed 8643 of my spam emails to date. Get the free SPAMfighter here: http://www.spamfighter.com/len Do you have a slow PC? Try a Free scan http://www.spamfighter.com/SLOW-PCfighter?cid=sigen ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354565 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
CFB
Must be losing my mind: on CFB's New ColdFusion Project wizard, I'm stuck on the Project Information page. I have: Project Name: mydomain_com Use Default Location: [unchecked] Project Location: C:\ColdFusion10\cfusion\wwwroot ...and it keeps telling me The project already exists in C:\ColdFusion10\cfusion\wwwroot folder. This IS an existing project and the mydomain_com folder IS in C:\ColdFusion10\cfusion\wwwroot so I tried renaming that folder to mydomain_com_temp and I get the same message. Help? -- John Bliss - http://about.me/jbliss ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354566 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFB
John, If it is an existing project with .project files try import instead. Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/113032480415921517411 On Tue, Feb 19, 2013 at 2:34 AM, John M Bliss bliss.j...@gmail.com wrote: Must be losing my mind: on CFB's New ColdFusion Project wizard, I'm stuck on the Project Information page. I have: Project Name: mydomain_com Use Default Location: [unchecked] Project Location: C:\ColdFusion10\cfusion\wwwroot ...and it keeps telling me The project already exists in C:\ColdFusion10\cfusion\wwwroot folder. This IS an existing project and the mydomain_com folder IS in C:\ColdFusion10\cfusion\wwwroot so I tried renaming that folder to mydomain_com_temp and I get the same message. Help? -- John Bliss - http://about.me/jbliss ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354567 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Truncating pages SQL 2000
Actually, looking at it again. It's not the writing of the data, it's the retrieval, so no actual truncation takes place? -Original Message- From: Jenny Gavin-Wear [mailto:jenn...@fasttrackonline.co.uk] Sent: 18 February 2013 15:28 To: cf-talk Subject: RE: Truncating pages SQL 2000 Hi Rob, Thanks for your reply. I'm getting rusty! I forgot to enable long text retrieval on a new server. Cheers, Jenny -Original Message- From: Rob Parkhill [mailto:robert.parkh...@gmail.com] Sent: 18 February 2013 13:49 To: cf-talk Subject: Re: Truncating pages SQL 2000 Jenny, There is a limit on the amount of text that can be written to the database in CF. It's a part of the advanced settings for the database connection. Limit is 65000 characters by default. You can up that to anything. Hope that helps, Rob On 2013-02-18 8:06 AM, Jenny Gavin-Wear jenn...@fasttrackonline.co.uk wrote: Hi all, Is there anything that could cause truncation of data in an ntext field, either by sql or coldfusion, or some other way? I have a CMS app that has been running a site for a few years and the content field of the CMS pages has become truncated. I need to determine whether this was user error, or if it could have happened in any other way. Many thanks, Jenny -- I am using the free version of SPAMfighter. SPAMfighter has removed 8643 of my spam emails to date. Get the free SPAMfighter here: http://www.spamfighter.com/len Do you have a slow PC? Try a Free scan http://www.spamfighter.com/SLOW-PCfighter?cid=sigen ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354568 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Coldfusion app response slow
All - Would there be a performance hit if the server monitor is enabled for long periods of time? On Tue, Feb 5, 2013 at 1:57 PM, Russ Michaels r...@michaels.me.uk wrote: Fusionreactor does not have all the info thar the server monitor does, the server monitor is better for drilling down into memory usage. Regards Russ Michaels www.michaels.me.uk www.cfmldeveloper.com - Free CFML hosting for developers www.cfsearch.com - CF search engine On Feb 5, 2013 7:51 PM, Cameron Childress camer...@gmail.com wrote: On Tue, Feb 5, 2013 at 2:06 PM, J.J. Merrick j...@panos.cc wrote: FusionReactor would be a great tool that would tell you exactly what was going on during the slow down and see what the issue is. +1 -Cameron ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354569 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Coldfusion app response slow
Try to Check and fine tune your jvm settings. On Feb 5, 2013 11:06 PM, J.J. Merrick j...@panos.cc wrote: Would there be a performance hit if the server monitor is enabled for long periods of time? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354570 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Coldfusion app response slow
it does have a performance hit yes, so I wouldn't leave it running indefinitely. On Mon, Feb 18, 2013 at 3:40 PM, funand learning funandlrnn...@gmail.comwrote: All - Would there be a performance hit if the server monitor is enabled for long periods of time? On Tue, Feb 5, 2013 at 1:57 PM, Russ Michaels r...@michaels.me.uk wrote: Fusionreactor does not have all the info thar the server monitor does, the server monitor is better for drilling down into memory usage. Regards Russ Michaels www.michaels.me.uk www.cfmldeveloper.com - Free CFML hosting for developers www.cfsearch.com - CF search engine On Feb 5, 2013 7:51 PM, Cameron Childress camer...@gmail.com wrote: On Tue, Feb 5, 2013 at 2:06 PM, J.J. Merrick j...@panos.cc wrote: FusionReactor would be a great tool that would tell you exactly what was going on during the slow down and see what the issue is. +1 -Cameron ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354571 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Coldfusion app response slow
I am planning to turn it on until I need to recycle the server when application slows down again probably around 5days. Would that be Ok? On Mon, Feb 18, 2013 at 9:42 AM, Russ Michaels r...@michaels.me.uk wrote: it does have a performance hit yes, so I wouldn't leave it running indefinitely. On Mon, Feb 18, 2013 at 3:40 PM, funand learning funandlrnn...@gmail.com wrote: All - Would there be a performance hit if the server monitor is enabled for long periods of time? On Tue, Feb 5, 2013 at 1:57 PM, Russ Michaels r...@michaels.me.uk wrote: Fusionreactor does not have all the info thar the server monitor does, the server monitor is better for drilling down into memory usage. Regards Russ Michaels www.michaels.me.uk www.cfmldeveloper.com - Free CFML hosting for developers www.cfsearch.com - CF search engine On Feb 5, 2013 7:51 PM, Cameron Childress camer...@gmail.com wrote: On Tue, Feb 5, 2013 at 2:06 PM, J.J. Merrick j...@panos.cc wrote: FusionReactor would be a great tool that would tell you exactly what was going on during the slow down and see what the issue is. +1 -Cameron ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354572 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Truncating pages SQL 2000
So, the data is fine in the db, but not displaying all of it? What does the variable look like upon retrieval? Is there something odd in the data that it's causing the truncation? On 2013-02-18 10:39 AM, Jenny Gavin-Wear jenn...@fasttrackonline.co.uk wrote: Actually, looking at it again. It's not the writing of the data, it's the retrieval, so no actual truncation takes place? -Original Message- From: Jenny Gavin-Wear [mailto:jenn...@fasttrackonline.co.uk] Sent: 18 February 2013 15:28 To: cf-talk Subject: RE: Truncating pages SQL 2000 Hi Rob, Thanks for your reply. I'm getting rusty! I forgot to enable long text retrieval on a new server. Cheers, Jenny -Original Message- From: Rob Parkhill [mailto:robert.parkh...@gmail.com] Sent: 18 February 2013 13:49 To: cf-talk Subject: Re: Truncating pages SQL 2000 Jenny, There is a limit on the amount of text that can be written to the database in CF. It's a part of the advanced settings for the database connection. Limit is 65000 characters by default. You can up that to anything. Hope that helps, Rob On 2013-02-18 8:06 AM, Jenny Gavin-Wear jenn...@fasttrackonline.co.uk wrote: Hi all, Is there anything that could cause truncation of data in an ntext field, either by sql or coldfusion, or some other way? I have a CMS app that has been running a site for a few years and the content field of the CMS pages has become truncated. I need to determine whether this was user error, or if it could have happened in any other way. Many thanks, Jenny -- I am using the free version of SPAMfighter. SPAMfighter has removed 8643 of my spam emails to date. Get the free SPAMfighter here: http://www.spamfighter.com/len Do you have a slow PC? Try a Free scan http://www.spamfighter.com/SLOW-PCfighter?cid=sigen ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354573 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Hosting A to Z
That is who I am with now...no complaints from me... -Original Message- From: Andrew Scott [mailto:andr...@andyscott.id.au] Sent: Monday, February 18, 2013 8:48 AM To: cf-talk Subject: Re: Hosting A to Z Go with Hostek, affordable and great support. Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/113032480415921517411 On Tue, Feb 19, 2013 at 1:41 AM, Stephens, Larry V steph...@iu.edu wrote: I've mentioned before how competent and pro-active are the folks at Viviotech. Let's talk about Viviotech a minute. I'm not sure where all of you work, but we have a small business. I'm on their site now. They've told me they don't offer CF on their shared hosting servers so I have to go with VPS. Leaving everything as standard except adding a Windows server ($7) and CF 9 ($35) that comes to $76.95/month or $923.40/year. Really? No one sees that as a hefty cost for a *small* business? A Railo or openBD server only has a setup cost but I'm assuming I'd have to make code adjustments for those - I don't know anything about them. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354574 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Hosting A to Z
What he said. If I have to spend two hours a month dealing with bad tech support at a hosting company, I have wasted more billable time than my hosting costs at VivioTech, where I get excellent support within minutes. On Mon, Feb 18, 2013 at 7:09 AM, Cameron Childress camer...@gmail.comwrote: On Mon, Feb 18, 2013 at 9:41 AM, Stephens, Larry V steph...@iu.edu wrote: Really? No one sees that as a hefty cost for a *small* business? From the sounds of it, you are currently spending a lot of time dealing with problems at your currently hosting company. Time = money. You currently spend alot of *time* dealing with issues with your hosting. You currently spend alot of *money* dealing with issues with your hosting.] ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354575 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
decryption question
Hi. A while ago, some kind folks on here helped me with encryption for a credit card number: [code] !--- encryption routine --- !--- if a value is entered in form.CreditCardNumber, then do the following --- cfif len(form.CreditCardNumber) !--- set default value for result in case no value is entered for CreditCardNumber --- cfparam name=result default= !--- generate a key suitable for AES --- cfset theKey = GenerateSecretKey(AES, 256) !--- now do the actual encryption using the AES algorithm --- cfset result = encrypt(form.CreditCardNumber, theKey, AES, UU) /cfif [/code] That works perfectly. Now I am trying to decrypt the encrypted value in the database. Following the guide at http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e08 11cbec22c24-7c1c.html, here is what I have so far: [code] !--- decryption routine --- !--- query editUser requests user information columns from table Users --- cfif len(editUser.CreditCardNumber) cfparam name=form.decrypted default= cfset theKey = GenerateSecretKey(AES, 256) cfset decrypted = decrypt(form.CreditCardNumber, theKey, AES, UU) /cfif [/code] The output goes in a text field: Credit Card Number (decrypted): cfinput TYPE=text NAME=CreditCardNumber value=#decrypted# / But I get an error: Variable DECRYPTED is undefined. I did cfset a value for variable decrypted. Why does ColdFusion insist that #decrypted# is undefined? Thank you for any advice. Eric *** Eric Bourland Internet Project Development Washington DC email: e...@ebwebwork.com web: ebwebwork.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354576 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: decryption question
cfif len(editUser.CreditCardNumber) cfparam name=form.decrypted default= cfset theKey = GenerateSecretKey(AES, 256) cfset decrypted = decrypt(form.CreditCardNumber, theKey, AES, UU) /cfif Since the only place where the decrypted variable is being set is within the CFIF block, I'd check to ensure the editUser.CreditCardNumber field wasn't blank as a first step. If you want it to default to a blank value if nothing is present in the database, you'll need to move your CFPARAM tag above the CFIF block so it's not contained within that logic and always gets a default value to work with. As an aside, you shouldn't be generating a new key just before you run the decrypt() call. You would need to use the same key that was used with the encrypt() call when the number was first encrypted in order to decrypt successfully. -Justin ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354577 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: decryption question
Justin, I was pondering some of your points, too. I've been reading up in the documentation, and trying different ideas. Here is what I have so far: [code] !--- if a value is entered in form.CreditCardNumber, then proceed with encryption --- cfif len(form.CreditCardNumber) !--- set default value for variable result in case no value is entered for CreditCardNumber --- cfparam name=result default= !--- generate a key suitable for AES --- cfset theKey = GenerateSecretKey(AES, 256) !--- now do the actual encryption using the AES algorithm --- cfset result = encrypt(form.CreditCardNumber, theKey, AES, UU) /cfif !--- decryption --- !--- set default value for variable form.decrypted in case no value is present in column CreditCardNumber --- cfparam name=form.decrypted default= !--- does editUser.CreditCardNumber have a value? --- cfif len(editUser.CreditCardNumber) !--- if so, apply decrypt function --- cfset decrypted = decrypt(form.CreditCardNumber, theKey, AES, UU) /cfif [/code] Hmm. I am still getting error Variable DECRYPTED is undefined. which is weird since I have defined it -- in scope FORM. I think I am missing a core concept. =) Can you clue me in? Thank you again for your time. Eric -Original Message- From: Justin Scott [mailto:leviat...@darktech.org] Sent: Monday, February 18, 2013 6:46 PM To: cf-talk Subject: Re: decryption question cfif len(editUser.CreditCardNumber) cfparam name=form.decrypted default= cfset theKey = GenerateSecretKey(AES, 256) cfset decrypted = decrypt(form.CreditCardNumber, theKey, AES, UU) /cfif Since the only place where the decrypted variable is being set is within the CFIF block, I'd check to ensure the editUser.CreditCardNumber field wasn't blank as a first step. If you want it to default to a blank value if nothing is present in the database, you'll need to move your CFPARAM tag above the CFIF block so it's not contained within that logic and always gets a default value to work with. As an aside, you shouldn't be generating a new key just before you run the decrypt() call. You would need to use the same key that was used with the encrypt() call when the number was first encrypted in order to decrypt successfully. -Justin ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354578 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: decryption question
Hmm. I am still getting error Variable DECRYPTED is undefined. which is weird since I have defined it -- in scope FORM. Hi Eric, I'd recommend throwing the whole file up to somewhere like pastebin and posting a URL so we can see what all is going on in there (make sure to remove any sensitive information before posting, but seeing the whole file will help troubleshoot). -Justin ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354579 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: decryption question
Justin, is this helpful? http://pastebin.com/3xtt3b8k Sorry about all of the extraneous code in there. I do not think there is sensitive information -- no passwords or usernames. The datasource and the various tables are defined in application.cfc. I really appreciate your time. N.B. This information will be submitted over an SSL / HTTPS connection. -Original Message- From: Justin Scott [mailto:leviat...@darktech.org] Sent: Monday, February 18, 2013 9:32 PM To: cf-talk Subject: Re: decryption question Hmm. I am still getting error Variable DECRYPTED is undefined. which is weird since I have defined it -- in scope FORM. Hi Eric, I'd recommend throwing the whole file up to somewhere like pastebin and posting a URL so we can see what all is going on in there (make sure to remove any sensitive information before posting, but seeing the whole file will help troubleshoot). -Justin ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354580 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: decryption question
http://pastebin.com/3xtt3b8k At first glance I'm not sure why it wouldn't find the form variable. You might try explicitly setting the scope in all instances of that variable. Also, why are you paraming it in the form scope? Your form doesn't have a variable called decrypted so it will always start out blank. I'd just set a blank variable in the variables scope and then set that if you decrypt a card number and use it that way so they're all in the same scope. Also, regarding your encryption keys, you're generating a new key just before the encrypt() call, so it'll go into the database encrypted. However, you're not storing the key anywhere so you won't be able to decrypt on subsequent page loads (since the key is changing every time the page loads). Generally you would generate an AES key and then store it somewhere secure (key management is another whole topic) and then fetch that stored key when you need to use it for encryption and decryption calls. In your case, as a place to start, set up a separate temporary script which generates a key, then take the generated key output and put it in a variable in the request scope in your application.cfc file. Then use request.theKey (or whatever you call it) as the key whenever you make an encrypt() or decrypt() call. That will allow you to use the same key for data going into and coming out of the database. Use that as a place to start, but do some reading on encryption key management before you put it into production. Finally, do not store the CVV in the database. It's against the contract rules for every major credit card processor, the PCI-DSS standards, and will create a lot of headaches if your site is ever hacked. CVV codes are meant for online live transactions only and should not be stored anywhere ever (lots of clients will complain that they need it for offline processing to save some processing fees; tell them too bad and don't store it, no good can come of it). If you aren't familiar with the PCI-DSS, please go to https://www.pcisecuritystandards.org/security_standards/ and look over the information there. Storing credit card data is serious business and not to be taken lightly. -Justin ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354581 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: decryption question
Justin, Good points. Storing credit card data is serious business and not to be taken lightly. OK, CVV is out of there. Good advice. In your case, as a place to start, set up a separate temporary script which generates a key, then take the generated key output and put it in a variable in the request scope in your application.cfc file. Then use request.theKey (or whatever you call it) as the key whenever you make an encrypt() or decrypt() call. OK this is a lot to process. I understand the concept; I gotta figure out the script syntax and I am not good at scripting. I will work on this and get back to you. Thank you again for your help. Eric -Original Message- From: Justin Scott [mailto:leviat...@darktech.org] Sent: Monday, February 18, 2013 10:32 PM To: cf-talk Subject: Re: decryption question http://pastebin.com/3xtt3b8k At first glance I'm not sure why it wouldn't find the form variable. You might try explicitly setting the scope in all instances of that variable. Also, why are you paraming it in the form scope? Your form doesn't have a variable called decrypted so it will always start out blank. I'd just set a blank variable in the variables scope and then set that if you decrypt a card number and use it that way so they're all in the same scope. Also, regarding your encryption keys, you're generating a new key just before the encrypt() call, so it'll go into the database encrypted. However, you're not storing the key anywhere so you won't be able to decrypt on subsequent page loads (since the key is changing every time the page loads). Generally you would generate an AES key and then store it somewhere secure (key management is another whole topic) and then fetch that stored key when you need to use it for encryption and decryption calls. In your case, as a place to start, set up a separate temporary script which generates a key, then take the generated key output and put it in a variable in the request scope in your application.cfc file. Then use request.theKey (or whatever you call it) as the key whenever you make an encrypt() or decrypt() call. That will allow you to use the same key for data going into and coming out of the database. Use that as a place to start, but do some reading on encryption key management before you put it into production. Finally, do not store the CVV in the database. It's against the contract rules for every major credit card processor, the PCI-DSS standards, and will create a lot of headaches if your site is ever hacked. CVV codes are meant for online live transactions only and should not be stored anywhere ever (lots of clients will complain that they need it for offline processing to save some processing fees; tell them too bad and don't store it, no good can come of it). If you aren't familiar with the PCI-DSS, please go to https://www.pcisecuritystandards.org/security_standards/ and look over the information there. Storing credit card data is serious business and not to be taken lightly. -Justin ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354582 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
