RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
With all the woes that IIS has suffered (and also being a sentimental old bugger) it would be great for me to see Website Pro re emerge as a contender in the Webserver stakes. All we need now are the grumbles from the Website Orphans list to be sorted g Philip Arnold Technical Director Certified ColdFusion Developer ASP Multimedia Limited Switchboard: +44 (0)20 8680 8099 Fax: +44 (0)20 8686 7911 www.aspmedia.co.uk www.aspevents.net An ISO9001 registered company. ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. ** __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
On 6/5/02, Michael Dinowitz penned: I don't think Bud is running CF MX: OK. I've got CF 4.51 on my development box. I also run WebSite Pro on the dev box, which I just upgraded to the latest version, which I'd also done on the real server with no problem. From this, I assume he just upgraded WebSite Pro, not CF. That's correct. I downgraded back to the first version of WS Pro 3 and everything works fine. Strange problem. No page would could be found when doing a POST. Gets worked fine. This was on my Win 98 development box so I didn't need really need the security patches or anything. WS Pro runs great with CF 4.51 under NT. -- Bud Schneehagen - Tropical Web Creations _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ ColdFusion Solutions / eCommerce Development [EMAIL PROTECTED] http://www.twcreations.com/ 954.721.3452 __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
On 6/5/02, Dave Watts penned: 1. I happen to be one of those Website pro users and there are a lot more than three of us. Maybe even 5. :) I used to be one of them, but just can't justify the per-server cost any more. Oh, well. The price is down to 300 bucks for a single server (compared to about 900 when I originally purchased WS Pro 2). It's even more affordable if you're running 3 or more servers. Anything's better than the IIS security patch circus IMHO. -- Bud Schneehagen - Tropical Web Creations _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ ColdFusion Solutions / eCommerce Development [EMAIL PROTECTED] http://www.twcreations.com/ 954.721.3452 __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
Hi Dave, 1. I happen to be one of those Website pro users and there are a lot more than three of us. Maybe even 5. :) I used to be one of them, but just can't justify the per-server cost any more. Oh, well. Have you thought of a site license? Very cheap for a hosting house or similar with a reasonable number of machines. We hated moving away from Website to do clustering since it was the way we got into CF in the first place and its a much better server that IIS. To lose it again because of MX would be a second disaster. I'm glad it looks like we won't have to. -- Yours, Kym __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Ridiculous Problem!
On 6/5/02, UXB Internet penned: And people ask me why I don't rush to upgrade all the time. Let me know what you find Bud, I have the same configuration (I think my dev box even has the same internal IP number ) I found absolutely nothing on Deerfield's site or in their forums. It wouldn't let me POST. Doing a GET to the same URL worked fine. It was any page on the Development box. Run's fine under NT. -- Bud Schneehagen - Tropical Web Creations _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ ColdFusion Solutions / eCommerce Development [EMAIL PROTECTED] http://www.twcreations.com/ 954.721.3452 __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Ridiculous Problem!
On 6/5/02, Todd penned: Bud, What is '/' mapped too? Also, are you hosting multiple sites on the webserver? Which one is CFIDE physically located in? When CFMX was installed, did you choose Standalone or...? Not CFMX. It's 4.51. / was mapped to C:\inetpub\wwwroot\ CFIDE was in WWWRoot. Every page could be found through links or forms using method=GET. If I changed GET to POST, Page Not Found. This was any page on the development box. Not just the CF Admin login. That just happened to be the first Form button I hit after upgrading. It took me a couple hours to relate the problem to a POST. Once again, no problems on my NT production box. -- Bud Schneehagen - Tropical Web Creations _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ ColdFusion Solutions / eCommerce Development [EMAIL PROTECTED] http://www.twcreations.com/ 954.721.3452 __ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
Have you thought of a site license? Very cheap for a hosting house or similar with a reasonable number of machines. We hated moving away from Website to do clustering since it was the way we got into CF in the first place and its a much better server that IIS. We're not a hosting house, and from my perspective, free beats cheap. The thing is, WebSite doesn't really offer any features that IIS doesn't, and I don't think it's any better than IIS, really. IIS has to be set up correctly, but that's pretty trivial to do. In that sense, I'm a satisfied IIS user. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
The price is down to 300 bucks for a single server (compared to about 900 when I originally purchased WS Pro 2). It's even more affordable if you're running 3 or more servers. Anything's better than the IIS security patch circus IMHO. The thing is, if you install IIS correctly, and disable the stuff that you don't use, it's not a security patch circus. By default, IIS includes a lot of features that WebSite doesn't have, and that most people don't use anyway. It's trivial to remove those unused features, and those are the things which frequently cause IIS security problems. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
We're not a hosting house, and from my perspective, free beats cheap. The thing is, WebSite doesn't really offer any features that IIS doesn't, and I don't think it's any better than IIS, really. IIS has to be set up correctly, but that's pretty trivial to do. In that sense, I'm a satisfied IIS user. Dave Watts, CTO, Fig Leaf Software Even if it means having to apply a patch every other day? Just curious. Ever since IIS started getting hacked left and right, I started leaning towards Apache. Not starting a fight here, just having a discussion. ~Todd -- Todd Rafferty ([EMAIL PROTECTED]) - http://www.web-rat.com/ | http://www.flashCFM.com/ - webRat (Moderator)| http://www.ultrashock.com/ - webRat (Back-end Moderator) | __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
David, ignore previous email... you answered it here. =) On Thu, 6 Jun 2002, Dave Watts wrote: The price is down to 300 bucks for a single server (compared to about 900 when I originally purchased WS Pro 2). It's even more affordable if you're running 3 or more servers. Anything's better than the IIS security patch circus IMHO. The thing is, if you install IIS correctly, and disable the stuff that you don't use, it's not a security patch circus. By default, IIS includes a lot of features that WebSite doesn't have, and that most people don't use anyway. It's trivial to remove those unused features, and those are the things which frequently cause IIS security problems. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
| From: Dave Watts [mailto:[EMAIL PROTECTED]] | | | The thing is, if you install IIS correctly, and disable the | stuff that you don't use, it's not a security patch | circus. By default, IIS includes a lot of features that | WebSite doesn't have, and that most people don't use | anyway. It's trivial to remove those unused features, and | those are the things which frequently cause IIS security problems. I have to be a Dave groupie, and agree ... In the past several years we've used IIS, we've never (gotta knock on wood here) had any security problems. We just ALWAYS make sure we uninstall all the silly extras, and just use the bits we absolutely have to have ... Then we run it through the security check tools, apply appropriate patches, and away we go. Works fine. Of course we like the other web servers out there as well, we just like to get along with all OS's. You never know when one will totally get knocked off it's feet and disappear. Always be ready for anything. Erika __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
We're not a hosting house, and from my perspective, free beats cheap. The thing is, WebSite doesn't really offer any features that IIS doesn't, and I don't think it's any better than IIS, really. IIS has to be set up correctly, but that's pretty trivial to do. In that sense, I'm a satisfied IIS user. Even if it means having to apply a patch every other day? Just curious. Ever since IIS started getting hacked left and right, I started leaning towards Apache. Not starting a fight here, just having a discussion. Well, for that matter, I'm a satisfied Apache user, but I and our clients typically use IIS on Windows and Apache on other platforms. However, to address your point, the belief that you have to apply patches every other day is incorrect - if you've configured your IIS server correctly. By default, IIS includes all sorts of things that you usually just don't need. And, of course, following the general best practice for configuring any kind of server, you should remove or disable the things you don't need. Here are some things that IIS allows you to do: - handle server-side includes (I use CFINCLUDE for that, and don't deal with static HTML.) - allow NT users to change their NT passwords - allow IIS to handle local print jobs received through a web browser (IIS 5 only) - allow direct interaction with databases through MSADC - provide a direct interface to MS Index Server - manage IIS itself through a browser (and much, much more!) Now, I don't need any of that stuff, so I just remove it. If a patch comes out for it, I don't bother patching it, except when routine maintenance comes up, when I'll just apply all outstanding patches at once - you can do this with one reboot using QChain. That's it. Trust me, I don't spend much post-installation time applying patches. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
We're not a hosting house, and from my perspective, free beats cheap. The thing is, WebSite doesn't really offer any features that IIS doesn't, and I don't think it's any better than IIS, really. IIS has to be set up correctly, but that's pretty trivial to do. In that sense, I'm a satisfied IIS user. Dave Watts, CTO, Fig Leaf Software Even if it means having to apply a patch every other day? Just curious. Ever since IIS started getting hacked left and right, I started leaning towards Apache. Not starting a fight here, just having a discussion. I'm just curious (since this thread is still active), is a product like Apache or other non-IIS products *proven* to be more secure, assuming you disable the IIS features you don't need and apply the appropriate patches? That's not a rhetorical question, I'm really asking for people's opinions. See, I've been of the school of thought lately that, while IIS does have its security flaws, I think that they get magnified 1000% because it's a Microsoft product, and hackers and the press will do anything they can to rip Microsoft. For example, Oracle touted Oracle9i as being unbreakable. However, if you go and look at the security patches they've released for it (a veritable library, not just one or two little things), it clearly was breakable! However, because Oracle isn't as disliked by hackers or the press as Microsoft is, you don't read about it on the front page of technical web sites. As far as Apache and even Linux go, are they truly more secure? It seems to me that those willing to try are more focused on hacking MS products, and therefore Apache and Linux are as heavily scrutinized. Again, I'm not claiming that as fact, it's just my impression. I will concede that MS has had some pretty glaring security holes in the past with not just IIS, by other products as well. As a side note for those who haven't read or heard about it, criticism has gotten so bad that the MS has shifted raises and bonuses from being release-based (i.e., did your team release a product this year) to security-based (i.e., the fewer security flaws found, the higher your raise/bonus). To me, that's a step in the right direction. But anyway, we use Apache here at my job. While I have no complaints about it, I would argue that it's more secure (inherently, not after re-programming modules and such) because you have to be a true programmer to really get into the meat of the product and mess around. You can't just go into a GUI interface and click a few buttons to disable it. Thoughts? Regards, Dave. __ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
However, to address your point, the belief that you have to apply patches every other day is incorrect Not really a belief to be honest, I was being a little sarcastic in the realm of the evergoing IIS (Is it Secure?) joke. I have worked with IIS before and yes, I agree with all that you've said about removing what you don't need, etc. You answered my questions already and... I'm not looking to pick a fight, I was just looking for a discussion in which you've more than answered already (this being the 2nd email on it). This is good stuff to read and good things for IIS admins to take into account. Thanks Dave! ~Todd On Thu, 6 Jun 2002, Dave Watts wrote: We're not a hosting house, and from my perspective, free beats cheap. The thing is, WebSite doesn't really offer any features that IIS doesn't, and I don't think it's any better than IIS, really. IIS has to be set up correctly, but that's pretty trivial to do. In that sense, I'm a satisfied IIS user. Even if it means having to apply a patch every other day? Just curious. Ever since IIS started getting hacked left and right, I started leaning towards Apache. Not starting a fight here, just having a discussion. Well, for that matter, I'm a satisfied Apache user, but I and our clients typically use IIS on Windows and Apache on other platforms. However, to address your point, the belief that you have to apply patches every other day is incorrect - if you've configured your IIS server correctly. By default, IIS includes all sorts of things that you usually just don't need. And, of course, following the general best practice for configuring any kind of server, you should remove or disable the things you don't need. Here are some things that IIS allows you to do: - handle server-side includes (I use CFINCLUDE for that, and don't deal with static HTML.) - allow NT users to change their NT passwords - allow IIS to handle local print jobs received through a web browser (IIS 5 only) - allow direct interaction with databases through MSADC - provide a direct interface to MS Index Server - manage IIS itself through a browser (and much, much more!) Now, I don't need any of that stuff, so I just remove it. If a patch comes out for it, I don't bother patching it, except when routine maintenance comes up, when I'll just apply all outstanding patches at once - you can do this with one reboot using QChain. That's it. Trust me, I don't spend much post-installation time applying patches. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
Saying this, we have a client who used to use IIS - they thought they had all of the back-doors bolted... Then one of the Code Red variants came along and strolled straight through - they now use WSP Here are some things that IIS allows you to do: - handle server-side includes (I use CFINCLUDE for that, and don't deal with static HTML.) WSP does this also, with HTML-SSI files - allow NT users to change their NT passwords Ours is a pure web server... We don't have NT users on the machine, so this isn't important to us - allow IIS to handle local print jobs received through a web browser (IIS 5 only) Again, it's a pure web server, so no printer - allow direct interaction with databases through MSADC How does CF interact with this? - provide a direct interface to MS Index Server Since we don't use MS Index Server, this doesn't effect us... - manage IIS itself through a browser Remote Admin - been in WSP for ages - not browser based, but it's still remote Philip Arnold Technical Director Certified ColdFusion Developer ASP Multimedia Limited Switchboard: +44 (0)20 8680 8099 Fax: +44 (0)20 8686 7911 www.aspmedia.co.uk www.aspevents.net An ISO9001 registered company. ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. ** __ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
However, to address your point, the belief that you have to apply patches every other day is incorrect Not really a belief to be honest, I was being a little sarcastic in the realm of the evergoing IIS (Is it Secure?) joke. I don't think you're picking a fight, as you're raising valid questions. You may not believe that personally, but many people do. As an example, a few months back Gartner Group recommended that if you're using IIS, you should cease and desist immediately! That's a pretty severe recommendation; I think that a better recommendation would have been that web server administrators learn how to configure web servers. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
Saying this, we have a client who used to use IIS - they thought they had all of the back-doors bolted... Then one of the Code Red variants came along and strolled straight through - they now use WSP Well, I'm glad they're not using IIS then. However, this is an illustration of their inability to configure a server correctly, rather than an illustration of some special problem with IIS. I mean, this stuff is just not that hard. We're talking about ten minutes of initial configuration, or one minute if you've written a script to automate the process. The problem with IIS is similar to the problem with Windows - neither is designed to serve well as a public Internet server with their default configurations. If you're going to use Windows for public Internet servers, then you have to know how to configure them appropriately. The same is true for IIS. To some extent, of course, this is true for anything that you're going to put on an untrusted network - you have to know how to configure it appropriately. Here are some things that IIS allows you to do: - handle server-side includes (I use CFINCLUDE for that, and don't deal with static HTML.) WSP does this also, with HTML-SSI files - allow NT users to change their NT passwords Ours is a pure web server... We don't have NT users on the machine, so this isn't important to us - allow IIS to handle local print jobs received through a web browser (IIS 5 only) Again, it's a pure web server, so no printer - allow direct interaction with databases through MSADC How does CF interact with this? - provide a direct interface to MS Index Server Since we don't use MS Index Server, this doesn't effect us... - manage IIS itself through a browser Remote Admin - been in WSP for ages - not browser based, but it's still remote Yes, I'm aware of the WebSite feature set. However, I think you're missing my point. Those are all things that should be TURNED OFF on a production web server - or any internet-facing web server - that isn't specifically using those features. If you turn them off, you don't have any problems. If you do need to use those features, then you have to go through some hoops to ensure that they're set up securely. As for the MSADC thing, CF doesn't interact with it - and I turn it off. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
Dave, I'd say your on the money here. The DAY after the CEO of Oracle touted 9i as unbreakable Oracle bombarded with hacking attempts (some of which were successful leaving egg on the Oracle face). MS gets that kind of attack every day - and unlike Oracle, MS products run on the desktop of every wannabee hacker HS student in the world. As far as apache, if you use the default installation, unlike IIS, it's a very minimal install - it is NOT configured with all the features you might want - and there's no GUI that helps you figure out what it might be able to do either (which is one of its glaring weaknesses). MS has always taken the permissive approach - we'll give you everything and its up to you to lock it down. The reason for this is that MS's gravy comes from the desktop world - where regular home users want everything available on the local desktop. But in the server world, the opposite approach is more appropriate - give me the minimum to accomplish my task and I'll install anything else that's necessary. When novice PC technicians build their first W2k server, they install audio drivers, complex video drivers, Bells and whistles, netscape, utilities, print drivers, QoS services ... even the accessories/games features. All of it is superflous - and taking up overhead on the server. The first thing you learn regarding server installation is: Only install what you need - disable all the services you don't use. Disable all protocols you don't use install the minimum. I even go into the bios and disable the parallel port, serial port, IDE controller (if I'm using SCSI) etc. Anything I don't need is stripped away. Then document the bios settings, services settings and feature install - so you can check it when you install the latest service pack or version of software. Mark -Original Message- From: Dave Carabetta [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 06, 2002 8:48 AM To: CF-Talk Subject: RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!) We're not a hosting house, and from my perspective, free beats cheap. The thing is, WebSite doesn't really offer any features that IIS doesn't, and I don't think it's any better than IIS, really. IIS has to be set up correctly, but that's pretty trivial to do. In that sense, I'm a satisfied IIS user. Dave Watts, CTO, Fig Leaf Software Even if it means having to apply a patch every other day? Just curious. Ever since IIS started getting hacked left and right, I started leaning towards Apache. Not starting a fight here, just having a discussion. I'm just curious (since this thread is still active), is a product like Apache or other non-IIS products *proven* to be more secure, assuming you disable the IIS features you don't need and apply the appropriate patches? That's not a rhetorical question, I'm really asking for people's opinions. See, I've been of the school of thought lately that, while IIS does have its security flaws, I think that they get magnified 1000% because it's a Microsoft product, and hackers and the press will do anything they can to rip Microsoft. For example, Oracle touted Oracle9i as being unbreakable. However, if you go and look at the security patches they've released for it (a veritable library, not just one or two little things), it clearly was breakable! However, because Oracle isn't as disliked by hackers or the press as Microsoft is, you don't read about it on the front page of technical web sites. As far as Apache and even Linux go, are they truly more secure? It seems to me that those willing to try are more focused on hacking MS products, and therefore Apache and Linux are as heavily scrutinized. Again, I'm not claiming that as fact, it's just my impression. I will concede that MS has had some pretty glaring security holes in the past with not just IIS, by other products as well. As a side note for those who haven't read or heard about it, criticism has gotten so bad that the MS has shifted raises and bonuses from being release-based (i.e., did your team release a product this year) to security-based (i.e., the fewer security flaws found, the higher your raise/bonus). To me, that's a step in the right direction. But anyway, we use Apache here at my job. While I have no complaints about it, I would argue that it's more secure (inherently, not after re-programming modules and such) because you have to be a true programmer to really get into the meat of the product and mess around. You can't just go into a GUI interface and click a few buttons to disable it. Thoughts? Regards, Dave. __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm
Re: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
and it worked fine. So, WebSite Pro users (all three of you) rejoice! Hey this is really awesome news, thanks Dave! I think there are a few of us on here still :) Heck, cf-talk was born on website-talk even, way back when (a bit of history for all the latecomers in the audience ;-) Thanks again, -Max __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
I'm just curious (since this thread is still active), is a product like Apache or other non-IIS products *proven* to be more secure, assuming you disable the IIS features you don't need and apply the appropriate patches? That's not a rhetorical question, I'm really asking for people's opinions. I'm not aware of any code audits performed on both the Apache and IIS source code, and I think that's the only way to prove that one is more secure than the other. However, the core functionality of the web server itself is well-tested with both Apache and IIS - if someone found a security flaw with that core functionality, that would be a big issue, but I don't think that's ever happened. See, I've been of the school of thought lately that, while IIS does have its security flaws, I think that they get magnified 1000% because it's a Microsoft product, and hackers and the press will do anything they can to rip Microsoft. There's certainly some weighting in favor of finding problems with MS products. I don't think it's just about ripping MS, either. Just like Willie Sutton said when asked why he robbed banks, that's where the money is. (Actually, that's an apocryphal quote, I think, but who cares.) If you find an IIS vulnerability, you'll have a vast audience of potential users. In addition, you might assume that most don't know how to configure their web servers anyway - and you'd probably be right. But anyway, we use Apache here at my job. While I have no complaints about it, I would argue that it's more secure (inherently, not after re-programming modules and such) because you have to be a true programmer to really get into the meat of the product and mess around. You can't just go into a GUI interface and click a few buttons to disable it. The thing that makes a default Apache install more secure than a default IIS install is that Apache doesn't actually do anything other than serve web pages. If you want it to do something else, you have to set that up yourself. There's a very good argument to be made that this is how server products should work - a deny, then allow approach to providing functionality. IIS, of course, currently follows the opposite approach - it has features that you have to turn off. Fortunately, it's easy and quick to disable those features, so there's really no excuse for not doing it. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
Well, I'm glad they're not using IIS then. However, this is an illustration of their inability to configure a server correctly, rather than an illustration of some special problem with IIS. I mean, this stuff is just not that hard. We're talking about ten minutes of initial configuration, or one minute if you've written a script to automate the process. I believe that the issue with it not being that hard is that most people believe that IIS is perfectly good out of the box, so they leave it as-is... My biggest issue is that script kiddies attack is BECAUSE it's Microsoft - I'm not willing to take that risk The problem with IIS is similar to the problem with Windows - neither is designed to serve well as a public Internet server with their default configurations. If you're going to use Windows for public Internet servers, then you have to know how to configure them appropriately. The same is true for IIS. I agree 100% - but how many companies don't... Yes, I'm aware of the WebSite feature set. However, I think you're missing my point. I must have mis-read your email - I thought you was trying to use those as a selling point... Those are all things that should be TURNED OFF on a production web server - or any internet-facing web server - that isn't specifically using those features. If you turn them off, you don't have any problems. If you do need to use those features, then you have to go through some hoops to ensure that they're set up securely. The amount of features I've disables in WSP is pretty big - in fact we turned off the remote config, all SSI stuff, etc. etc. it's not worth the hassle Philip Arnold Technical Director Certified ColdFusion Developer ASP Multimedia Limited Switchboard: +44 (0)20 8680 8099 Fax: +44 (0)20 8686 7911 www.aspmedia.co.uk www.aspevents.net An ISO9001 registered company. ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. ** __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
My biggest issue is that script kiddies attack is BECAUSE it's Microsoft - I'm not willing to take that risk If you've configured it properly, what risk are you taking? URLScan will even let you hide the IIS server banner, so no one'll know you're using it. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
Dave, You used to (or maybe still do?) offer a course on server/IIS security. Any chance on making something like that available remotely (video or CD or something) so guys like me (swamped, no time, yadda yadda yadda) can take that course? Or is this already available? --Matt Robertson-- MSB Designs, Inc. http://mysecretbase.com -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 06, 2002 6:40 AM To: CF-Talk Subject: RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!) We're not a hosting house, and from my perspective, free beats cheap. The thing is, WebSite doesn't really offer any features that IIS doesn't, and I don't think it's any better than IIS, really. IIS has to be set up correctly, but that's pretty trivial to do. In that sense, I'm a satisfied IIS user. Even if it means having to apply a patch every other day? Just curious. Ever since IIS started getting hacked left and right, I started leaning towards Apache. Not starting a fight here, just having a discussion. Well, for that matter, I'm a satisfied Apache user, but I and our clients typically use IIS on Windows and Apache on other platforms. However, to address your point, the belief that you have to apply patches every other day is incorrect - if you've configured your IIS server correctly. By default, IIS includes all sorts of things that you usually just don't need. And, of course, following the general best practice for configuring any kind of server, you should remove or disable the things you don't need. Here are some things that IIS allows you to do: - handle server-side includes (I use CFINCLUDE for that, and don't deal with static HTML.) - allow NT users to change their NT passwords - allow IIS to handle local print jobs received through a web browser (IIS 5 only) - allow direct interaction with databases through MSADC - provide a direct interface to MS Index Server - manage IIS itself through a browser (and much, much more!) Now, I don't need any of that stuff, so I just remove it. If a patch comes out for it, I don't bother patching it, except when routine maintenance comes up, when I'll just apply all outstanding patches at once - you can do this with one reboot using QChain. That's it. Trust me, I don't spend much post-installation time applying patches. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
I'd pay money for that :) Me and at least one other person here at my company would 'attend'. -Original Message- From: Matt Robertson [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 06, 2002 11:19 AM To: CF-Talk Subject: RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!) Dave, You used to (or maybe still do?) offer a course on server/IIS security. Any chance on making something like that available remotely (video or CD or something) so guys like me (swamped, no time, yadda yadda yadda) can take that course? Or is this already available? --Matt Robertson-- MSB Designs, Inc. http://mysecretbase.com -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 06, 2002 6:40 AM To: CF-Talk Subject: RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!) We're not a hosting house, and from my perspective, free beats cheap. The thing is, WebSite doesn't really offer any features that IIS doesn't, and I don't think it's any better than IIS, really. IIS has to be set up correctly, but that's pretty trivial to do. In that sense, I'm a satisfied IIS user. Even if it means having to apply a patch every other day? Just curious. Ever since IIS started getting hacked left and right, I started leaning towards Apache. Not starting a fight here, just having a discussion. Well, for that matter, I'm a satisfied Apache user, but I and our clients typically use IIS on Windows and Apache on other platforms. However, to address your point, the belief that you have to apply patches every other day is incorrect - if you've configured your IIS server correctly. By default, IIS includes all sorts of things that you usually just don't need. And, of course, following the general best practice for configuring any kind of server, you should remove or disable the things you don't need. Here are some things that IIS allows you to do: - handle server-side includes (I use CFINCLUDE for that, and don't deal with static HTML.) - allow NT users to change their NT passwords - allow IIS to handle local print jobs received through a web browser (IIS 5 only) - allow direct interaction with databases through MSADC - provide a direct interface to MS Index Server - manage IIS itself through a browser (and much, much more!) Now, I don't need any of that stuff, so I just remove it. If a patch comes out for it, I don't bother patching it, except when routine maintenance comes up, when I'll just apply all outstanding patches at once - you can do this with one reboot using QChain. That's it. Trust me, I don't spend much post-installation time applying patches. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
You used to (or maybe still do?) offer a course on server/IIS security. Yes, we still offer that course. In fact, I taught it this Monday. We're in the process of revising the course to cover CF MX specifically, as well as some other new things that are interesting and useful. More information is available here: http://training.figleaf.com/figleaftraining/Courses/Securing-ColdFusion-Serv ers-on-Windows.cfm Any chance on making something like that available remotely (video or CD or something) so guys like me (swamped, no time, yadda yadda yadda) can take that course? Or is this already available? Well, we've just recently started looking at remote courseware stuff, so it'll be a while before we actually deliver anything in that arena. We've got a lot of experience with creating and delivering traditional curricula, and I'm not sure what the value of a CD would be, in any case, since it's hard to ask the CD a question! Creating that kind of courseware requires a completely different set of skills, and while Fig Leaf has done that before, it's actually a separate division of the company - that is, not the training department. So, our training department has to learn how to develop courseware that fits within a less interactive model. We're looking at online course delivery (ala Webex) as well, and that may happen sooner. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
We're not a hosting house, and from my perspective, free beats cheap. The thing is, WebSite doesn't really offer any features that IIS doesn't, and I don't think it's any better than IIS, really. IIS has to be set up correctly, but that's pretty trivial to do. In that sense, I'm a satisfied IIS user. Dave Watts, CTO, Fig Leaf Software Even if it means having to apply a patch every other day? Just curious. Ever since IIS started getting hacked left and right, I started leaning towards Apache. Not starting a fight here, just having a discussion. Sorry if this is a double-post, but I didn't see my first post come through before. I'm just curious, is a product like Apache or other non-IIS products *proven* to be more secure, assuming you disable the IIS features you don't need and apply the appropriate patches? That's not a rhetorical question, I'm really asking for people's opinions. See, I've been of the school of thought lately that, while IIS does have its security flaws, I think that they get magnified 1000% because it's a Microsoft product, and hackers and the press will do anything they can to rip Microsoft. For example, Oracle touted Oracle9i as being unbreakable. However, if you go and look at the security patches they've released for it (a veritable library, not just one or two little things), it was breakable! However, because Oracle isn't as disliked by hackers or the press as Microsoft is, you don't read about it everywhere. As far as Apache and even Linux go, are they truly more secure? It seems to me that those willing to try are more focused on hacking MS products just because it's Microsoft, and therefore Apache and Linux are not as heavily scrutinized. I will concede that MS has had some pretty glaring security holes in the past with not just IIS. As a side note for those who haven't read or heard about it, MS has shifted raises and bonuses from being release-based (i.e., did your team release a product this year) to security-based (i.e., the fewer security flaws found, the higher your raise/bonus). But anyway, we use Apache here at work. While I have no complaints about it, could one argue that it's more secure (inherently, not after re-programming modules and such) because you have to be willing to open tons of code to really get into the meat of the product and mess around. You can't just go into a GUI interface and click a few buttons to disable it. Thoughts? Regards, Dave. __ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Ridiculous Problem!
And people ask me why I don't rush to upgrade all the time. Let me know what you find Bud, I have the same configuration (I think my dev box even has the same internal IP number ) Best regards, Dennis Powers UXB Internet - A Web Design and Hosting Company tel: (203)879-2844 fax: (203)879-6254 http://www.uxbinternet.com/ http://dennis.uxb.net/ -Original Message- From: Bud [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 05, 2002 7:13 AM To: CF-Talk Subject: Ridiculous Problem! OK. I've got CF 4.51 on my development box. I also run WebSite Pro on the dev box, which I just upgraded to the latest version, which I'd also done on the real server with no problem. I can access the CF Login page thru http://192.168.0.5/CFIDE/administrator/index.cfm But when I try to log in I get /CFIDE/administrator/index.cfm not found The mappings are correct. I can make a link to href=/CFIDE/administrator/index.cfm from anywhere in WWWRoot and it loads fine. I've even gone so far as to create a new mapping to WWWRoot\CFIDE\ and also saved the login page source code and used a complete URL to form action=http://192.168.0.5/CFIDE/administrator/index.cfm;. 127.0.0.1 acts the same way if I try to access it straight from the dev box. Cookies are enabled. It does this from any computer hooked to the dev box. Does anyone have any clue at all what can be happening here? It's like eeevery day I get up ready to work and it's something. Like a Gremlin conspiracy to stop me from making money. -- Bud Schneehagen - Tropical Web Creations _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ ColdFusion Solutions / eCommerce Development [EMAIL PROTECTED] http://www.twcreations.com/ 954.721.3452 __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Ridiculous Problem!
It sounds like you still don't have your CFIDE mapping correct. Shawn Regan -Original Message- From: UXB Internet [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 05, 2002 1:03 PM To: CF-Talk Subject: RE: Ridiculous Problem! And people ask me why I don't rush to upgrade all the time. Let me know what you find Bud, I have the same configuration (I think my dev box even has the same internal IP number ) Best regards, Dennis Powers UXB Internet - A Web Design and Hosting Company tel: (203)879-2844 fax: (203)879-6254 http://www.uxbinternet.com/ http://dennis.uxb.net/ -Original Message- From: Bud [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 05, 2002 7:13 AM To: CF-Talk Subject: Ridiculous Problem! OK. I've got CF 4.51 on my development box. I also run WebSite Pro on the dev box, which I just upgraded to the latest version, which I'd also done on the real server with no problem. I can access the CF Login page thru http://192.168.0.5/CFIDE/administrator/index.cfm But when I try to log in I get /CFIDE/administrator/index.cfm not found The mappings are correct. I can make a link to href=/CFIDE/administrator/index.cfm from anywhere in WWWRoot and it loads fine. I've even gone so far as to create a new mapping to WWWRoot\CFIDE\ and also saved the login page source code and used a complete URL to form action=http://192.168.0.5/CFIDE/administrator/index.cfm;. 127.0.0.1 acts the same way if I try to access it straight from the dev box. Cookies are enabled. It does this from any computer hooked to the dev box. Does anyone have any clue at all what can be happening here? It's like eeevery day I get up ready to work and it's something. Like a Gremlin conspiracy to stop me from making money. -- Bud Schneehagen - Tropical Web Creations _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ ColdFusion Solutions / eCommerce Development [EMAIL PROTECTED] http://www.twcreations.com/ 954.721.3452 __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Ridiculous Problem!
Let's be fair... CFMX is not setup to handle Website Pro. I have heard that Website Pro teams are working on something (according to someone on this list from last week) for CFMX, but ... if you look at the CFMX supported webservers, Website Pro is not one of them. ~Todd At 04:03 PM 6/5/2002 -0400, you wrote: And people ask me why I don't rush to upgrade all the time. Let me know what you find Bud, I have the same configuration (I think my dev box even has the same internal IP number ) Best regards, Dennis Powers UXB Internet - A Web Design and Hosting Company tel: (203)879-2844 fax: (203)879-6254 http://www.uxbinternet.com/ http://dennis.uxb.net/ -Original Message- From: Bud [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 05, 2002 7:13 AM To: CF-Talk Subject: Ridiculous Problem! OK. I've got CF 4.51 on my development box. I also run WebSite Pro on the dev box, which I just upgraded to the latest version, which I'd also done on the real server with no problem. I can access the CF Login page thru http://192.168.0.5/CFIDE/administrator/index.cfm But when I try to log in I get /CFIDE/administrator/index.cfm not found The mappings are correct. I can make a link to href=/CFIDE/administrator/index.cfm from anywhere in WWWRoot and it loads fine. I've even gone so far as to create a new mapping to WWWRoot\CFIDE\ and also saved the login page source code and used a complete URL to form action=http://192.168.0.5/CFIDE/administrator/index.cfm;. 127.0.0.1 acts the same way if I try to access it straight from the dev box. Cookies are enabled. It does this from any computer hooked to the dev box. Does anyone have any clue at all what can be happening here? It's like eeevery day I get up ready to work and it's something. Like a Gremlin conspiracy to stop me from making money. -- Bud Schneehagen - Tropical Web Creations _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ ColdFusion Solutions / eCommerce Development [EMAIL PROTECTED] http://www.twcreations.com/ 954.721.3452 __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Ridiculous Problem!
Well.. if this is the case for this person, I don't know. But you will have this problem if the CFIDE directory is not located in the root of the site, which is also set in the CF admin under mappings not sure how it does in MX. I have not messed with it yet. Shawn Regan -Original Message- From: Shawn Regan [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 05, 2002 1:14 PM To: CF-Talk Subject: RE: Ridiculous Problem! It sounds like you still don't have your CFIDE mapping correct. Shawn Regan -Original Message- From: UXB Internet [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 05, 2002 1:03 PM To: CF-Talk Subject: RE: Ridiculous Problem! And people ask me why I don't rush to upgrade all the time. Let me know what you find Bud, I have the same configuration (I think my dev box even has the same internal IP number ) Best regards, Dennis Powers UXB Internet - A Web Design and Hosting Company tel: (203)879-2844 fax: (203)879-6254 http://www.uxbinternet.com/ http://dennis.uxb.net/ -Original Message- From: Bud [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 05, 2002 7:13 AM To: CF-Talk Subject: Ridiculous Problem! OK. I've got CF 4.51 on my development box. I also run WebSite Pro on the dev box, which I just upgraded to the latest version, which I'd also done on the real server with no problem. I can access the CF Login page thru http://192.168.0.5/CFIDE/administrator/index.cfm But when I try to log in I get /CFIDE/administrator/index.cfm not found The mappings are correct. I can make a link to href=/CFIDE/administrator/index.cfm from anywhere in WWWRoot and it loads fine. I've even gone so far as to create a new mapping to WWWRoot\CFIDE\ and also saved the login page source code and used a complete URL to form action=http://192.168.0.5/CFIDE/administrator/index.cfm;. 127.0.0.1 acts the same way if I try to access it straight from the dev box. Cookies are enabled. It does this from any computer hooked to the dev box. Does anyone have any clue at all what can be happening here? It's like eeevery day I get up ready to work and it's something. Like a Gremlin conspiracy to stop me from making money. -- Bud Schneehagen - Tropical Web Creations _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ ColdFusion Solutions / eCommerce Development [EMAIL PROTECTED] http://www.twcreations.com/ 954.721.3452 __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Ridiculous Problem!
Bud, What is '/' mapped too? Also, are you hosting multiple sites on the webserver? Which one is CFIDE physically located in? When CFMX was installed, did you choose Standalone or...? ~Todd At 01:20 PM 6/5/2002 -0700, you wrote: Well.. if this is the case for this person, I don't know. But you will have this problem if the CFIDE directory is not located in the root of the site, which is also set in the CF admin under mappings not sure how it does in MX. I have not messed with it yet. Shawn Regan -Original Message- From: Shawn Regan [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 05, 2002 1:14 PM To: CF-Talk Subject: RE: Ridiculous Problem! It sounds like you still don't have your CFIDE mapping correct. Shawn Regan -Original Message- From: UXB Internet [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 05, 2002 1:03 PM To: CF-Talk Subject: RE: Ridiculous Problem! And people ask me why I don't rush to upgrade all the time. Let me know what you find Bud, I have the same configuration (I think my dev box even has the same internal IP number ) Best regards, Dennis Powers UXB Internet - A Web Design and Hosting Company tel: (203)879-2844 fax: (203)879-6254 http://www.uxbinternet.com/ http://dennis.uxb.net/ -Original Message- From: Bud [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 05, 2002 7:13 AM To: CF-Talk Subject: Ridiculous Problem! OK. I've got CF 4.51 on my development box. I also run WebSite Pro on the dev box, which I just upgraded to the latest version, which I'd also done on the real server with no problem. I can access the CF Login page thru http://192.168.0.5/CFIDE/administrator/index.cfm But when I try to log in I get /CFIDE/administrator/index.cfm not found The mappings are correct. I can make a link to href=/CFIDE/administrator/index.cfm from anywhere in WWWRoot and it loads fine. I've even gone so far as to create a new mapping to WWWRoot\CFIDE\ and also saved the login page source code and used a complete URL to form action=http://192.168.0.5/CFIDE/administrator/index.cfm;. 127.0.0.1 acts the same way if I try to access it straight from the dev box. Cookies are enabled. It does this from any computer hooked to the dev box. Does anyone have any clue at all what can be happening here? It's like eeevery day I get up ready to work and it's something. Like a Gremlin conspiracy to stop me from making money. -- Bud Schneehagen - Tropical Web Creations _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ ColdFusion Solutions / eCommerce Development [EMAIL PROTECTED] http://www.twcreations.com/ 954.721.3452 __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
Let's be fair... CFMX is not setup to handle Website Pro. I have heard that Website Pro teams are working on something (according to someone on this list from last week) for CFMX, but ... if you look at the CFMX supported webservers, Website Pro is not one of them. I don't think Bud is running CF MX: OK. I've got CF 4.51 on my development box. I also run WebSite Pro on the dev box, which I just upgraded to the latest version, which I'd also done on the real server with no problem. From this, I assume he just upgraded WebSite Pro, not CF. Anyway, what's more interesting is this - the prerelease versions of CF MX used an ISAPI filter, and ISAPI filters aren't supported by WebSite Pro. The release version, on the other hand, uses an ISAPI extension, and WebSite Pro supports those. So, since I had a copy of WebSite Pro, I decided to install it on my CF MX machine, and they work together fine (CF MX, WebSite Pro 3.1.13 SP1). Note that, to get it working, I already had CF MX in standalone mode, and I'd manually set up the connector for IIS. This implies that you may have to get someone to send you the connector DLL, or you may have to have IIS on the server just to create the connector! Then, in WebSite Pro, I just associated cfm files to the ISAPI connector, and created a content type for .cfm mapped to wwwserver/isapi. I ran a test page with this code: html head titleCF MX on WebSite Pro/title /head body cfoutput#Server.ColdFusion.ProductVersion#/cfoutput cfdump var=#CGI# /body /html and it worked fine. So, WebSite Pro users (all three of you) rejoice! Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
1. I happen to be one of those Website pro users and there are a lot more than three of us. Maybe even 5. :) 2. If you don't mind, I'd like to forward this to Bob Denny, who is working on the issue. If its an easy fix than I'd be exceptionally happy and I'm sure that many others will be as well. At 05:22 PM 6/5/02, you wrote: Let's be fair... CFMX is not setup to handle Website Pro. I have heard that Website Pro teams are working on something (according to someone on this list from last week) for CFMX, but ... if you look at the CFMX supported webservers, Website Pro is not one of them. I don't think Bud is running CF MX: OK. I've got CF 4.51 on my development box. I also run WebSite Pro on the dev box, which I just upgraded to the latest version, which I'd also done on the real server with no problem. From this, I assume he just upgraded WebSite Pro, not CF. Anyway, what's more interesting is this - the prerelease versions of CF MX used an ISAPI filter, and ISAPI filters aren't supported by WebSite Pro. The release version, on the other hand, uses an ISAPI extension, and WebSite Pro supports those. So, since I had a copy of WebSite Pro, I decided to install it on my CF MX machine, and they work together fine (CF MX, WebSite Pro 3.1.13 SP1). Note that, to get it working, I already had CF MX in standalone mode, and I'd manually set up the connector for IIS. This implies that you may have to get someone to send you the connector DLL, or you may have to have IIS on the server just to create the connector! Then, in WebSite Pro, I just associated cfm files to the ISAPI connector, and created a content type for .cfm mapped to wwwserver/isapi. I ran a test page with this code: #Server.ColdFusion.ProductVersion# and it worked fine. So, WebSite Pro users (all three of you) rejoice! Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
1. I happen to be one of those Website pro users and there are a lot more than three of us. Maybe even 5. :) I used to be one of them, but just can't justify the per-server cost any more. Oh, well. 2. If you don't mind, I'd like to forward this to Bob Denny, who is working on the issue. If its an easy fix than I'd be exceptionally happy and I'm sure that many others will be as well. I've already done that, at the prior request of Dennis Powers on this list. I'd been in contact with him about the original ISAPI filter problem during the beta cycle. It is certainly an easy fix, in that there's nothing to fix, really - you just have to set up the connector manually as the CF MX installation probably won't do it for you. Actually, I haven't even tested that part, myself, as I'm not about to uninstall it for that. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!)
With all the woes that IIS has suffered (and also being a sentimental old bugger) it would be great for me to see Website Pro re emerge as a contender in the Webserver stakes. Kind Regards - Mike Brunt, CTO Webapper http://www.webapper.com Downey CA Office 562.243.6255 AIM - webappermb Webapper - Making the NET work -Original Message- From: Michael Dinowitz [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 05, 2002 2:20 PM To: CF-Talk Subject: Re: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!) 1. I happen to be one of those Website pro users and there are a lot more than three of us. Maybe even 5. :) 2. If you don't mind, I'd like to forward this to Bob Denny, who is working on the issue. If its an easy fix than I'd be exceptionally happy and I'm sure that many others will be as well. At 05:22 PM 6/5/02, you wrote: Let's be fair... CFMX is not setup to handle Website Pro. I have heard that Website Pro teams are working on something (according to someone on this list from last week) for CFMX, but ... if you look at the CFMX supported webservers, Website Pro is not one of them. I don't think Bud is running CF MX: OK. I've got CF 4.51 on my development box. I also run WebSite Pro on the dev box, which I just upgraded to the latest version, which I'd also done on the real server with no problem. From this, I assume he just upgraded WebSite Pro, not CF. Anyway, what's more interesting is this - the prerelease versions of CF MX used an ISAPI filter, and ISAPI filters aren't supported by WebSite Pro. The release version, on the other hand, uses an ISAPI extension, and WebSite Pro supports those. So, since I had a copy of WebSite Pro, I decided to install it on my CF MX machine, and they work together fine (CF MX, WebSite Pro 3.1.13 SP1). Note that, to get it working, I already had CF MX in standalone mode, and I'd manually set up the connector for IIS. This implies that you may have to get someone to send you the connector DLL, or you may have to have IIS on the server just to create the connector! Then, in WebSite Pro, I just associated cfm files to the ISAPI connector, and created a content type for .cfm mapped to wwwserver/isapi. I ran a test page with this code: #Server.ColdFusion.ProductVersion# and it worked fine. So, WebSite Pro users (all three of you) rejoice! Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Ridiculous Problem!
I think this is because you are missing this file :\Inetpub\wwwroot\Main\ide.cfm I belive I read that somewhere recently. At 04:25 PM 6/5/02 -0400, you wrote: Bud, What is '/' mapped too? Also, are you hosting multiple sites on the webserver? Which one is CFIDE physically located in? When CFMX was installed, did you choose Standalone or...? ~Todd At 01:20 PM 6/5/2002 -0700, you wrote: Well.. if this is the case for this person, I don't know. But you will have this problem if the CFIDE directory is not located in the root of the site, which is also set in the CF admin under mappings not sure how it does in MX. I have not messed with it yet. Shawn Regan -Original Message- From: Shawn Regan [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 05, 2002 1:14 PM To: CF-Talk Subject: RE: Ridiculous Problem! It sounds like you still don't have your CFIDE mapping correct. Shawn Regan -Original Message- From: UXB Internet [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 05, 2002 1:03 PM To: CF-Talk Subject: RE: Ridiculous Problem! And people ask me why I don't rush to upgrade all the time. Let me know what you find Bud, I have the same configuration (I think my dev box even has the same internal IP number ) Best regards, Dennis Powers UXB Internet - A Web Design and Hosting Company tel: (203)879-2844 fax: (203)879-6254 http://www.uxbinternet.com/ http://dennis.uxb.net/ -Original Message- From: Bud [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 05, 2002 7:13 AM To: CF-Talk Subject: Ridiculous Problem! OK. I've got CF 4.51 on my development box. I also run WebSite Pro on the dev box, which I just upgraded to the latest version, which I'd also done on the real server with no problem. I can access the CF Login page thru http://192.168.0.5/CFIDE/administrator/index.cfm But when I try to log in I get /CFIDE/administrator/index.cfm not found The mappings are correct. I can make a link to href=/CFIDE/administrator/index.cfm from anywhere in WWWRoot and it loads fine. I've even gone so far as to create a new mapping to WWWRoot\CFIDE\ and also saved the login page source code and used a complete URL to form action=http://192.168.0.5/CFIDE/administrator/index.cfm;. 127.0.0.1 acts the same way if I try to access it straight from the dev box. Cookies are enabled. It does this from any computer hooked to the dev box. Does anyone have any clue at all what can be happening here? It's like eeevery day I get up ready to work and it's something. Like a Gremlin conspiracy to stop me from making money. -- Bud Schneehagen - Tropical Web Creations _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ ColdFusion Solutions / eCommerce Development [EMAIL PROTECTED] http://www.twcreations.com/ 954.721.3452 __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists