Re: xhtml and cfform flash
To add to your list of woes, I don't think InvalidTag is even a valid tag in XHTML. Hi, I mean the code that is generated for flash-forms like.. 'InvalidTag pluginspage='http://www.macromedia.com/go/getflashplayer' ); id='CFForm_1' ); ...' validator gives a lot of errs like 'there is no attribute pluginspage'. I read somewhere that you either use cfform(flash) or xhtml, right? No other possibilities yet? In another post I wrote what I've read (from Sean Corfield) in the livedocs: (http://livedocs.macromedia.com/wtg/public/coding_standards/style. html -- near the bottom) SeanCorfield said on Jul 22, 2004 at 10:14 AM : The non-compliance of code generated by CFFORM is a known issue that will be addressed in a future release. So, I've to wait. or what? -- Sebastian Mork [EMAIL PROTECTED] -- On Thu, 23 Jun 2005 10:08:24 -0400 S. Isaac Dealey [EMAIL PROTECTED] wrote: Hi, what about flash-forms and valid xhtml? is there a way to create valid xhtml-code by cfform?? Heh... I believe you're actually the 2nd person to ask that this morning... Are you referring to the capitalized xhtml elements? I haven't worked with CF7's CFFORM tools myself (I have something better) but I would expect you could make a copy of the default XSL sheet and modify it to produce lower-case elements. Or modify the default XSL sheet. I know the default sheet has a bug in it that causes multiple-select elements to be un-selected if they should be prepopulated with multiple elements selected, so there's a good chance you would need to edit the default XSL sheet anyway. Here's the url for that fix: http://blog.web-shorts.com/?day=3/6/2005 He does mention that it's in _formelements.xsl ... although offhand I don't know where that file is located... I'd expect it's under the cfusionmx webroot directory somewhere but it's probably documented in the livedocs. http://livedocs.macromedia.com hth s. isaac dealey 954.522.6080 new epoch : isn't it time for a change? add features without fixtures with the onTap open source framework http://www.fusiontap.com http://coldfusion.sys-con.com/author/4806Dealey.htm ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:210360 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: xhtml and cfform flash
Sigh... the embed tag, that is. To add to your list of woes, I don't think InvalidTag is even a valid tag in XHTML. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:210364 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
ColdFusion server crashes every few days
Try this out: http://www.robisen.com/index.cfm?mode=entryentry=FD4BE2FC-55DC-F2B1-FED0717CC1C7E0AF ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:210263 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Regarding Java and .NET's incestuous ties, and Windows' future
...because .NET 2.0 is based on Java 1.4 (thanx to Microsoft's recent re-license), whereas .NET 1.1 is based on Java 1.1... Why is that foolishness? Because it's nonsense. Besides the fact that .NET isn't based (whatever the hell that means) off any version of Java, I think your knowledgable (sic) geek meant that C#2.0 resembles Java 1.5. There are no equivalents to VB.NET and ASP.NET in the J2EE world. ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:207904 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Regarding Java and .NET's incestuous ties, and Windows' future
He may be talking about the object model? No, he is not. I suspect he doesn't know what he's talking about. ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:207912 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Regarding Java and .NET's incestuous ties, and Windows' future
On 5/27/05, Vince Bonfanti [EMAIL PROTECTED] wrote: MS's cash reserves have dropped from 60 to 30 billion because they've been giving it their stockholders as dividends, To try to stimulate growth because they have none. How does giving dividends to shareholders stimulate growth? MS shareholders have been clamoring for _years_ to have the share dividend raised. not because they're losing money Thing happen with companies before they start to lose money (as you know) - they are trying like mad to keep it from happening, but a stalled stock is often a sign of bad things to come. And depending on how you look at it, not gaining is losing. Looking at the short term stock price as a gauge of company health is invalid. There are other alternatives for MS. They could just as easily turn into an income trust, for instance. ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:207923 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Regarding Java and .NET's incestuous ties, and Windows' future
On 5/27/05, Vince Bonfanti [EMAIL PROTECTED] wrote: MS's cash reserves have dropped from 60 to 30 billion because they've been giving it their stockholders as dividends, To try to stimulate growth because they have none. How does giving dividends to shareholders stimulate growth? MS shareholders have been clamoring for _years_ to have the share dividend raised. not because they're losing money Thing happen with companies before they start to lose money (as you know) - they are trying like mad to keep it from happening, but a stalled stock is often a sign of bad things to come. And depending on how you look at it, not gaining is losing. Looking at the short term stock price as a gauge of company health is invalid. There are other alternatives for MS. They could just as easily turn into an income trust, for instance. ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:207922 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Regarding Java and .NET's incestuous ties, and Windows' future
You just answered your own question. If you pay more dividends, more people buy the stock, more people buying your stock == higher stock value == growth What you are talking about is stock price appreciation, which is not growth. Growth is stuff like selling more products and increasing revenue. Stock price appreciation can occur for a number of reasons, of which growth is but one. Higher dividends may lead to stock price appreciation due to increased demand of that stock, and solely because of that reason. Why? And what is short term is 3 years too short? Yes. If 3 years is long term, then what's 25 years? ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:207930 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: What makes a programmer look low level
Easy. You find some code they wrote three years ago. Then you find some code they wrote recently. Use brain to determine how much they've learned. - Original Message - From: S. Isaac Dealey [EMAIL PROTECTED] Date: Monday, May 9, 2005 1:32 pm Subject: Re: What makes a programmer look low level How would you spot these in a code sample? :P 1. An unwillingness to learn 2. Believing that they have no room for improvement 3. Blindly following the advice of some so-called Credible Person - Original Message - From: [EMAIL PROTECTED] (Michael Dinowitz) Date: Monday, May 9, 2005 11:25 am Subject: What makes a programmer look low level How about we look at what makes a programmer look low level and work our way up. Two things that come right to mind are: 1. Improper use of pound signs in evaluation zones 2. Improper usage of IF clauses (not using short circuited Boolean evaluation) s. isaac dealey 954.522.6080 new epoch : isn't it time for a change? add features without fixtures with the onTap open source framework http://www.fusiontap.com http://coldfusion.sys-con.com/author/4806Dealey.htm ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:11:2555 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/11 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:11 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.11 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: What makes a programmer look low level
The length of time someone has worked is not necessarily an indicator of their experience level. Even someone who is a recent graduate could have written something in an intership position or (I hope) classes they have taken. Point being, I have never met anyone applying for even the most basic position that has never written a line of code before. Certainly, code samples are not the only way I determine the suitability of a candidate. However, I do find it somewhat enlightening and gives me a bit more information that helps me just that much more in finding the right candidate. In fact, I have gotten code samples from companies (and I have given permission to release code samples for people) written by job candidates. Really, it's not that difficult. As for inconveniencing someone, the onus is on the candidate to make the best impression they can, so I don't really consider it any sort of problem for them. And of course, if they wrote good code to being with, that's great. That why I said that using your brain is somewhat vital in making an accurate assessment. There are some people that just get it from the start, and getting those kinds of people, when it happens, is fantastic. Again, this is my experience with hiring that I'm speaking from. - Original Message - From: Simon Horwith [EMAIL PROTECTED] Date: Monday, May 9, 2005 3:26 pm Subject: Re: What makes a programmer look low level no, it's never difficult to get code samples, but if you ask someone for a code sample that's 3 years old, there's absoutely no way to know that it really is 3 years old. True, you could call their employer or former employer and ask for code or whether or not the code you were given is that old, but that's really inconvenient for the person you call (and most companies aren't going to give you samples of code that they own just because you're interviewing a former employee). My point is that you really end up having to take their word for it so why bother? I'd rather look at the code they write now. I thought we were talking about intro. level developers - I hope that anyone who's been developing with CF considers themselves better than novice level. If not, you probably don't need to bother asking for a code sample, do you? What about developers who's code from right now really doesn't show a drastic improvement from the code they wrote 3 years ago - but their code back then was very good to begin with? That's another thing you have to take into account. Personally, I find looking at code from the past to be an excellent method for gauging your own improvement (and I recommend it), but not a very effective interviewing technique. ~Simon Simon Horwith CIO, AboutWeb - http://www.aboutweb.com Editor-in-Chief, ColdFusion Developers Journal Member of Team Macromedia Macromedia Certified Master Instructor Blog - http://www.horwith.com Kwang Suh wrote: You can ask the applicant, ask a company the applicant has worked for, see if they have any open source projects, etc... I never have problems getting code samples from applicants, even code that's a few years old. Most people are quite proud of what they've worked on, regardless of what someone else thinks of it. - Original Message - From: Simon Horwith [EMAIL PROTECTED] Date: Monday, May 9, 2005 2:06 pm Subject: Re: What makes a programmer look low level I'd love to know how ou find code that an applicant wrote 3 years ago. That's just not a realistic approach to finding the right candidate for a job. Use brain to determine approach to candidate selection ... sorry, I couldn't resist ;) ~Simon Simon Horwith CIO, AboutWeb - http://www.aboutweb.com Editor-in-Chief, ColdFusion Developers Journal Member of Team Macromedia Macromedia Certified Master Instructor Blog - http://www.horwith.com ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:11:2580 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/11 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:11 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.11 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: IIS Web Server Tuning?
Use style=table-layout: fixed along with colgroup and col tags to let IE render the table on the fly. ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:199522 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: CF7 Devnet + serving generated XML?
In CF6.1 devnet edition, you could disable the not-for-production meta tag by using cfcontent type=text/xml, so that you could serve actual cf-made xml to a browser. In the CF7 devnet edition, this no longer seems to work. Anyone know of any workarounds? Kam use cfcontent reset=yes. I haven't tested it in cf7, but it does work in cf6 ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:196021 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Virtual Directories for Websites...follow-up remarks
You mean a different port number for each site under development? e.g http://66.79.46.138:85/DevelopmentSite/Index.cfm ? No, it would look like: http://66.79.46.138:85/Index.cfm Rick -Original Message- From: Kwang Suh [mailto:[EMAIL PROTECTED] Sent: Thursday, February 17, 2005 11:35 AM To: CF-Talk Subject: Re: Virtual Directories for Websites...follow-up remarks You can also use different port numbers. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:195396 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Virtual Directories for Websites...follow-up remarks
You can also use different port numbers. Ok...I've answered my own question with more experimentation... If I used an established site, then I can created virtual directories for development and point clients to http://www.development.com/clientsite/index.cfm Rick -Original Message- From: Rick Faircloth [mailto:[EMAIL PROTECTED] Sent: Thursday, February 17, 2005 12:07 PM To: CF-Talk Subject: Virtual Directories for Websites...follow-up remarks Ok...I see that Virtual Directories work just like I thought they should for websites that have domains pointing to the server already. However, I usually show my clients their websites as they're being developed by using a direct URL, such as http://66.xx.xx.138/cfdocs/website/index.cfm. That keeps it out of the public eye, yet gives the client access during the development process. Is there a way to do the same thing if I'm using directories not under the wwwroot? Perhaps, a main website with virtual subdirectories for the sites under development, such as www.MyMainWebsite.com/WebsiteUnderDevelopment ? I'll try that... Rick -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.8 - Release Date: 2/14/2005 ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:195219 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: CF vs ASP.NET! GET YOUR FRESH POPCORRRRN!!
Let's say I have a website I want to cluster on 10 servers. With CF, that's 10 production licenses at whatever cost you can find CF at. With .NET, it's zero cost, so there can be some additional cost savings. Also, no matter what way you cut it, CF Enterprise is quite expensive. Also, only development licenses are free. QA, staging, and test licenses are not with CF, unfortunately. Regarding the relative costs of the expensive ColdFusion and the free other technologies, I have a statement from a colleague in another organisation, which I'll be posting separately. I told him about a site I'd just about finished in ColdFusion and he told me he was amazed. That I'd done my site in about 70 hours with another 40hours or so to finish it , and he had done a similar site in Free PHP - it had taken two of them (part time) two years to build. Let's assume for the sake of argument that all people working on these sites are costing $50/hour either as paid contractors or as employees including on-costs.I built my site, using expensive ColdFusion for $3500 plus a cold fusion server at perhaps $1200 - total $4700. They built their site using free PHP for (say) two people at 600 hours each - that's $60,000!! But they got the server software for free. Saved a big bunch there by going with the 'free' one didn't they. .Cheers Mike Kear Windsor, NSW, Australia AFP Webworks http://afpwebworks.com .com,.net,.org domains from AUD$20/Year ~| Special thanks to the CF Community Suite Silver Sponsor - CFDynamics http://www.cfdynamics.com Message: http://www.houseoffusion.com/lists.cfm/link=i:4:187397 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: CF vs ASP.NET! GET YOUR FRESH POPCORRRRN!!
One thing that depresses me about the CF community is their incredible defensiveness, even from MM. When .NET came out, and people started to use and understand it better, the Java community did what every CF person should be doing: they learned .NET. And then they deconstructed it. And then they asked themselves: What can we take from .NET to make Java better They realized that JSP was too simple, and that it didn't include enough base functionality. They realized that making custom tags in JSP was too hard. They realized that frameworks like Struts and JSF weren't perhaps the road to go down. They realized that it was too unwieldly to configure and deploy Java servers, and that it brought no real benefits the way they did it. They realized that EJBs were too hard to design, and for no good reason. They realized that in order to keep Java as a first class development platform, they had to fix these problems, and add more features as they went along. Not just one or two cool features that Sun would provide on high as determined by their marketing department, but real things that would matter on a day to day basis from a developer's point of view. One day, I'd like to see the CF community do that. There's a few people out there that do that, and Will's semi-rant is a vent not just at MM, but the people that use CF that seem to want to defend it to the death, and the verocity at chiding people who want to see CF change and improve. I'm curious. I wonder how many people on this list said, before CFMX came out, and before Neo was a twinkle in anyone's eye: CF should be written in Java. I'd say no one. This is not a place for change. ~| Special thanks to the CF Community Suite Silver Sponsor - New Atlanta http://www.newatlanta.com Message: http://www.houseoffusion.com/lists.cfm/link=i:4:187399 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: CF vs ASP.NET! GET YOUR FRESH POPCORRRRN!!
If you need to do something like that you can easily write it in Java and call the java code from a CFML template. Ah yes, the old use Java when CF can't do it crutch. I though the whole point of CF was to make it easy for developers to develop. And everything else is hard/takes longer/is more expensive. So why do I want to use something hard like Java to do something in CF? ~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:187418 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: CF vs ASP.NET! GET YOUR FRESH POPCORRRRN!!
Kwang Suh wrote: Let's say I have a website I want to cluster on 10 servers. With CF, that's 10 production licenses at whatever cost you can find CF at. With .NET, it's zero cost, so there can be some additional cost savings. I'd like to see the total cost break-down for a site that was so large it required 10 clustered servers. Hmm, Macromedia's for one. Not sure if has ten, but there's a quite a few there. Anandtech was running quite a few as well. There's William Sonoma. How about Toys'R'Us before they switched over? Pottery Barn. I doubt the bottom line would move perceptibly if you switched from CF to a free option. Proof? Also, no matter what way you cut it, CF Enterprise is quite expensive. If you're a child at school, a new mountain bike costing $200 is expensive. If you're a student at college, a new car costing $5000 is expensive. If you're a medium sized shipping company, a new truck costing $100,000 is expensive. If you're a multinational shipping company, a new jet costing $10,000,000 is expensive. The numbers may not be spot on, but you get the general idea. Expensive is not an absolute term. It depends on the nature of what you're doing. Yes, and for web development, CF Enterprise is expensive. And apparently every country in the world buys and sells in US$. A multinational shipping company is the only one I'd expect to require 10 clustered CF servers to run their app, and that app would probably be saving them an amount of money that is enormous when compared to the $60,000 one time cost of the CF licenses. Probably? Proof please. And, apparently Macromedia is a multinational shipping company. Also, only development licenses are free. QA, staging, and test licenses are not with CF, unfortunately. Again, whether this is actually expensive to your company depends on the size of your company and what you want to use the app for. Yeah, you're right. I don't need a QA server. Thanks for setting me straight on that. ~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:187421 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: CF vs ASP.NET! GET YOUR FRESH POPCORRRRN!!
Kwang Suh wrote: One thing that depresses me about the CF community is their incredible defensiveness, even from MM. If you only take the opinions from people who have subscribed to a relatively high volume mailing list called CF-Talk you'd be very naive to expect anything else. Would you expect to see a lot of support for a .NET is better than PHP type of post in the PHP mailing lists. I somehow doubt it. Posting questions about the relative merit of .NET vs CF on this list will undoubtedly get you a lot of responses that are skewed towards CF, but you may find a few people who have some balanced opinions and experience to share. Posting a message that tells everyone on the list that they are asleep and that they are deluded if they think CF is better than .NET is bound to ruffle a lot of feathers. When .NET came out, and people started to use and understand it better, the Java community did what every CF person should be doing: they learned .NET. And then they deconstructed it. And then they asked themselves: What can we take from .NET to make Java better Really? I'd not heard that before. Can you point me to some of the sources where you got that information? JCP. There have certainly been changes for the better in the Java and J2EE world, but I'm not convinced that they were as a direct response to . NET. They realized that JSP was too simple, and that it didn't include enough base functionality. They realized that making custom tags in JSP was too hard. They realized that frameworks like Struts and JSF weren't perhaps the road to go down. They realized that it was too unwieldly to configure and deploy Java servers, and that it brought no real benefits the way they did it. They realized that EJBs were too hard to design, and for no good reason. They realized that in order to keep Java as a first class development platform, they had to fix these problems, and add more features as they went along. Not just one or two cool features that Sun would provide on high as determined by their marketing department, but real things that would matter on a day to day basis from a developer's point of view. I'd pretty much agree with the above statements, but I don't think they happened because of .NET. I think they happened because the customers and community were braying like a herd of donkeys that it needed to be improved. One day, I'd like to see the CF community do that. There's a few people out there that do that, and Will's semi-rant is a vent not just at MM, but the people that use CF that seem to want to defend it to the death, and the verocity at chiding people who want to see CF change and improve. What exactly is it that's too simple, hard, unweildy about CFMX that so desperately needs fixing? Who said anything about fixing? I'd like more functionality: I'd like to have cftransaction work across multiple databases. And allowed nested cftransactions. I'd like some other number type beside floating point. I'd like a concept of null type. I'd like to have CFCs have interfaces, constructors, overloaded methods, more obvious variable scoping. I'd like to have at least a collection CFC type. I'd like to have threads. Yes, yes, yes, I've filled out the damn wish form. I'm curious. I wonder how many people on this list said, before CFMX came out, and before Neo was a twinkle in anyone's eye: CF should be written in Java. I'd say no one. This is not a place for change. I know a few people certainly would have said that quite a long time ago. When Neo first became an twinkle in someone's eye is pretty hard to gauge, but back in late 1998 Live Software were working on CF_Anywhere which was the first sign of a CFML execution engine written in Java. In 2000 n-ary were working on TagFusion which later became New Atlanta's BlueDragon. Both of those were before the official Neo announcement at the 2001 DevCon and I know that they were discussed on this list pretty early in their development cycles. Not on this list. Thank you. Besides that, I don't really see what point you're trying to make. Even if no-one on this list suggested that CF should be written in Java, why should that mean that this list is not a place for change? Oh I dunno. Let's see what you've said: No one needs 10 web servers, except for multinational shipping corporations. The opportunity for a company to have a QA server is based not on need and things like good practices, but on how much money they have. Use Java for threading. Everything in CF works properly. I'm not sure how open minded that is. By that reasoning the fact that no-one else (or at least not many) foresaw the popularity of the I-Pod would mean that no-one but Steve Jobs has the foresight for change. Not sure how you jumped
Re: CF vs ASP.NET! GET YOUR FRESH POPCORRRRN!!
I like to give people some credit. If I understand what a null is, I'm sure anyone else can. I'd like this, but I think there are a lot of people out there who do not fully understand what a null is and is not. -- Aaron Rouse http://www.happyhacker.com/ On Mon, 13 Dec 2004 14:21:42 -0400, Kwang Suh [EMAIL PROTECTED] wrote: I'd like a concept of null type ~| Special thanks to the CF Community Suite Silver Sponsor - RUWebby http://www.ruwebby.com Message: http://www.houseoffusion.com/lists.cfm/link=i:4:187435 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: CF vs ASP.NET! GET YOUR FRESH POPCORRRRN!!
Ah yes, the old use Java when CF can't do it crutch. Huh? So suggesting mixing VB.NET and C# to squeeze more power from a .NET app that is what, a crutch? And what about writing straight Java when JSP can't do enough? By design, a .NET app is meant to use any IL conformate language. As well, once a .NET class is compiled, it doesn't really matter what language it's been written in - calling that class is the same. JSPs are merely an abstracted Servlet, so I don't see your point with Java. I do think you have chosen to forget just how limited Java and COM integration is with CF. It's not a panacea. The createObject function is incredibly limited, and cannot be used for some forms of Java object instantiation. I suppose as well then that there's no good reason for CFHTTP to exist. Or CFFTP. I should be using Java for those, right? I don't think it's unreasonable to ask for a thread tag in CF. You might even make some people happy with that. Isn't that what you're trying to do? Fulfill client requirements? Why is a person's request to have threading being used as an example of best tool for the best job, when you're adding the cfdocument tag that spits out PDFs? There's lots of Java libraries out there that do that. They're not even that difficult to use. Sorry, that argument is just plain silly. No single language or tool does it all, nor should it. That's why you get to mix tools and languages and technologies. Correct. But depending on what you are building you may need to step beyond CF. That is not a limitation, it is good design. Why do you think we introduced the ability to extend CF (originally using C/C++) back in CF2 in 1996? I am perfectly aware of the reason: Because your customers asked for it. From C, then COM, then Java, then CORBA, then more Java, then SOAP ... do you see a pattern? I have been saying this for years, and I'll keep saying it, the best CF apps are the ones not written purely in CF, and the most important part of CF development is knowing when not to use CF (heck, I wrote a column on this over 5 years ago!). Well then, I must make awesome CF apps, because I never write pure CF apps. Sometimes I use a database with it! And COM, and Java, and Web Services... Hummm, why do I suspect that those who complain most about CF not scaling are the ones violating this basic concept? Well, I hope you're not talking about me, because I have defended CF's scalability numerous times, and not just on here. My last bitch session about CF perfomance ended when CF5 came out. I'm also a paying customer of the company that pays your bills, and perhaps, if you're going to insinuate something to me, you either say it outright, or provide proof of your statements. I've gotten four companies I work at to either upgrade to the newest CF version at the time or to get CF in the place, so please spare me the rhetoric. The last place I worked at, I got them to purchase 2 CF Enterprise licenses and 15 Devnet subs. I have a few web apps deployed right now in CF, and they work hunky dory, thank you very much. ~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:187442 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: CF vs ASP.NET! GET YOUR FRESH POPCORRRRN!!
Is it safe then to assume that you don't use a QA server for .NET development, or are you somehow doing that without paying for a Windows license? No, it is not. My MSDN subscription allows me to run multiple Windows server for non-production purposes. ~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:187444 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: CF vs ASP.NET! GET YOUR FRESH POPCORRRRN!!
Kwang Suh wrote: I said I'd like to see the total cost break-down for sites like that, not a list of possible candidates. You doubted that there were companies that used numbers of web servers. I have provided you some. Feel free to ask them. Sean has already answered for you. I don't have any. That's why I prefaced my comment with I doubt. It's my opinion, nothing more. Oh, ok. Why do you need CF Enterprise? What my situation is really has no bearing on the market. Suffice it to say there are customers, even on this list, that use and need it. The price of a Windows 2003 server standard license is the same as a CFMX Pro license. The price of a Windows 2003 Enterprise server license is pretty close to the price of a CFMX Enterprise license and that still limits you to 25 CALs. I'd say most people run CF on Windows, so they're paying for the Windows licenses on top of CF license. And apparently every country in the world buys and sells in US$. I'm not sure what you're getting at there. For some of us, US$10K US is a lot of money. Well, we could bat this one back and forth over the net all day. I don't have any proof that it is true and you don't appear to have any proof that it isn't. No, I gave you proof for whatever statements I have made. Feel free to challenge them. ~| Special thanks to the CF Community Suite Silver Sponsor - New Atlanta http://www.newatlanta.com Message: http://www.houseoffusion.com/lists.cfm/link=i:4:187445 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: CF vs ASP.NET! GET YOUR FRESH POPCORRRRN!!
In most languages that support threads, not only can threads be started, they can be paused and stopped. Is that possible using the code that Damon has showed? ~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:187400 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: CF vs ASP.NET! GET YOUR FRESH POPCORRRRN!!
ASP.NET is taking market away from CF! WHY? Are you sure? Do you have numbers for that? Either way, you're probably right, but if so, can you show that it's for any technological reasons other than the gullibility of IT managers when it comes to the Microsoft marketing machine? I'd like you to prove that statement. I suppose that IT managers that use CF aren't gullible, and aren't susceptible to Macromedia's marketing machine. Secondly, would we _want_ ColdFusion to have the same market share as ASP.NET? Macromedia (compared to MS) is a fairly small company. Almost nothing is as dangerous to small companies as over-rapid expansion. They do what they do (provide a great server product to a somewhat niche market), and do it well. If their market share tripled overnight, do you think the company could keep up its standards? Well, yeah, I'd like to see CF have the same market share. Will Blackstone fix the shift that's taking place? I say no! CF is still outrageous to purchase. This is a shortsighted statement. For most purposes, TCO for CF is usually lower. Its development tools are cheaper, and work tends to get done much faster. For any decent company, the price of CF is small potatoes compared to the price of getting an application developed on any platform. Proof please? I can develop apps faster with VS.NET than, say, DW any day of the week, but then again, that's just me, so I'd rather not extrapolate my one experience into the whole world's, which is what everybody else seems to be doing. The licensing for the .NET SDK is free as is the licensing to deploy. To quote a great author, TANSTAAFL - There Ain't No Such Thing As A Free Lunch. .NET is not free as in beer. You don't think the price of your Windows license was built into the price of your server? Seeing as how most people use CF on Windows, this becomes a bit of a non issue. I'm not trying to attack CF here, I'm really not. I'm just trying to wake people up, because I think we've been lulled to sleep by Blackstone. I think I'm pretty well awake - I've been developing for both CF and .NET for a while now, and would like to think that I have more insight into both worlds than most. So do I. Blackstone is not equivalent to .NET in power and performance. Well, that's because comparing CF and .NET is an apples-to-oranges comparison. .NET can be compared to Java, and ASP.NET can be compared to CF. Java is easily as powerful as .NET, if intrinsically more so because of its ability to perform like tasks across multiple platforms. And as any Java programmer will tell you that's worked on cross platform apps, this is not nearly as easy as Sun will lead you to believe. And of course there's Mono. .NET was the best thing to happen to Java. It put Sun in the hot seat, and there's lots of developer push now to simplify Java (EJBs esp.). There was a push before .NET was around, but it's really been amplified seeing as how .NET actually showed that, yes, it was possible to write EJB-like objects without, say, implementing 3 different interfaces for no real reason other than to satisfy the design gods. And there's always been Sun's reluctance on Web Services, which has given us the happy mess that is AXIS. To me, CF is more power in ASP.NET in that it gives developers an easier way to abstract and build n-tiered applications through CFCs, opposed to ASP.NET's forcing classic ASP developers to learn VB.NET or C# in order to build a decently architected application (on a basic level, meaning they don't so SQL in their code-behind). Huh? ASP.NET is more powerful than CF in that it gives developers an easier way to abstract and build n-tiered applications through objects. There we go :) Yeah, maybe it's easy for us to code our simple CFML, and yeah that cfdocument is pretty neat, but there are a few factors making CF'ers like me change hats, and put on the .NET one! Yes, it is very easy to develop applications that do things our clients want in CF, and Macromedia identifies things that are difficult (like generating PDFs) and makes a point of simplifying them in later releases. I do like how ASP.NET will have things like Master Pages, so that I don't have to roll my own layout manager. Both companies do a good job on this, but do have a different focus when it comes what requests they want to satisfy. 2. If you mean platform, why would they? Why abandon using one of the largest and most robust frameworks available (Java)? To get some market share within the Windows world (e.g. places that don't use Java, and don't want to). I'll agree that ASP.NET has some very fresh ideas, but even Microsoft is rolling back on some of them. The code-behind model isn't popular with a lot of 'classic' ASP developers, and we're starting to see support for code-inside and code-beside creep back in. It isn't? I go to weblogs.asp.net every day, and I never see any mention of that. I also
Re: CF vs ASP.NET! GET YOUR FRESH POPCORRRRN!!
Please don't belittle my comments with such an offhand packaged response. Seriously, I'm not belittling you. I've heard that phrase used so many times for so many situations, it's perhaps an indication to MM that they need to build in some more functionality, especially to keep up with the competition. For instance, there was a post here about how slow string concatenation was in CF. Someone suggested using Java's StringBuilder class. Heck, I wouldn't mind if there was a way to create, say, a superstring in CF that would take care of that for you. What's wrong with that? I am try to respond in a reasonable and considered manner. The least you could do is return the courtesy. What is it that makes you think that it is a crutch? As I have already stated in my response to Ben, createObject is not a panacea. On the one hand you're berating CFML for it's lack of vision, and on the other you seem to be claiming that it's somehow cheating to use some of the very powerful things that CFMX makes available to you. Not everything in Java or COM is usable in CFMX. I for one would be horrified if Macromedia decided to expose full thread management in CFML. Thread programming is relatively complex and you can easily tie the server in knots if you aren't careful. Well, so is SQL, but there it is. There are many ways to kill yourself with CF as it is, and I don't think adding thread capabilities is going to have people up in arms. I don't want a product that requires mittens on my hands just in case I happen to type some code that'll blow up the server, as it were. The point is that all the power you need is available to CF as long as you are prepared to accept that some things will need to be done in Java. Macromedia try pretty hard to make sure that those things are edge cases and don't impact the majority of their customers. I don't really consider some of these things edge cases. Poor Will. All he wanted was a better ColdFusion. If they didn't ColdFusion would have disappeared a long time ago. Why? ~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:187448 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Return id after insert
It has nothing to do with threads; rather if there's a trigger on the table, the trigger might result in you getting the incorrect ID. Always use SCOPE_IDENTITY() if you're using SQL Server 2000. Never use triggers if you need to use @@IDENTITY in SQL Server 7. :) ~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:187125 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: SOT: Browser Stats (stirring the pot)
So what if it's open source? What, are you going to modify a Gecko browser to suit your needs? How many people on this list know C++, and know it well enough that they could even attempt to do this? ~| Special thanks to the CF Community Suite Silver Sponsor - New Atlanta http://www.newatlanta.com Message: http://www.houseoffusion.com/lists.cfm/link=i:4:186684 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: SOT: Browser Stats (stirring the pot)
I'm curious. If I were to use XUL to create an app, would that be okay then? Jim Davis wrote: That depends on where your logic lies. In our HTA applications, for example, the presentation is completely decoupled from the middle-ware, but is still IE specific (as only IE supports HTA). Yes, a HTA application would have more than a couple problems running in Firefox. That's too bad, and one day, I assume, this app would have to be ported to a longer-term architecture. Personally, I hold the belief that using HTAs as a base for a business application is flawed from the start. Interesting concept though. I think HTA is perfect for, oh, say, the IE7 project, that script that promises to make IE6 render with web standards. -nathan strutz ~| Special thanks to the CF Community Suite Silver Sponsor - CFDynamics http://www.cfdynamics.com Message: http://www.houseoffusion.com/lists.cfm/link=i:4:186579 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Malicious Code Characters
cfqueryparam... cfqueryparam... htmleditformat... htmleditformat... stop wasting your time... stop wasting your time... How about SQl Injection as well? -Original Message- From: Tangorre, Michael [mailto:[EMAIL PROTECTED] Sent: Thursday, December 02, 2004 12:40 PM To: CF-Talk Subject: Malicious Code Characters Anyone know of a comprehensive list that outlines what to look for in form input and URLs in terms of malicious code and characters? Thanks, Mike ~| Special thanks to the CF Community Suite Silver Sponsor - RUWebby http://www.ruwebby.com Message: http://www.houseoffusion.com/lists.cfm/link=i:4:186017 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: MX Methodologies (Mach2?? Fusebox??)
I've worked on precisely zero web apps that didn't have to have functionality added to it. I've worked on precisely zero web apps that didn't have to have maintenance done to it. This is over the course of 7 years. Everything a developer writes can benefit from OO. Does it make apps more maintainable? Sure. Can it make it worse? Sure. Do I have to use my brain cells to make sure it's more maintainable? Yes. Aww heck. I don't even know why I try here. I've never met so many damn IT people that are so unwilling to even try something new and try to at least have an informed opinion, but instead like to criticize something that doesn't fit into their narrow programming view using the usual lame ad hominem and straw man attacks. (this is not directed at you, Steve). Other than for code re-use, I still don't quite understand why OO is being forced onto a concept that is inherently procedural. Forced is a strong word, but probably accurate given the current environment in development today. As people have said, there are situations where it is useful and others where it is most likely overkill. A good example of overkill is when developing a Mom Pop, Inc. web site to sell watermelon lollipops, or a simple content management system for a small business. However, any major web application of significant complexity (valuate that however you will) should be using OO concepts in some degree. My current assignment has me looking over procedural code that was poorly written in 2000 as bad developers were put into a bad situation. Fast forward to 2004 and this code is now a momumental challenge to maintain and extend. Most modules easily reach 300-500 lines of code (sometimes more) and can accomplish several tasks. Tracking down one bug, even for highly skilled developers, can take an entire workday. It would require 8-12 months for a team of 3 or more developers to repurpose this into a manageable and scalable application. As we have heard, examples like this abound (which I still find amazing these days), and the best thing to focus on is writing clean, simple code that is adequately documented and follows industry best practices. ~| Special thanks to the CF Community Suite Silver Sponsor - CFDynamics http://www.cfdynamics.com Message: http://www.houseoffusion.com/lists.cfm/link=i:4:185713 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Incremental CFCONTENT?
It wouldn't register in the log. It's not an http call. Thanks to all. This is great, and works well. I keep forgetting that cfmx now has jsp/servlet support. Not quite sure if it improves performance all that much, but it makes me feel comfortable that I'm not needlessly CFFILE-reading cached sections of pages into memory before dumping them to the output stream. BTW - do you happen to know whether this books a new http request in IIS web server logs? (not that it is so important, just curious). Thanks again, -dov -Original Message- From: Kwang Suh [mailto:[EMAIL PROTECTED] Sent: Monday, November 29, 2004 5:57 PM To: CF-Talk Subject: Re: Incremental CFCONTENT? It won't try to compile the file if there is no server mapping to the .txt extension. extension? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 ~| Special thanks to the CF Community Suite Silver Sponsor - RUWebby http://www.ruwebby.com Message: http://www.houseoffusion.com/lists.cfm/link=i:4:185731 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: MX Methodologies (Mach2?? Fusebox??)
I don't find MachII in the least bit un-performant. I also have a very large FB4 that runs hunky dory as well. I'd love to see some proof of your claims. I only feel it's my duty to mention that you can still develop CF Apps in a timely menner without the use of FB or MACH II that do utilize proper OO techniques... and that perform better, as well. I don't want to open a can of worms here, but thought I'd point it out. ~Simon Simon Horwith Member of Team Macromedia Macromedia Certified Master Instructor Editor-in-Chief, ColdFusion Developers Journal Blog - http://www.horwith.com Brian Kotek wrote: ~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:185554 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: MX Methodologies (Mach2?? Fusebox??)
I've had to add features to a regular CF app that took me DAYS, because the idiots that made it couldn't code to save their lives. This is how a good willing concept is finally having the oposite result it is intended to. that you can still develop CF Apps in a timely menner without the use of FB or MACH II that do utilize proper OO techniques... and that perform better, as well. Exact, and I would even add that utilises NO OO technique, and it will even be faster to develop, and perform even better. I recently had to add some features in a FB application, it was including more than 100 files and it took me hours to find the one I had to modify to do the job. This is how a good willing concept is finally having the oposite result it is intended to. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:185559 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: MX Methodologies (Mach2?? Fusebox??)
And you have hit upon the true issue: When it comes to CF, almost 100% of the maintanance problems with an app are a result of the people that wrote it. This is actually the case with many modern languages (I'll exempt C++ - it's a major knives and daggers language). Blaming a framework is rather short sighted. As an example, I once worked with someone that loved to name his JavaScript functions x, y and z. When he had more than three functions on a page, he'd name then x1, x2, xx, etc. Lovely. I especially enjoyed when he'd do stuff like: x = x(); y = z(); xx1 = x2(); Now then, is that the fault of JavaScript, or the idiot programmer (I use that word loosely in his case)? Obviously, it was him. To blame the language is disingeneous. Same with blaming certain frameworks. Idiots can make anything hard to change though. We have our own framework here, I hate dealing with it but I also understand the reasonings behind having it. There have been times when I had to go in and resolve something someone else was attempting to do and it took me hours or even days to get the task done and all because idiots were in it prior. -- Aaron Rouse http://www.happyhacker.com/ On Mon, 29 Nov 2004 13:56:37 -0400, Kwang Suh [EMAIL PROTECTED] wrote: I've had to add features to a regular CF app that took me DAYS, because the idiots that made it couldn't code to save their lives. ~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:185586 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: MX Methodologies (Mach2?? Fusebox??)
I haven't written a simple, small web app in about 5 years. I'd love to go back to a simple, page based framework, but fact is, I'd being myself, my fellow programmers and my clients a disservice by doing that. I use Fusebox and MachII because I don't want to write my own framework. I certainly could, and maybe one day I will, but right now I'm too lazy. I'd rather solve business problems than to come up with some way of managing layouts in an app. As with any and all frameworks, there will be some compromise. Having said that, I haven't been truly satisfied with either Fusebox or MachII, and I find that ASP.NET's page controller structure works better than either, and Java with Struts is also quite manageable. Well, everyone is entitled to their opinion, but a good, solid, well-designed object oriented methodology will always beat spaghetti code. Well, everyone is entitled to their opinion, but this is an absurd comparison. Spaghetti code will always be beaten by anything else - it doesn't have to be a well-designed object-oriented methodology; it can simply be a well-structured procedural application. Likewise, the use of an object-oriented methodology doesn't guarantee you won't have obtuse and unmaintainable code. The plain fact is, many web applications are simple enough and small enough not to require anything beyond some defined, application-specific structure and organization. Many well-written web applications are procedural, rather than object-oriented, and CF is the ideal language for writing web applications if you're satisfied with procedural programming. I'm not so sure it's the ideal language for OO web programming. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 ~| Special thanks to the CF Community Suite Silver Sponsor - CFDynamics http://www.cfdynamics.com Message: http://www.houseoffusion.com/lists.cfm/link=i:4:185608 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Incremental CFCONTENT?
Use cfset getPageContext().include(header-static-html.txt) Can I pipe out parts of pages using CFCONTENT? I currently have an cache_to_file tag which I wrote to cache parts of rendered pages to file. Right now I (inefficiently) CFFILE-Read them, then #output# the contents. What I'd like to do is CFCONTENT them directly to the response output stream. Can I pipe them to the output by using CFCONTENT? My goal is to basically CFINCLUDE but i dont want to compile the include file, just pipe it to the browser, and it's part of the renderable page... Thanks! -dov My code would look like this htmlheadbody CFCONTENT file=header-static-html.txt yada yada yada CFCONTENT file=footer-static.txt yada /body/html NOTICE: If received in error, please destroy and notify sender. Sender does not waive confidentiality or privilege, and use is prohibited. ~| Special thanks to the CF Community Suite Silver Sponsor - New Atlanta http://www.newatlanta.com Message: http://www.houseoffusion.com/lists.cfm/link=i:4:185609 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Incremental CFCONTENT?
It won't try to compile the file if there is no server mapping to the .txt extension. Use cfset getPageContext().include(header-static-html.txt) It's my understanding that this will, in fact, execute the page if it is a JSP or CFM file. Is it the case that it will not attempt to execute the page if it isn't mapped to a specific executable file extension? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 ~| Special thanks to the CF Community Suite Silver Sponsor - CFDynamics http://www.cfdynamics.com Message: http://www.houseoffusion.com/lists.cfm/link=i:4:185611 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: process ColdFusion tag written inside a string
Write it to a file, then cfinclude the file. Hi, I would like to process (evaluate) a CF tag that has been written inside a string. For example the string contains: cfset myvar = cfimport other stufff, blah , blah... Then on my display page would like to cfoutput#myvar#/cfoutput and have the cfimport also process. Is this possible without physically writing a page then calling the page? thanks Kevin ~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:185242 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Mach II
That comes up with nothing. At 04:56 PM 11/4/2004, you wrote: Mach-IV? Dan Yeah. It's twice as fast as Mach-II, and roughly 4 times as fast as FuseBox 4. FuseBox uses the FuseDocs standard, which slows it down a little. With Mach-IV, you get true MVC coding, together with smart caching that is done through nested structs. I don't have the site handy, but do a search for Mach 4 structs qry on Google and you'll find it. -- A On Thu, 04 Nov 2004 14:23:40 -0500, Alexander Sherwood [EMAIL PROTECTED] wrote: At 01:39 PM 11/4/2004, you wrote: Count me in!!! We switched to Mach-IV. It's like Mach-II, only twice as fast and a better, more robust plugin architecture. It uses the better, more streamline XSLT2.0 W3C standard. -- A On Thu, 04 Nov 2004 12:51:08 -0400, Kwang Suh [EMAIL PROTECTED] wrote: If people really want it, I'm going to write a very long, detailed tutorial on using Mach-II sometime in December. I wasn't too satified with the amount and quality of documentation out there. I'm curious who is using Mach-II... Documentation and examples seems to be very minimal. ~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:183518 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Mach II
Laurence J Peter once said that against logic there is no armor like ignorance. At 02:28 PM 11/5/2004, you wrote: That comes up with nothing. That's because it's a joke. Mr. Sherwood has posted many variations on this joke in the past. I don't really get it myself, but that could be my own failing. I'm sorry, I just can't help myself. I just find it interesting how a common theme on the list is to debate the minutia of different frameworks while completely loosing the bigger design picture. This specific thread didn't address this issue, but I couldn't help seeing if someone would come to a booming defense of the FuseDoc process. No more Fusbox vs. Mach-II baitingI promise. -- Alex ~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:183533 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Mach II
If people really want it, I'm going to write a very long, detailed tutorial on using Mach-II sometime in December. I wasn't too satified with the amount and quality of documentation out there. I'm curious who is using Mach-II... Documentation and examples seems to be very minimal. ~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:183376 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Mach II
Is it the best a man can get? ;) At 01:39 PM 11/4/2004, you wrote: Count me in!!! We switched to Mach-IV. It's like Mach-II, only twice as fast and a better, more robust plugin architecture. It uses the better, more streamline XSLT2.0 W3C standard. -- A ~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:183400 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Mach II
Okay guys, looks like I'm going to start writing that tutorial. If people really want it, I'm going to write a very long, detailed tutorial on using Mach-II sometime in December. I wasn't too satified with the amount and quality of documentation out there. I'm curious who is using Mach-II... Documentation and examples seems to be very minimal. ~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:183401 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: XML faster?
Consider a scenario where you have 1000 records that are about 500 bytes each. If it's in a database, it's already in a read-optimized format that can be quickly queried and send back only the needed results. With XML, you'd first need to read the WHOLE file (500k+, with tags) from disk, run the read text through CF's XML parser, then run Xpath or something to retrieve the part you need. Use SAX then. Extremely quick. I've used SAX on 20 meg XML files with awesome results. Too bad CF doesn't directly support SAX (yet). ~| Purchase from House of Fusion, a Macromedia Authorized Affiliate and support the CF community. http://www.houseoffusion.com/banners/view.cfm?bannerid=37 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:182861 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: OT: Local MS SQL Server
You can get the Developer Edition of SQL Server 2000 for $49. Fully featured SQL Server, only stipulation is that you can use it only for non-production purposes. I use a local web and cfm server on my dev machine, but I use the MS SQL Server on my hosted account on the internet. Is there a way to install some flavor of MS SQL server onto a Win XP machine for dev purposes? I know that I could install it onto another W2K pc, real or virtual, but I would rather keep it on the same dev machine. Rodger ~| Purchase from House of Fusion, a Macromedia Authorized Affiliate and support the CF community. http://www.houseoffusion.com/banners/view.cfm?bannerid=37 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:182492 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: OT: Local MS SQL Server
No, there is no difference. They work exactly the same, as you are literally getting the same product, just with a different license key. What they may be talking about is the OS they installed it on. Non server OSs will have a limit on the number of simultaneous network connections, which will affect resources that use the network, such as web servers and sql server. I have a question about this... Are there ANY differences between the DEV and the PROD versions or SQL Server 2000? I have heard many people say different things but I cant find anything on Microsoft's site. I have heard that there is a concurrent user limitation. I have heard 5,10 and 15 users; everyone says something different. The reason I ask is to determine if a load test on a dev box would provide accurate results. Thanks, David -Original Message- From: Kwang Suh [mailto:[EMAIL PROTECTED] Sent: Monday, October 25, 2004 10:45 AM To: CF-Talk Subject: Re: OT: Local MS SQL Server You can get the Developer Edition of SQL Server 2000 for $49. Fully featured SQL Server, only stipulation is that you can use it only for non-production purposes. I use a local web and cfm server on my dev machine, but I use the MS SQL Server on my hosted account on the internet. Is there a way to install some flavor of MS SQL server onto a Win XP machine for dev purposes? I know that I could install it onto another W2K pc, real or virtual, but I would rather keep it on the same dev machine. Rodger ~| Purchase from House of Fusion, a Macromedia Authorized Affiliate and support the CF community. http://www.houseoffusion.com/banners/view.cfm?bannerid=36 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:182517 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Calling a dot Net Executable
As in a .exe file? If it's truly an executable, then just use cfexecute. Has anyone placed variables in a dot Net executable from a form? Any help would be appreciated. Dave Clay Trusjoist.com ~| Sams Teach Yourself Regular Expressions in 10 Minutes by Ben Forta http://www.houseoffusion.com/banners/view.cfm?bannerid=40 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:182544 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: OT .NET
Check out www.asp.net and www.windowsforms.net. I'd start with C#. It's very similar to Java syntax, so you'll have a very quick transition to Java. Console apps are _very_ easy to write in .NET, especially if you have the VS IDE (buy the standard edition - it's only ~$100). Heck, I just wrote a Windows Service yeterday, and it's mighty easy with the IDE, or even without. Hi All Sorry for being OT. But could anyone point me to a good resource to learn .NET, from the begining (hopefully skipping console apps). I am interested in Web and Windows apps. Also if anyone could share their thoughts about VB.NET and C# which to learn? Please note that I am not a formal trained programmer. Thanks Mike ~| Purchase from House of Fusion, a Macromedia Authorized Affiliate and support the CF community. http://www.houseoffusion.com/banners/view.cfm?bannerid=38 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:182382 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: CFC for image resize/crop
I've been using Efflare's CFX_Image with fantastic results.It's much faster and consumes way less memory than any other resizer I've tried.As well, image resizing is fantastic with the myriad of algorithms they have. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: Performance
It could most certainly be a bandwidth issue.I actually just did some load testing today which leads me to believe that it's the available bandwidth on our production web server that is the bottleneck, not slow CF performance (in fact, CF was very very fast). One easy thing you can try is to install compression for your web server and then do some simple load testing to see if bandwidth is indeed your problem.Note that it could also be your 100 Mb network card that is the bottleneck. OK, We are having some serious issues with slow page loads and I am not sure if its ColdFusion which is the culprit or if its network setup etc.We have some page stacks which seem to parse, according to Coldfusion debugging in say 1.1 seconds but from the time a user hits the mouse button to the time the page appears it can be upward of 8-15 seconds, in some cases even more. Now CF surely isn't causing this bottleneck as it seems to be parsing sweetly...so question is, could it be the ISP and some crappy network setup etc...? We are running CFMX 6.1, Windows 2000, IIS 5.x.We have 3 load balanced web servers which read code of a central repository file server (which is separate).Now, what on earth is causing the delay in display?!We are noticing a lot of queued requests as far as CF is concerned and we have tweaked and gave CF some JVM enhancements but we are still seeing the lag Uurgh, anyone? N This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant, Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed Business, Registered in England, Number 678540.It contains information which is confidential and may also be privileged.It is for the exclusive use of the intended recipient(s).If you are not the intended recipient(s) please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful.If you have received this communication in error please return it to the sender or call our switchboard on +44 (0) 20 89107910.The opinions expressed within this communication are not necessarily those expressed by Reed Exhibitions. Visit our website at http://www.reedexpo.com [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: OT: SQL null bit
IS NULL would be the correct syntax. Help, I'm going mad. (This is a 2 part question) SQL 2k, CF5.0 I have a db with a column defined as bit and I'd like to change null values to 0. But I can't find a way to select just the null values. SELECT COUNT(*) AS ct2 FROM table GROUP BY sw gives me three separate counts. Fine. But to count (and eventaully update) only where sw = null, I've tried: SELECT sw FROM table WHERE sw = cfqueryparam cfsqltype=cf_sql_bit null=yes WHERE sw != 0 AND sw != 1 WHERE sw 0 All return 0 records found. WHERE sw 1 Returns same as WHERE sw = 0 Second question. When checking directly against a database, date(timestamp) fields can be compared ok. But if I issue the same code against a Q-o-Q, I am getting errors. Is there some trick to Q-o-Q dates? Thanks in advance to any and all [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: Naïve Dual Processor Question
You'll have to run some tests to find out for sure, but it won't be 100% faster, due to processor synchronization overhead. One thing to watch out for, your second processor may not be fully compatible with your current one, so you might have to go through a couple to find one that works.Intel recommends that the processors have the same stepping number, but since your proc is so old, I'd say that might be impossible in your case. Our test server is a lowly Compaq ProLiant 1600 single processor 450 MHZ machine with 512 mb of RAM, which will soon be upgraded to it's max of 1 GB of RAM. The mobo is upgradable to dual processors, and the processors are pretty cheap for such a vintage machine. What kind of performance benefit can I expect from this upgrade in a typical intranet CF project with LOTS of queries? It is likely as simple as more is better, but I would like to understand the relationship if possible! OS is Win2k3 Server. Thanks Tim [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: User to upload to their site
Do you have a character cutoff limit in your datasource defined?If so, that's probably the problem. I agree. FCKEditor is pretty good and works with most browsers. I found a possible restriction in that the string buffer or content you put it is not really unlimited. It may simply be a _javascript_ issue or restrictions with string buffer. To see what I mean, enter large content. even though it states it was successfully updated in the database, it's cut off when u view it. in SQL server, the field is defined as nText type so it should fit. I've reported it to them a couple of weeks ago, but still haven't heard from them. anybody else found this out? [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: ms to no longer supporting msjvm
BD does offer a CF solution in both Java and .NET, so I don't see what the broohaha is all about. As for .NET, Sun would never have bothered with a 1.5 version if it weren't for C#.Competition is good. There are also a lot of Java people that take .NET very seriously as a platform that has brought a lot to the table, and there's now a lot more pressure on Sun to simplify Java. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: CF Scheduled Task and Integrated Windows authentication
Did you try out the User Name and Password fields in the Scheduler? Is there a way to get these to play nicely together?We have created a task to run on our internal server.All our internal websites have the security setting set to Integrated Windows authentication so that we can pull the users ID from the client machines and do fun things with them.The trouble is that when the task runs we get the enclosed error message. When we changed the security of the file to Anonymous access it worked just fine.But that is a bit distasteful for us, but we're not really sure why.So my question is, is there some way to make a Cold Fusion schedule task send the proper headers for Integrated Windows Authentication to work, or is this even necessary, is it ok to allow the scheduled task Anonymous access.How would others handle this? windows-Error You are not authorized to view this page You do not have permission to view this directory or page using the credentials you supplied. Please try the following: Click the Refresh button to try again with different credentials. If you believe you should be able to view this directory or page, please contact the Web site administrator by using the e-mail address or phone number listed on the file:// home page. HTTP 401.2 - Unauthorized: Logon failed due to server configuration Internet Information Services Technical Information (for support personnel) Background: This is usually caused by a server-side script not sending the proper WWW-Authenticate header field. Using Active Server Pages scripting this is done by using the AddHeader method of the Response object to request that the client use a certain authentication method to access the resource. /windows-Error -- Ian Skinner Web Programmer BloodSource www.BloodSource.org Sacramento, CA C code. C code run. Run code run. Please! - Cynthia Dunning Confidentiality Notice:This message including any attachments is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender and delete any copies of this message. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: WDDX error
Do this: input type=hidden value=#htmlEditFormat(wddxQuery1)# name=wddxQuery1 This is the problem: In form1.cfm cfquery ... seelct* form ... /cfquery cfwddx action = "" input = #query1# output = wddxQuery1 input type=hidden value=#wddxQuery1# name=wddxQuery1 On the submit form: cfwddx action = "" input = #form.wddxQuery1# output = wddxQuery1 bombs if the original query some fileds with special characters in them. In my case The query is based on some previous data, entered by the users and I have no control over it. It happnes only very rarely but still when it happens the user cannot continue and they get frustrated Thanks Richard - Original Message - From: Adrian Lynch [EMAIL PROTECTED] Date: Fri, 27 Aug 2004 22:37:21 +0100 Subject: RE: WDDX error To: CF-Talk [EMAIL PROTECTED] Expanding on that, how about looping through the FORM scope before serializing it. cfloop collection=#FORM# item=i cfset FORM[i] = XMLFormat(FORM[i]) /cfloop Ade -Original Message- From: Adam Haskell [mailto:[EMAIL PROTECTED] Sent: 27 August 2004 18:57 To: CF-Talk Subject: Re: WDDX error Ok if you XMlformat the entide WDDX string itd going to escape all the in the WDDX . You could try something like this: wddxstuff = xmlformat(wddxstuff); wddxstuff =replace(wddxstuff ,'','','all'); wddxstuff =replace(wddxstuff ,'','','all'); wddxstuff =replace(wddxstuff ,'','','all'); Problem is if you have something like description 56/description the is still not getting escaped and it will still blow up. Adam H On Fri, 27 Aug 2004 13:38:35 -0400, Richard Strong [EMAIL PROTECTED] wrote: root [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: msSQL management script needed
Not a script, but an app you can try out: http://www.microsoft.com/downloads/details.aspx?FamilyID=c039a798-c57a-419e-acbc-2a332cb7f959DisplayLang=en - Original Message - From: Mystic [EMAIL PROTECTED] Date: Wednesday, April 21, 2004 3:57 pm Subject: msSQL management script needed Greetings, I need some help. I have been searching for a script like phpmyadmin for msSQL. I have had no luck with Google.com, Downloads.com or any other search I have tried. Can anyone direct me to something that will allow me to manage my online msSQL databse? Thank you, Kevin [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: RE: Is it a bug or not a bug?
It wouldn't surprise me if it disappeared again in a future version. It used to be in CF3.x, and was removed in CF4.x. Sure is handy though. - Original Message - From: Mark W. Breneman [EMAIL PROTECTED] Date: Tuesday, April 20, 2004 1:46 pm Subject: RE: Is it a bug or not a bug? I thought I had seen someone on this list, when MX came out, warning everyone to not use it due to it broke a convention (or something like that) and it may not be supported in the future versions due to MM did not officially acknowledge it as a feature.So thus I tried to not use it, but I did find it real handy at times. I guess I should read MM docs and not believe everything I read on thislist. :-) Does this method of mathematical calculations have an official name? Other then performing mathematical calculations between # signs. Mark W. Breneman -Cold Fusion Developer -Network Administrator Vivid Media [EMAIL PROTECTED] www.vividmedia.com 608.270.9770 _ From: Bryan F. Hogan [EMAIL PROTECTED] Sent: Tuesday, April 20, 2004 3:32 PM To: CF-Talk Subject: Re: Is it a bug or not a bug? Yes I'm sure they do. I don't know about good or bad, I really haven't thought about it. It does work. Mark W. Breneman wrote: Does MM officially support performing mathematical calculations between # signs? I was sorta under the impression that this was considered not a good practice. Regardless it is handy. _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: RE: Crashed CF server, rebuilt now getting this error
Try stopping and restarting the ColdFusion Application service.Sometimes CF5 wouldn't pick up custom tags in the default custom tag directory. - Original Message - From: Drechsler, Jennifer [EMAIL PROTECTED] Date: Wednesday, April 14, 2004 5:29 pm Subject: RE: Crashed CF server, rebuilt now getting this error How about this.If I put the custom tag in the folder with the page that uses it, then I can get it to work.But if I list a folder for Custom tags in CF administrator, CF does not recognize that path for the custom tags, and they do not work. Any one know why? Jennifer Drechsler SFPUC, ITS 415.554.3270 -Original Message- From: Drechsler, Jennifer [EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 4:24 PM To: CF-Talk Subject: RE: Crashed CF server, rebuilt now getting this error Yes, I have verified that publicpage is in the custom tag directory. And Yes.They are where they should be in the web root.Still no go. Jennifer Drechsler SFPUC, ITS 415.554.3270 -Original Message- From: Ben Forta [EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 4:07 PM To: CF-Talk Subject: RE: Crashed CF server, rebuilt now getting this error And you did verify that publicpage.cfm is in the Custom Tags directory (or beneath it), and that when you reconstructed the server and put the files back under the web root you also put the custom tag .cfm files in theirdirectory? _ From: Drechsler, Jennifer [EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 7:02 PM To: CF-Talk Subject: Crashed CF server, rebuilt now getting this error We had a Windows 2003 server with a corrupted registry.The server was rebuilt and Cold Fusion 5.0 reinstalled. We are now getting this event viewer error: Reporting queued error: faulting application cfexec.exe, version 5.0.0.0,faulting module unknown, version 0.0.0.0, fault address 0x. Everything seems to be working fine, but none of the custom tags are coming up. We are getting this error on the site: Error Diagnostic Information Cannot find CFML template for custom tag PUBLICPAGE. ColdFusion attemptedlooking in the tree of installed custom tags but did not find a custom tag with this name. The error occurred while processing an element with a general identifier of (CF_PUBLICPAGE), occupying document position (1:1) to (1:56). They are event being recognized, and all the information is set up in the Cold Fusion administrator, which come up just fine.Any ideas? Thanks for the help. Jennifer Drechsler SFPUC, ITS 415.554.3270 _ _ _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: HELP: a browser sniffer test
Mozilla Firefox: Browser: Unknown Version: 0 User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8 Netscape 7.1: Browser: Netscape Version: 7 User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) Opera 7.23: Browser: Unknown Version: 0 User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Opera 7.23 [en] Mozilla 1.6: Browser: Netscape Version: 5 User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 - Original Message - From: Bryan Stevenson [EMAIL PROTECTED] Date: Monday, April 12, 2004 3:25 pm Subject: HELP: a browser sniffer test Hey All, If you have a spare moment can you stop by: http://142.179.101.53/internal/test/cf_brow_test.cfm and report back to me (offlist please) at [EMAIL PROTECTED] with what it spits out for browser and version (and what your browser and version actually are). I'm especially interested in hearing from those NOT using IE4+ and Netscape7+ Please note this does not detect all browsers and versionsbut it is meant to identify those that are not using IE 4+ and Netscape 4+. Basically I'm weeding out any Netscape browser below version 6 and any IE browser below version 4.All other will be identified as an unknown browser and a version of zero (so I can say We don't know what browser you are using but we did not test this site on your browser...proceed at your own risk or get a mainstream browser).If Netscape less than 6 or IE less than 4 is detected we will say...You can't come in and play unless you get out of the 90's ;-) BTW this is not a browser debate...we all know the stats show IE is the hands down winner and various versions of Netscape are next in lineyesFirefox might be cool or Opera is sweet...I just don't care ;-) Cheers and thanks alot for taking a moment! Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder Director www.cfug-vancouverisland.com [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: JRUN Error: No disk in drive A?
Anti-virus software? - Original Message - From: Burns, John D [EMAIL PROTECTED] Date: Wednesday, April 7, 2004 8:20 am Subject: JRUN Error: No disk in drive A? Anyone know why a server wouldn't restart while giving a JRUN error saying there is no disk in Drive A?I remember this coming up before, but since the search is disabled on the archives, I can't seem to find info on it.Any ideas? John Burns [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: browser detection script
If you're looking for something server side, try Browserhawk: http://www.browserhawk.com/ - Original Message - From: Bryan Stevenson [EMAIL PROTECTED] Date: Wednesday, April 7, 2004 3:28 pm Subject: browser detection script Hey All, Does anybody have a rock solid _javascript_ script for browser detection? or a CF code snippet? I'm under the gun and don't really want to re-invent the wheel using this script (it's kind of overkillbut very good): http://webreference.com/tools/browser/_javascript_.html I'm not after anything fancyjust accurate ;-)I essentially want to redirect those with browser we won't be supporting. TIA Cheers Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder Director www.cfug-vancouverisland.com [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Devnet Pro now only $599!
Whoa, just got an email from MM saying that Devnet Pro is now only US$599.That's the deal of a lifetime. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: Video Formats
Any opinions on if 20 Meg files can be uploaded through a web interfacereliably, Yes. and what the best way is to play an mov file would be appreciated. Use a Quicktime server, such as Darwin: http://developer.apple.com/darwin/projects/streaming/ FYI, QT files are generally very large (worse than average compression algorithms). [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: Devnet Pro now only $599!
Blark, it's actually only for renewals.Ah well. - Original Message - From: Irvin Gomez [EMAIL PROTECTED] Date: Tuesday, April 6, 2004 3:18 pm Subject: Re: Devnet Pro now only $599! Mine only said that the DevNet Essentials subscription was discontinued. That would be good news, though... Whoa, just got an email from MM saying that Devnet Pro is now only US$599.That's the deal of a lifetime. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: RE: Popularity of Cold Fusion
Hmm, they seem to use BroadVision. - Original Message - From: Paul Vernon [EMAIL PROTECTED] Date: Friday, April 2, 2004 4:16 am Subject: RE: Popularity of Cold Fusion not sure how reliable the survey is given the statement: Other large enterprises utilising ASP.NET include British target=lhttp://www.bt.com/ Telecom but a visit to bt.com defaults to: http://www.bt.com/index.jsp now that is a very good point! Paul [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: Character conversion with textareas
use htmlEditFormat() e.g. textarea#htmlEditFormat(myData)#/textarea - Original Message - From: Colin Wilson [EMAIL PROTECTED] Date: Tuesday, March 30, 2004 1:52 pm Subject: Character conversion with textareas Hi, I've been having some troubles with conversion of characters. I have a set of forms which allow a user to put in html code and use it to create a web based newsletter. What we have problems with is conversion of the characterswhen it reloads teh code into a textarea box. It was formated as full html code and submitted to the database. When I check the database - all the coding is maintained. but when I go to edit the content using another textarea it converts it to html and causes problemsfrom then on. How can I keep the coding unformatted in the textarea box when editing the item? Thanks Colin Wilson --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.644 / Virus Database: 412 - Release Date: 26/03/2004 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: asp.net...yuk
Can this conversation be moved to cf-community?PLEASE? - Original Message - From: Dan Farmer [EMAIL PROTECTED] Date: Monday, March 29, 2004 3:43 pm Subject: asp.net...yuk It's not an issue of not liking learning new things. The issue is whether or not the new thing you are learning is likeable. And in this case likeable, fun, efficient, suitable, ease of use etc...which in my opinion asp.net fails on most counts for most small to medium web projects... which lucky for me, is where I'm at. __ Daniel Farmer Producer / Coldfusion Developer http://www.bernardclark.com/danfarmer.ca P: 613.284.1684 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: RE: asp.net...yuk
If someone wants to have a reasonable conversation about ASP.NET vs. CF, fine.If someone wants to bash ASP.NET and provide no reasons why it's yukky, well, where's the value in that?How many CF is better insert technology here threads do we need? - Original Message - From: Michael T. Tangorre [EMAIL PROTECTED] Date: Monday, March 29, 2004 4:16 pm Subject: RE: asp.net...yuk CF-COMMUNITY is rarely techie from what I have seen. Lots of conversationsabout politics, news, jokes, etc... I love when people complain about a topic being too non cf-talk and they feel the need to respond, only adding to the total number of threads and replies on the very topic they were initially complaining about! Haha. :-) CF v. .NET seems legit to me on here as long as CF remains part of the discussion; but then again, Mikey D may think otherwise and drop kick this thread into the CF-COMMUNITY. We shall see. I feel as though the more you can learn, the better off you are. Technologychanges so fast and the more tools you have in your box the better. I love CF and it is the right tool for a lot of jobs, just as .NET offers the right tools for a lot of jobs. The thing to remember is that you realy limit yourself if you limit your skills. I say try and learn it all, some things faster than others and some things more in depth than others, but damn, get your feet wet at least... It might just save you that cross country relocation because you can not find a CF job in your area. :-) My 2 cents. Mike This isn't CF-Talk?Sounds like it has all the world to do with CF, and people seem to want to talk about it. While we're at it, what is the difference between CF-Talk and CF-Community?Sounds pretty redundant, which is good in the techie world, but not in the human world Just looking for clarification! [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: RE: asp.net...yuk
There's a mention in Dan's original message about CF?News to me: It's not an issue of not liking learning new things. The issue is whether or not the new thing you are learning is likeable. And in this case likeable, fun, efficient, suitable, ease of use etc...which in my opinion asp.net fails on most counts for most small to medium web projects... which lucky for me, is where I'm at. Where's CF mentioned here? - Original Message - From: Ray Champagne [EMAIL PROTECTED] Date: Monday, March 29, 2004 4:27 pm Subject: RE: asp.net...yuk That is the best answer I have gotten yet. Is the delete button really that hard to operate?I could see the complaint if we were discussing Wil Ferrell's new movie, but this is a slightly OT convo about CF vs. MS. I agree with Dan Ray At 06:24 PM 3/29/2004, Dan Farmer wrote: It's called some people are anal retentive. Probably MS folks. __ Daniel Farmer Producer / Coldfusion Developer http://www.bernardclark.com/danfarmer.ca P: 613.284.1684 From: Michael T. Tangorre [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Subject: RE: asp.net...yuk Date: Mon, 29 Mar 2004 18:16:12 -0500 CF-COMMUNITY is rarely techie from what I have seen. Lots of conversations about politics, news, jokes, etc... I love when people complain about a topic being too non cf- talk and they feel the need to respond, only adding to the total number of threads and replies on the very topic they were initially complaining about! Haha. :-) CF v. .NET seems legit to me on here as long as CF remains part of the discussion; but then again, Mikey D may think otherwise and drop kick this thread into the CF-COMMUNITY. We shall see. I feel as though the more you can learn, the better off you are. Technology changes so fast and the more tools you have in your box the better. I love CF and it is the right tool for a lot of jobs, just as .NET offers the right tools for a lot of jobs. The thing to remember is that you realy limit yourself if you limit your skills. I say try and learn it all, some things faster than others and some things more in depth than others, but damn, get your feet wet at least... It might just save you that cross country relocation because you can not find a CF job in your area. :-) My 2 cents. Mike This isn't CF-Talk?Sounds like it has all the world to do with CF, and people seem to want to talk about it. While we're at it, what is the difference between CF-Talk and CF-Community?Sounds pretty redundant, which is good in the techie world, but not in the human world Just looking for clarification! [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: RE: asp.net...yuk
Then don't insult people on the list. - Original Message - From: Dan Farmer [EMAIL PROTECTED] Date: Monday, March 29, 2004 4:37 pm Subject: Re: RE: asp.net...yuk Hey Kwang, you've had a pickle up your butt for about three months now... why not settle down and just enjoy the list instead? __ Daniel Farmer Producer / Coldfusion Developer http://www.bernardclark.com/danfarmer.ca P: 613.284.1684 From: Kwang Suh [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Subject: Re: RE: asp.net...yuk Date: Mon, 29 Mar 2004 16:25:44 -0700 If someone wants to have a reasonable conversation about ASP.NET vs. CF, fine.If someone wants to bash ASP.NET and provide no reasons why it's yukky, well, where's the value in that?How many CF is better insert technology here threads do we need? - Original Message - From: Michael T. Tangorre [EMAIL PROTECTED] Date: Monday, March 29, 2004 4:16 pm Subject: RE: asp.net...yuk CF-COMMUNITY is rarely techie from what I have seen. Lots of conversationsabout politics, news, jokes, etc... I love when people complain about a topic being too non cf-talk and they feel the need to respond, only adding to the total number of threads and replies on the very topic they were initially complaining about! Haha. :-) CF v. .NET seems legit to me on here as long as CF remains part of the discussion; but then again, Mikey D may think otherwise and drop kick this thread into the CF-COMMUNITY. We shall see. I feel as though the more you can learn, the better off you are. Technologychanges so fast and the more tools you have in your box the better. I love CF and it is the right tool for a lot of jobs, just as .NET offers the right tools for a lot of jobs. The thing to remember is that you realy limit yourself if you limit your skills. I say try and learn it all, some things faster than others and some things more in depth than others, but damn, get your feet wet at least... It might just save you that cross country relocation because you can not find a CF job in your area. :-) My 2 cents. Mike This isn't CF-Talk?Sounds like it has all the world to do with CF, and people seem to want to talk about it. While we're at it, what is the difference between CF-Talk and CF-Community?Sounds pretty redundant, which is good in the techie world, but not in the human world Just looking for clarification! [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: Securing CF Apps.
Yes. All URL and FORM variables should be encypted. This is beyond silly. Especially if you are using a fusebox methodology. Using or not using Fusebox has nothing to do with the situation. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: Securing CF Apps.
This is incorrect.Using cfquery in conjunction with cfqueryparam correctly is perfectly fine. - Original Message - From: Adrocknaphobia [EMAIL PROTECTED] Date: Tuesday, March 23, 2004 9:22 am Subject: Re:Securing CF Apps. Yes, but you shouldnt put SQL code in your CFM pages! cfquery != secure code -adam -Original Message- From: Matt Robertson [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 03:59 PM To: 'CF-Talk' Subject: RE: Securing CF Apps. Does anybody use the CFQUERYPARAM tag I think a LOT of us here do.If you need to take a first step, make using cfqueryparam it (and I suppose next encrypt your url parms?) Matt Robertson [EMAIL PROTECTED] MSB Designs, Inc.http://mysecretbase.com [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: Securing CF Apps.
There is nothing inherently wrong with letting users see fuseaction names. And to use a very weak form of encryption that makes you think that you're somehow safe against attacks is an extremely bad situation to be in. - Original Message - From: Adrocknaphobia [EMAIL PROTECTED] Date: Tuesday, March 23, 2004 9:24 am Subject: Re:Securing CF Apps. Point being, if you want a secure app, don't let users see your fuseaction names. -adam -Original Message- From: Kwang Suh [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 04:14 PM To: 'CF-Talk' Subject: Re:Securing CF Apps. Yes. All URL and FORM variables should be encypted. This is beyond silly. Especially if you are using a fusebox methodology. Using or not using Fusebox has nothing to do with the situation. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: RE: Securing CF Apps.
Unfortunately, this is not one of Ben's better articles, and I think that people are drawing the wrong conclusions from the article. He's not saying to never bother with DB portability, but instead he's saying that to look at your requirements, and to determine whether or not portability is required before automatically assuming it is. Quote from the article: Of course, there is one exception to this. If you were to write an application that needed to be used with multiple DBMSs (commercial software, or applications distributed to other users) then portability is an obvious immediate concern. - Original Message - From: Kazmierczak, Kevin [EMAIL PROTECTED] Date: Tuesday, March 23, 2004 9:39 am Subject: RE: Securing CF Apps. I agree that Ben's article explains this very nicely.Not sure if thislink works or not: http://www.sys-con.com/coldfusion/article.cfm?id=705 Kevin. _ From: Adrocknaphobia [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 11:36 AM To: CF-Talk Subject: Re: Securing CF Apps. the user/roles are in tables, they are just system tables. look, i dont want to get into the debate about coding for portability when it comes to dbs. you should def check out bens article on that one, as it was well written and he pretty much showed that there is so littlein common between databases that its pretty much impossible, and an incredible waste of time. -adam -Original Message- From: Tangorre, Michael [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 04:28 PM To: 'CF-Talk' Subject: RE: Securing CF Apps. if you caught Ben's article in cfdj a month or two ago, he talks about how you shouldnt be too concerned with portability between databases. Afterall you'll be rewriting all your stored procedures anyway, so reliance on the user's table isn't the breaking point of portability. You may be rewriting your stored procedures but you may also find yourself reworking your schema as well, not too mention the code that will be affected. I can see having different user/passes for select, insert, update, and delete ROLES but I prefer to keep my application roles and permissions in tables. I guess to each his own method.. No one is right or wrong,just a preference thing. sides, how often does a shop really switch between SQL and Oracle? Not often but it happens. Mike _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: RE: Securing CF Apps.
What exactly are you doing in your application that demands wimpy ecryption? And what do you when the hardcore hacker hits your site? Sounds to me that people do silly, potentially harmful things like url encryption simply because they don't properly consider data input, output and transfer and then make themselves feel better by saying that it deters casual hackers, whatever the hell that means. - Original Message - From: Kazmierczak, Kevin [EMAIL PROTECTED] Date: Tuesday, March 23, 2004 9:49 am Subject: RE: Securing CF Apps. Yeah I agree encrypting all variables is a bit much, but encrypting some of them might be enough to make the casual hacker move on to a differentserver without encrypted variables.If that person really wanted to decrypt those variables, they could.The most important thing to do is to make sure data is validated before you do anything with it. Kevin _ From: Kwang Suh [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 11:39 AM To: CF-Talk Subject: Re: Securing CF Apps. There is nothing inherently wrong with letting users see fuseaction names. And to use a very weak form of encryption that makes you think that you're somehow safe against attacks is an extremely bad situation to be in. - Original Message - From: Adrocknaphobia [EMAIL PROTECTED] Date: Tuesday, March 23, 2004 9:24 am Subject: Re:Securing CF Apps. Point being, if you want a secure app, don't let users see your fuseaction names. -adam -Original Message- From: Kwang Suh [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 04:14 PM To: 'CF-Talk' Subject: Re:Securing CF Apps. Yes. All URL and FORM variables should be encypted. This is beyond silly. Especially if you are using a fusebox methodology. Using or not using Fusebox has nothing to do with the situation. _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: RE: Securing CF Apps.
If only they encrypted their URL variables.That would've fixed it. - Original Message - From: Tangorre, Michael [EMAIL PROTECTED] Date: Tuesday, March 23, 2004 9:54 am Subject: RE: Securing CF Apps. Nice! Error Occurred While Processing Request Element PUB_JDJ is undefined in APPLICATION. The error occurred in E:\Inetpub\wwwroot\content\roundup.cfm: line 110 Called from E:\Inetpub\wwwroot\coldfusion\cffooter.cfm: line 23 Called from E:\Inetpub\wwwroot\coldfusion\article.cfm: line 302 108 : cfoutput/cfoutput 109 : http://www.sys-con.com/java class=headbJava 110 :cfmodule template=/sc/pub_overview.cfm pub_id=#application.pub_jdj# catids=677 datasource=#application.datasource_syscon# 111 : /td/tr/table 112 : hr color=efefef [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: Securing CF Apps.
My issue with cfquery is that you are exposing your db design. It's alot harder to hack a db is you dont know the table and column names. huh? As for encrypting the fuseaction, the question is why not? Because it's useless. Let's think this through: I have a fuseaction called products.list It encrypts to wafiawjfw I type in wafiawjfw in the url. It lists the products. Where's the security? Users can start throwing errors by trying different fuseaction calls. Which in turn could expose too much info if you dont have a site wide error handler. Let me get this straight.I should waste time encrypting urls, and yet be stupid enough not to have an error handler. Let's think this one through: I type in wiejfiawefijwf, which doesn't decrypt properly. The site then throws an error, and since I don't have a site wide error handler, it exposes a whole bunch of information. Where's the security? The topic of this thread is securing cf apps. Although it may not be 100% necessary, it sure doesn't hurt. It doesn't help either. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: RE: Securing CF Apps.
Why would you ever do this?
BTW, are you ever going to change the admin password from admin?
- Original Message -
From: Tony Weeg [EMAIL PROTECTED]
Date: Tuesday, March 23, 2004 10:52 am
Subject: RE: Securing CF Apps.
here is a snippet that I use in my application.cfm files to
prevent cf tags
in form fields...
I think the webrat made this...good idea nonetheless.
!--- This section protects against FORM Hacks in which a user (if
they knew
coldfusion) could set session variables
by typing in coldfusion in a field value and submitting it to the
server for
evaluation. ~Todd R ---
!--- ANTI HACKER ---!--- ANTI HACKER ---!--- ANTI HACKER ---
!--- ANTI
HACKER ---!--- ANTI HACKER ---
cfif isDefined(FORM) and IsStruct(FORM) and StructCount(FORM)
GT 0
cfloop collection=#FORM# item=y
cfset checkHackAgainst = evaluate(y)
cfif checkHackAgainst contains CF
cflocation url="">
addtoken=No
/cfif
/cfloop
/cfif
!--- ANTI HACKER ---!--- ANTI HACKER ---!--- ANTI HACKER ---
!--- ANTI
HACKER ---!--- ANTI HACKER ---
-Original Message-
From: Burns, John D [EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 12:47 PM
To: CF-Talk
Subject: RE: RE: Securing CF Apps.
My personal opinion is that your app should be smart enough not to let
people pass SQL commands in the URL.I would imagine that
everyone knows
that much.
I think some of the suggestions that have come out were just
mentioning what
could be done to help prevent a lot of trouble if people somehow
get access
to the code by compromising the server.That was Adam's thing
about using
Stored Procedures.Then if someone somehow downloaded all of your
code,they couldn't figure out your database structure by looking
through your
CFQUERY calls.I think he would agree that it's still not 100%
secure by
any means but it does solve that particular problem for people
figure out
your schema by seeing your queries.
The other suggestion that I would make is that on pages where
you're doing
some kind of database manipulation queries based on form or url
variables to
do a check to make sure that the request is coming from the same
domain or
have a list of acceptable domains if you're expecting posts from other
domains. That can help to prevent hackers from posting to your
pages unless
somehow they can execute the code from your server, in which case,
you have
some other problems that you need to address.
My 2 cents,
John
-Original Message-
From: Kazmierczak, Kevin [EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 12:40 PM
To: CF-Talk
Subject: RE: RE: Securing CF Apps.
I agree that data validation is the most important thing you can do.
But if you have information that you don't want a user messing
around with
that happens to be in a form or url, it doesn't seem like there
isn't any
harm in weakly encrypting it.For example, this might deter my
grandma from
inserting drop table SQL commands in the url.
If a hardcore hacker hits your site, you look for the most recent
backup;)
Kevin
_____
From: Kwang Suh [EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 11:59 AM
To: CF-Talk
Subject: Re: RE: Securing CF Apps.
What exactly are you doing in your application that demands wimpy
ecryption?
And what do you when the hardcore hacker hits your site?
Sounds to me that people do silly, potentially harmful things like url
encryption simply because they don't properly consider data input,
outputand transfer and then make themselves feel better by saying
that it deters
casual hackers, whatever the hell that means.
- Original Message -
From: Kazmierczak, Kevin [EMAIL PROTECTED]
Date: Tuesday, March 23, 2004 9:49 am
Subject: RE: Securing CF Apps.
Yeah I agree encrypting all variables is a bit much, but
encrypting
some of them might be enough to make the casual hacker move on
to a
differentserver without encrypted variables.If that person
really
wanted to decrypt those variables, they could.The most
important
thing to do is to make sure data is validated before you do
anything
with it.
Kevin
_
From: Kwang Suh [EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 11:39 AM
To: CF-Talk
Subject: Re: Securing CF Apps.
There is nothing inherently wrong with letting users see
fuseaction
names.
And to use a very weak form of encryption that makes you think
that
you're somehow safe against attacks is an extremely bad
situation to
be in.
- Original Message -
From: Adrocknaphobia [EMAIL PROTECTED]
Date: Tuesday, March 23, 2004 9:24 am
Subject: Re:Securing CF Apps.
Point being, if you want a secure app, don't let users see
your
fuseaction names.
-adam
-Original Message-----
From: Kwang Suh [EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 04:14 PM
To: 'CF-Talk'
Subject: Re:Sec
RE: Securing CF Apps.
No.Why? - Original Message - From: Paul Vernon [EMAIL PROTECTED] Date: Tuesday, March 23, 2004 11:05 am Subject: RE: RE: Securing CF Apps. BTW, are you ever going to change the admin password from admin? Now that is going a little too far! Don't you think you should have done that OFF LIST? Paul [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: Securing CF Apps.
well if you don't encrypt it, i can try to figure out different fuseactions you may have. like products.admin. a user can't do that if you encrypt it. I hope to gawd that you have some sort of security that actually authenticates users and their actions. as for cfquery... See Matt's response. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: RE: Securing CF Apps.
1. If your properly encrypting the url your going to change your seed (key) every request.That way it is different every time What possible value does this bring? 2. By using plain text variable names your going to give the potential intruder a decent insight into your application design, and this will give them the ability to make educated guesses as to your other circuit names. So? 3. The objection to using cfquery is multifaceted.There is the risk of SQL injection if your not doing the correct validation.If your errors are not being handled correctly you can give away table and column names in the error message. So don't you think it's more important to handle errors properly than say don't ever use cfquery? Also should someone gain access to your file system they can build a pretty complete picture of your database from the queries. You can't do this when all you are using is Stored Procedures, especially if your variable names don't match your column names.Throw in views and you can obscure it even more. You've got bigger problems should someone gain access to your file system. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: RE: RE: Securing CF Apps.
If my user.login is encrypted one time as kjdfljsldfland the user comes back and types in kjdfljsldfl they don't get taken to that circuit, because it's different this time. This would not be acceptable in many situations, because it prevents bookmarking and renders search engines useless. 3. The objection to using cfquery is multifaceted.There is the risk of SQL injection if your not doing the correct validation.If your errors are not being handled correctly you can give away table and column names in the error message. So don't you think it's more important to handle errors properly than say don't ever use cfquery? I think that with all the benefits of procedures, if you have them available, you're a fool not to use them, and not just because of the enhanced security.Obviously proper error handling is important AS WELL. This is not an either/or argument, rather a complimentary one. What's wrong with: cfquery exec my_stored_proc /cfquery ? 2. By using plain text variable names your going to give the potential intruder a decent insight into your application design, and this will give them the ability to make educated guesses as to your other circuit names. So? So by understanding the structure of an application, you can then begin to analyze it's weaknesses.In the environment in which I work we want to give them as little as possible to go on. You've got bigger problems should someone gain access to your file system. Is that so??I disagree.If someone gains access to my web server they have nothing.Now my db which is on the other side of a firewall, and only accepts connections from specific ips, if they got in that it could become problematic.Why?Because there are no user names or passwords stored on my web server.There is no way to open a direct connection into my db without having a user account on the db.Your rights and roles are also stored in that db, not in the application, and so you would not really get anything other than images and source code.You don't even get the code of the procedure calls, and so you are still blind to the schema of my db. If I have complete access to your file system, this means that I can, say, create a file that monitors tcp/ip traffic between your web server and db server and sends the packets over to me where I can then scan for your password.Or I could simply delete everything on the web server. Kwang, again, this is a layered approach to security.No one thing is going to protect you from everything.You just continue to lock down things in order to mitigate risk.You can never be without risk, and anyone who thinks they have completely secured their site deserves to be attacked.Listen man.You do whatever you feel comfortable doing. No more, no less. But moving towards my CISSP and GSEC, having been a cyber threat analyst for the last two years, and soon to be managing a federal CERT, I can tell you this, there is always going to be some new exploit. It's going to be something you didn't think of.But that zero day exploit isn't going to be the one that does all the crazy damage.It's going to be some known vulnerability that you could have prevented from putting your system at risk. (slammer, blaster etc.)By duplication of your efforts, by overlapping your protection you're trying to create a shell around yourapplication and it's data. If what you're building is that important to secure, I recommend that you never ever make it available on the public internet. Obscurity is just one more tool you can use to do that. I used to work with a security/cryptology expert.His #1 rule: Never, ever use obfuscation. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Securing CF Apps.
Munging URLs provides a little, if any, benefit for web apps. - Original Message - From: Heald, Tim [EMAIL PROTECTED] Date: Tuesday, March 23, 2004 1:34 pm Subject: RE: Securing CF Apps. Good post man, and your right, for the most part the applications I am talking about are not available over the internet, or only through VPN or other methods. Like I said earlier, for public sites you are going to use very differentresources than you will use on a closed/classified application. However the topic was securing CF apps.Not sites :)it can be difficultfor some to differentiate between an application and a site. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s).Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Ian Skinner [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 3:19 PM To: CF-Talk Subject: RE: Securing CF Apps. I see this as a sliding scale, security vs user experience. There's the general public website where the the owners want as much exposure as possible.For this type of application you may not want security to the nth degree.As was just posted, allowing the user to bookmark pages and/or directly type url's is desirable for the purpose of that application. On the other hand, there are applications where this is undesirable.I suspect that applications Tim is writing are even available to the generalpublic at all, and if you are even seeing the page in a browser if you are not supposed to be, you have hacked through several layers of security already. We write applications somewhat in the middle.There are parts of our data that we DO NOT WANT to exposed to any more risk then we can, very sensitiveHIPPA data.We are taking at least a year to thoroughly test our first application that will allow a very limited access to users to their personal data directly through the internet. So it all comes down to the analysis that has been mentioned.You need to decided on the purpose of the application, what are it's security needs and build to that level. My .02, keep the change. -- Ian Skinner Web Programmer BloodSource www.BloodSource.org Sacramento, CA C code. C code run. Run code run. Please! - Cynthia Dunning _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: RE: RE: Securing CF Apps.
I'd say something like Amazon.com is an application, and boy, would I ever hate it if I couldn't bookmark a link to a book.Or their wish lists.That's not a site. Some parts of an application can be public facing, you know. How about Web Services?Are those an application?Well, I can sure tell you they're not a site.Should I be obfuscating those links too?That sure would suck. - Original Message - From: Adrocknaphobia [EMAIL PROTECTED] Date: Tuesday, March 23, 2004 1:43 pm Subject: Re:RE: RE: Securing CF Apps. You do realize we are talking about applications and not websites. There is a big difference, and I've never once found it a good idea for a user to bookmark a part of application. -adam -Original Message- From: Kwang Suh [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 07:55 PM To: 'CF-Talk' Subject: Re: RE: RE: Securing CF Apps. If my user.login is encrypted one time as kjdfljsldfland the user comes back and types in kjdfljsldfl they don't get taken to that circuit, because it's different this time. This would not be acceptable in many situations, because it prevents bookmarking and renders search engines useless. 3. The objection to using cfquery is multifaceted.There is the risk of SQL injection if your not doing the correct validation.If your errors are not being handled correctly you can give away table and column names in the error message. So don't you think it's more important to handle errors properly than say don't ever use cfquery? I think that with all the benefits of procedures, if you have them available, you're a fool not to use them, and not just because of the enhanced security.Obviously proper error handling is important AS WELL. This is not an either/or argument, rather a complimentary one. What's wrong with: cfquery exec my_stored_proc /cfquery ? 2. By using plain text variable names your going to give the potential intruder a decent insight into your application design, and this will give them the ability to make educated guesses as to your other circuit names. So? So by understanding the structure of an application, you can then begin to analyze it's weaknesses.In the environment in which I work we want to give them as little as possible to go on. You've got bigger problems should someone gain access to your file system. Is that so??I disagree.If someone gains access to my web server they have nothing.Now my db which is on the other side of a firewall, and only accepts connections from specific ips, if they got in that it could become problematic.Why?Because there are no user names or passwords stored on my web server.There is no way to open a direct connection into my db without having a user account on the db.Your rights and roles are also stored in that db, not in the application, and so you would not really get anything other than images and source code.You don't even get the code of the procedure calls, and so you are still blind to the schema of my db. If I have complete access to your file system, this means that I can, say, create a file that monitors tcp/ip traffic between your web server and db server and sends the packets over to me where I can then scan for your password.Or I could simply delete everything on the web server. Kwang, again, this is a layered approach to security.No one thing is going to protect you from everything.You just continue to lock down things in order to mitigate risk.You can never be without risk, and anyone who thinks they have completely secured their site deserves to be attacked.Listen man.You do whatever you feel comfortable doing. No more, no less. But moving towards my CISSP and GSEC, having been a cyber threat analyst for the last two years, and soon to be managing a federal CERT, I can tell you this, there is always going to be some new exploit. It's going to be something you didn't think of.But that zero day exploit isn't going to be the one that does all the crazy damage.It's going to be some known vulnerability that you could have prevented from putting your system at risk. (slammer, blaster etc.)By duplication of your efforts, by overlapping your protection you're trying to create a shell around yourapplication and it's data. If what you're building is that important to secure, I recommend that you never ever make it available on the public internet. Obscurity is just one more tool you can use to do that. I used to work with a security/cryptology expert.His #1 rule: Never, ever use obfuscation. [Todays Threads] [This Message] [Subscription
RE: Securing CF Apps.
There are different controls that you would use for different purposes.Obviously an ecommerce SITE (which is what Amazon is) needs users to be able to return to a specific product. Pure semantics.I'm sure those guys at Amazon would beg to differ with you. Web services security is very different from either public site or application security.You're comparing apples and oranges. Hardly.Web services are an internet-based resource that may or may not be protected. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: Image Tag
Take a look here for some more image resources that might be easier for you to use: http://www.bpurcell.org/viewcontent.cfm?contentID=126 I've been using Ben's cfc with good results: http://www.benorama.com/coldfusion/components/imaging.htm - Original Message - From: brobborb [EMAIL PROTECTED] Date: Tuesday, March 23, 2004 2:21 pm Subject: Re: Image Tag Hey John.TO me, the documentation for running imaggmahick through command line is horrible.I just can't get the syntax right, except for one or 2 commands.I wish it was better documented, or they showed a real world example.Or maybe I'm just stupid! haha - Original Message - From: Burns, John D To: CF-Talk Sent: Tuesday, March 23, 2004 11:20 AM Subject: RE: Image Tag Imagemagick is really good too, but it requires the installation of the imagemagick program on the server and then you can use the magicktag to access it though.Pretty nice. John -Original Message- From: Critter [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 12:19 PM To: CF-Talk Subject: Re: Image Tag Hello Neal, efflare.com Tuesday, March 23, 2004, 12:02:37 PM, you wrote: BN Hello all, BN I lost me link to a site that had a few types of Image manipulationtags. BN The tags or whatever could crop, resize, sharpen and a ton of other things. BN I can't seem to Google it either. I was hoping you guys would know. BN I think the creator is on this list too. The site was dark redish BN with several examples. BN Its drive me crazy... I seem to remember it being called farcy, BN firefly, freakout I dunno it was something like that. BN Thanks, BN Neal Bailey BN Internet Marketing Manager BN E-mail:') [EMAIL PROTECTED] [EMAIL PROTECTED] BN [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Securing CF Apps.
How about the wish lists, recommendations, gold box, trivia, product ratings, product reviews, etc? I'd say that's an application.Just because I don't have to go through some authentication process doesn't mean I'm browsing a site. - Original Message - From: Barney Boisvert [EMAIL PROTECTED] Date: Tuesday, March 23, 2004 2:05 pm Subject: RE: RE: RE: Securing CF Apps. Amazon.com is primarily a web site, the backend where the staff manageseverything is an application.Web sites let anonymous users browse content, while web applications let authenticated users perform actions that affect other users/visitors. The only part of amazon.com that is an application (of the stuff you can see) is the checkout process, and you can't bookmark one of those pages.Well, you can, but when you come back, you'll get a message that says you need to start over or something like that, with a link back to the web site portion. Cheers, barneyb -Original Message- From: Kwang Suh [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 12:51 PM To: CF-Talk Subject: Re: RE: RE: Securing CF Apps. I'd say something like Amazon.com is an application, and boy, would I ever hate it if I couldn't bookmark a link to a book. Or their wish lists.That's not a site. Some parts of an application can be public facing, you know. How about Web Services?Are those an application?Well, I can sure tell you they're not a site.Should I be obfuscating those links too?That sure would suck. - Original Message - From: Adrocknaphobia [EMAIL PROTECTED] Date: Tuesday, March 23, 2004 1:43 pm Subject: Re:RE: RE: Securing CF Apps. You do realize we are talking about applications and not websites. There is a big difference, and I've never once found it a good idea for a user to bookmark a part of application. -adam -Original Message- From: Kwang Suh [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 07:55 PM To: 'CF-Talk' Subject: Re: RE: RE: Securing CF Apps. If my user.login is encrypted one time as kjdfljsldfland the user comes back and types in kjdfljsldfl they don't get taken to that circuit, because it's different this time. This would not be acceptable in many situations, because it prevents bookmarking and renders search engines useless. 3. The objection to using cfquery is multifaceted. There is the risk of SQL injection if your not doing the correct validation.If your errors are not being handled correctly you can give away table and column names in the error message. So don't you think it's more important to handle errors properly than say don't ever use cfquery? I think that with all the benefits of procedures, if you have them available, you're a fool not to use them, and not just because of the enhanced security.Obviously proper error handling is important AS WELL. This is not an either/or argument, rather a complimentary one. What's wrong with: cfquery exec my_stored_proc /cfquery ? 2. By using plain text variable names your going to give the potential intruder a decent insight into your application design, and this will give them the ability to make educated guesses as to your other circuit names. So? So by understanding the structure of an application, you can then begin to analyze it's weaknesses.In the environment in which I work we want to give them as little as possible to go on. You've got bigger problems should someone gain access to your file system. Is that so??I disagree.If someone gains access to my web server they have nothing.Now my db which is on the other side of a firewall, and only accepts connections from specific ips, if they got in that it could become problematic.Why?Because there are no user names or passwords stored on my web server.There is no way to open a direct connection into my db without having a user account on the db.Your rights and roles are also stored in that db, not in the application, and so you would not really get anything other than images and source code.You don't even get the code of the procedure calls, and so you are still blind to the schema of my db. If I have complete access to your file system, this means that I can, say, create a file that monitors tcp/ip traffic between your web server and db server and sends the packets over to me where I can then scan for your password.Or I could simply delete everything on the web
Re: Securing CF Apps.
Sure, why don't you tell me what makes Amazon a site, and not an application. *yawn* - Original Message - From: Adrocknaphobia [EMAIL PROTECTED] Date: Tuesday, March 23, 2004 2:37 pm Subject: Re:Securing CF Apps. Like you said Tim, some people have a hard time distinguishing between an application and a site. -adam -Original Message- From: Kwang Suh [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 09:16 PM To: 'CF-Talk' Subject: RE: Securing CF Apps. There are different controls that you would use for different purposes.Obviously an ecommerce SITE (which is what Amazon is) needs users to be able to return to a specific product. Pure semantics.I'm sure those guys at Amazon would beg to differ with you. Web services security is very different from either public site or application security.You're comparing apples and oranges. Hardly.Web services are an internet-based resource that may or may not be protected. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: Securing CF Apps.
This is precisely why my security co-worker was so adament against obfuscation: absolutely no one can agree on its usage and usefulness. - Original Message - From: Jochem van Dieten [EMAIL PROTECTED] Date: Tuesday, March 23, 2004 2:53 pm Subject: Re: Securing CF Apps. Dave Watts wrote: I used to work with a security/cryptology expert. His #1 rule: Never, ever use obfuscation. While I wouldn't categorize myself as a security expert, much less a cryptologist, I would disagree with this. At the very least, I'd amend it to Never, ever use obfuscation as your sole method of security. I would amend it differently: Never, ever use obfuscation if it adds complexity for yourself. There is nothing wrong with security through obscurity, as long as you don't rely on it as your only protection. I would draw an analogy between computer security and getting shot at. When you're being shot at, there are two sorts of protection you might resort to. You might take cover by getting behind a solid object that can block fire. You might conceal yourself behind something that would obscure you as a target. When you're getting shot at, cover and concealment are both useful; concealment won't stop a bullet, but it'll lessen the likelihood of people shooting in your direction. Ideally, you want both cover and concealment, of course, if for no other reason than to avoid the stress of being shot at. Unless you have cover by an object that will stop the small arms fire from the other side, but at the same time so well concealed your side doesn't see you and you die from 'friendly' fire when your side bombs the opponent. Obfuscation can hurt the obfuscator, just like a firewall can introduce a risk to an otherwise well protected computer. Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: RE: Securing CF Apps.
Putting in a review is not an action? Picking items from the gold box is not an action? - Original Message - From: Barney Boisvert [EMAIL PROTECTED] Date: Tuesday, March 23, 2004 3:02 pm Subject: RE: Securing CF Apps. But the point is that you're still browsing content, you're not performingany actions.At least in my mind, that's really what differentiates a site from an application.Amazon is definitely very complex, but it's still a web site in my book, at least until you get to the checkout phase. Cheers, barneyb -Original Message- From: Kwang Suh [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 1:31 PM To: CF-Talk Subject: RE: Securing CF Apps. How about the wish lists, recommendations, gold box, trivia, product ratings, product reviews, etc? I'd say that's an application.Just because I don't have to go through some authentication process doesn't mean I'm browsing a site. - Original Message - From: Barney Boisvert [EMAIL PROTECTED] Date: Tuesday, March 23, 2004 2:05 pm Subject: RE: RE: RE: Securing CF Apps. Amazon.com is primarily a web site, the backend where the staff manageseverything is an application.Web sites let anonymous users browse content, while web applications let authenticated users perform actions that affect other users/visitors. The only part of amazon.com that is an application (of the stuff you can see) is the checkout process, and you can't bookmark one of those pages.Well, you can, but when you come back, you'll get a message that says you need to start over or something like that, with a link back to the web site portion. Cheers, barneyb -Original Message- From: Kwang Suh [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 12:51 PM To: CF-Talk Subject: Re: RE: RE: Securing CF Apps. I'd say something like Amazon.com is an application, and boy, would I ever hate it if I couldn't bookmark a link to a book. Or their wish lists.That's not a site. Some parts of an application can be public facing, you know. How about Web Services?Are those an application?Well, I can sure tell you they're not a site.Should I be obfuscating those links too?That sure would suck. - Original Message - From: Adrocknaphobia [EMAIL PROTECTED] Date: Tuesday, March 23, 2004 1:43 pm Subject: Re:RE: RE: Securing CF Apps. You do realize we are talking about applications and not websites. There is a big difference, and I've never once found it a good idea for a user to bookmark a part of application. -adam -Original Message- From: Kwang Suh [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 07:55 PM To: 'CF-Talk' Subject: Re: RE: RE: Securing CF Apps. If my user.login is encrypted one time as kjdfljsldfl and the user comes back and types in kjdfljsldfl they don't get taken to that circuit, because it's different this time. This would not be acceptable in many situations, because it prevents bookmarking and renders search engines useless. 3. The objection to using cfquery is multifaceted. There is the risk of SQL injection if your not doing the correct validation. If your errors are not being handled correctly you can give away table and column names in the error message. So don't you think it's more important to handle errors properly than say don't ever use cfquery? I think that with all the benefits of procedures, if you have them available, you're a fool not to use them, and not just because of the enhanced security.Obviously proper error handling is important AS WELL. This is not an either/or argument, rather a complimentary one. What's wrong with: cfquery exec my_stored_proc /cfquery ? 2. By using plain text variable names your going to give the potential intruder a decent insight into your application design, and this will give them the ability to make educated guesses as to your other circuit names. So? So by understanding the structure of an application, you can then begin to analyze it's weaknesses.In the environment in which I work we want to give them as little as possible to go on. You've got bigger problems should someone gain access to your file system. Is that so??I disagree.If someone gains access to my web
Re: web application vs. web site was Re: Securing CF Apps.
Whether or not something is called a site or an application has no bearing on security, so I still don't see the relevance of that argument. - Original Message - From: Conan Saunders [EMAIL PROTECTED] Date: Tuesday, March 23, 2004 3:17 pm Subject: web application vs. web site was Re: Securing CF Apps. There are two separate issues here, let's not mix them: 1) What is a web application vs. what is a web site 2) Once you've settled on your definitions for the above two, you can have your security discussion without arguments in which both people are right because they are talking about two different things. The first topic is just semantics, as Kwang said, and it's clear not everybody is using the same definitions. If you want to talk about the first, why don't you break that discussion out into this separately titled thread? Here are my thoughts about web applications vs web sites: 1) Web site refers to all sites, whether public or private (intranet), in which a user can use a normal browser to resolve a DNS name and load some HTML pages, is a web site. Some web sites are static, some are dynamic. Some include powerful search engines, transactional e-commerce, and other stuff. These are all web sites. 2) To me, a web application is a subset of web site that has interactive, dynamic functionality, even for anonymous users. If the user can do more than just request static pages, then the site is a web application. Requests and responses for a web application take place across the web or an intranet, and they take place within a normal browser. All the normal browser interface pieces are available (single-click a link to navigate, ability to bookmark, ability to type in a URL, hit the back button, right click and open a page in a new window, etc.) 3) I would then define a third category that covers what Tim was talking about: private, closed systems that attempt to mimic regular desktop software applications as closely as possible but just so happen to operate over HTTP and output to HTML. The developer may try to lock down the user experience as much as possible, utilizing fixed entry points and fixed navigation UI and attempting to shut down or hide normal browser functionality like URL entry, back and refresh buttons, etc. The disagreement seems to be that some people define web application as #2, while others define it as #3. I think calling only #3 a web application and not #2 is a mistake. Amazon, google, imdb, any run-of-the-mill e-commerce site... to me, these are all applications, and URLs are just part of the application interface. With web services, and as tag-based software development creeps out of the browser and into the OS itself, the line is only going to get blurrier. I think you'll be better off in the long run if you don't limit your definition of web application to #3. Conan At 03:37 PM 3/23/2004, you wrote: Like you said Tim, some people have a hard time distinguishing between an application and a site. -adam -Original Message- From: Kwang Suh [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 09:16 PM To: 'CF-Talk' Subject: RE: Securing CF Apps. There are different controls that you would use for different purposes.Obviously an ecommerce SITE (which is what Amazon is) needs users to be able to return to a specific product. Pure semantics.I'm sure those guys at Amazon would beg to differ with you. Web services security is very different from either public site or application security.You're comparing apples and oranges. Hardly.Web services are an internet-based resource that may or may not be protected. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: Securing CF Apps.
Reminder to self: Never piss off Matt :) - Original Message - From: Matt Liotta [EMAIL PROTECTED] Date: Tuesday, March 23, 2004 3:27 pm Subject: Re: Securing CF Apps. What is funny to me is that the number of Linux vulnerabilities far surpasses the number of M$ ones. Look into it. It's just that M$ products are more commonly used, and therefore more commonly attacked. Your statement is false, but since you made it, I'll let you prove it. -Matt [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: RE: Securing CF Apps.
What a weak argument.Prove to me that is the definition of a web site. - Original Message - From: Heald, Tim [EMAIL PROTECTED] Date: Tuesday, March 23, 2004 3:38 pm Subject: RE: Securing CF Apps. I think something used to either sell products on the web, or provide information on the web is a site.Now the site might be controlled by a back end content management system, or some sort of inventory application,but the rest of it is a web site. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: RE: Securing CF Apps.
Precisely why I don't agree with pretty much everything you've stated today. - Original Message - From: Heald, Tim [EMAIL PROTECTED] Date: Tuesday, March 23, 2004 4:28 pm Subject: RE: Securing CF Apps. Why do I need someone to agree with me?I have my own mind.I can asses the objective reality of whether I feel something is useful to me. You should check out some Ayn Rand some time. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s).Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Kwang Suh [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 6:28 PM To: CF-Talk Subject: Re: Securing CF Apps. This is precisely why my security co-worker was so adament against obfuscation: absolutely no one can agree on its usage and usefulness. - Original Message - From: Jochem van Dieten [EMAIL PROTECTED] Date: Tuesday, March 23, 2004 2:53 pm Subject: Re: Securing CF Apps. Dave Watts wrote: I used to work with a security/cryptology expert. His #1 rule: Never, ever use obfuscation. While I wouldn't categorize myself as a security expert, much less a cryptologist, I would disagree with this. At the very least, I'd amend it to Never, ever use obfuscation as your sole method of security. I would amend it differently: Never, ever use obfuscation if it adds complexity for yourself. There is nothing wrong with security through obscurity, as long as you don't rely on it as your only protection. I would draw an analogy between computer security and getting shot at. When you're being shot at, there are two sorts of protection you might resort to. You might take cover by getting behind a solid object that can block fire. You might conceal yourself behind something that would obscure you as a target. When you're getting shot at, cover and concealment are both useful; concealment won't stop a bullet, but it'll lessen the likelihood of people shooting in your direction. Ideally, you want both cover and concealment, of course, if for no other reason than to avoid the stress of being shot at. Unless you have cover by an object that will stop the small arms fire from the other side, but at the same time so well concealed your side doesn't see you and you die from 'friendly' fire when your side bombs the opponent. Obfuscation can hurt the obfuscator, just like a firewall can introduce a risk to an otherwise well protected computer. Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: RE: Securing CF Apps.
I for one do not believe in creating definitions out of thin air to suit a particular argument, as was done here. -Original Message- From: Tom Kitta [mailto:[EMAIL PROTECTED] Sent: March 23, 2004 8:04 PM To: CF-Talk Subject: RE: RE: Securing CF Apps. May I point out that definitions cannot be proven, they are just statements that we use in proofs. A good definition captures the concept that it is defining well, bad one does not. Bottom line is you can define web site as pigs that fly and it will be a valid definition. In fact I think that even today (or at least 2 years ago) the question of 0 (zero) being a Natural number or not was not uniformly accepted. Different professors used different definitions, which is OK (however I sure hope one day they will go one way or the other). I am in the camp that says 0 is Natural. For me having no money is a natural state :) TK [Tom Kitta] -Original Message- From: Kwang Suh [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 7:13 PM To: CF-Talk Subject: Re: RE: Securing CF Apps. What a weak argument.Prove to me that is the definition of a web site. - Original Message - From: Heald, Tim [EMAIL PROTECTED] Date: Tuesday, March 23, 2004 3:38 pm Subject: RE: Securing CF Apps. I think something used to either sell products on the web, or provide information on the web is a site.Now the site might be controlled by a back end content management system, or some sort of inventory application,but the rest of it is a web site. _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: OT: html table - columns not columnar - tbody issue???
You've got it backwards.It displays correctly in everything but IE. Your display:inline; makes the elements inline.Therefore, they all end up on the same line, as expected. - Original Message - From: S. Isaac Dealey [EMAIL PROTECTED] Date: Monday, March 22, 2004 1:34 pm Subject: OT: html table - columns not columnar - tbody issue??? I'm hoping somebody on this list is more knowledgeable about html they can give me some insight into this issue I'm having with a table... This table code is generated, and I've been going over it with a fine-toothed comb trying to figure out why it only displays correctly in IE. I've tried Mozilla 1.5/1.6, Netscape 7.1, FireFox 0.8 and Opera 7.23... As best I can tell, all the table tags are properly nested, quoted, etc. however, the columns only display as columns (having left and right borders which are the same from one row to the next) using MSIE (6). In all the other browsers, the cells in any given row collapse to only the width of their contents, regardless of the contents of other cells in the same column. Thanks, table style= id=tom class= cellspacing=0 col id=tom_col_1 class= col id=tom_col_2 class= col id=tom_col_3 class= thead id=tap_200403221413471079986427578971518476 class= tr id=tap_200403221413471079986427578716543986 class= th id=tap_200403221413471079986427578133504139 class= id=tap_200403221413471079986427578270320811 target=_self href=""> col a /th th id=tap_200403221413471079986427578133504139 class= id=tap_200403221413471079986427593123535712 target=_self href=""> col b /th th id=tap_200403221413471079986427578133504139 class= id=tap_200403221413471079986427593786599082 target=_self href=""> col c /th /tr /theadtbody id=tap_200403221413471079986427578724351437 class= tr id=tom_1 style=display: inline; class= td id=tom_1_1 class=hello/td td id=tom_1_2 class=world/td td id=tom_1_3 class=this/td /tr tr id=tom_2 style=display: inline; class= td id=tom_2_1 class=is/td td id=tom_2_2 class=a/td td id=tom_2_3 class= /td /tr tr id=tom_3 style=display: inline; class= td id=tom_3_1 class=test/td td id=tom_3_2 class=of/td td id=tom_3_3 class=the/td /tr tr id=tom_4 style=display: inline; class= td id=tom_4_1 class=table/td td id=tom_4_2 class=code/td td id=tom_4_3 class=generator/td /tr /tbody/table s. isaac dealey214.823.9345 new epoch : isn't it time for a change? add features without fixtures with the onTap open source framework http://www.turnkey.to/ontap [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: OT: html table - columns not columnar - tbody issue???
War?What war? :) - Original Message - From: S. Isaac Dealey [EMAIL PROTECTED] Date: Monday, March 22, 2004 4:52 pm Subject: Re: OT: html table - columns not columnar - tbody issue??? Thanks Marlon Suh, that was the error I'd overlooked. :) (btw. no browser wars here - I didn't mean to imply that only IE rendered the HTML correctly - I meant to imply that the correct desired effect was only being produced by IE -- whether that's a problem with the HTML or with the browser(s) is secondary to the fact that I'm trying to produce a specific effect.) - ike You've got it backwards.It displays correctly in everything but IE. Your display:inline; makes the elements inline. Therefore, they all end up on the same line, as expected. - Original Message - From: S. Isaac Dealey [EMAIL PROTECTED] Date: Monday, March 22, 2004 1:34 pm Subject: OT: html table - columns not columnar - tbody issue??? I'm hoping somebody on this list is more knowledgeable about html they can give me some insight into this issue I'm having with a table... This table code is generated, and I've been going over it with a fine-toothed comb trying to figure out why it only displays correctly in IE. I've tried Mozilla 1.5/1.6, Netscape 7.1, FireFox 0.8 and Opera 7.23... As best I can tell, all the table tags are properly nested, quoted, etc. however, the columns only display as columns (having left and right borders which are the same from one row to the next) using MSIE (6). In all the other browsers, the cells in any given row collapse to only the width of their contents, regardless of the contents of other cells in the same column. Thanks, table style= id=tom class= cellspacing=0 col id=tom_col_1 class= col id=tom_col_2 class= col id=tom_col_3 class= thead id=tap_200403221413471079986427578971518476 class= tr id=tap_200403221413471079986427578716543986 class= th id=tap_200403221413471079986427578133504139 class= id=tap_200403221413471079986427578270320811 target=_self href=""> 2Fasc col a /th th id=tap_200403221413471079986427578133504139 class= id=tap_200403221413471079986427593123535712 target=_self href=""> 2Fasc col b /th th id=tap_200403221413471079986427578133504139 class= id=tap_200403221413471079986427593786599082 target=_self href=""> 2Fasc col c /th /tr /theadtbody id=tap_200403221413471079986427578724351437 class= tr id=tom_1 style=display: inline; class= td id=tom_1_1 class=hello/td td id=tom_1_2 class=world/td td id=tom_1_3 class=this/td /tr tr id=tom_2 style=display: inline; class= td id=tom_2_1 class=is/td td id=tom_2_2 class=a/td td id=tom_2_3 class= /td /tr tr id=tom_3 style=display: inline; class= td id=tom_3_1 class=test/td td id=tom_3_2 class=of/td td id=tom_3_3 class=the/td /tr tr id=tom_4 style=display: inline; class= td id=tom_4_1 class=table/td td id=tom_4_2 class=code/td td id=tom_4_3 class=generator/td /tr /tbody/table s. isaac dealey214.823.9345 new epoch : isn't it time for a change? add features without fixtures with the onTap open source framework http://www.turnkey.to/ontap [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: Reliable way to get ID of inserted record
cfquery name=bar datasource=yours
SET NOCOUNT ON
DECLARE @lastID BIGINT
-- Do your insert here.
INSERT INTO TEST
(foo)
VALUES
('hello')
-- This gets the value of the row you just inserted
SET @lastID = SCOPE_IDENTITY()
SET NOCOUNT OFF
-- Return back to CF.
SELECT @lastID AS lastID
/cfquery
cfoutput#bar.lastID#/cfoutput
- Original Message -
From: Burns, John [EMAIL PROTECTED]
Date: Thursday, March 11, 2004 11:02 am
Subject: Reliable way to get ID of inserted record
I know this came up last week or so, but I believe the answer came
for a
mySQL database.I need a way in MS SQL to get the last inserted
recordvia CF.I have a query inserting a row into the table with an
auto-increment ID. I need to insert that ID into a separate table in
another query so I first need to find out what ID it got assigned.
I've
got it all wrapped in cftransaction but I'm not sure if max(id)
is the
best way to get the ID, because if rows get deleted, won't SQL
automatically assign those values to new rows at some point, therefore
negating the max() idea?
John Burns
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
