Re: cfimage - upgrading to from older server
advise your host to upgrade to cf8.0.1 and apply the latest hotfix that
solves this issue.
Azadi Saryev
Sabai-dee.com
http://www.sabai-dee.com/
Mike Little wrote:
> hi guys,
>
> just having a few problems with a script i have used on older cf servers (6
> and 7). i have attempted upgrading it to using the new cfimage tag. it seems
> to break down near the end when trying to delete the existing uploaded file.
> the file seems to be locked and access is denied.
>
> my webhost have too restart the cfapplication in order to unlock the files.
>
> has anyone had this trouble OR know of a better way i should now be handling
> this??
>
> mike
>
> destination="#application.settings.fileDir#project_images\"
> nameconflict="makeunique" accept="image/jpg, image/jpeg, image/pjpeg,
> image/gif, image/png">
>
>
>
>source="#application.settings.fileDir#project_images\#cffile.serverFile#"
> structname="imageInfo" />
>
>
>
>
>
>
>(imageInfo.height GT 87)>
>
>
>
>
>& '.' & cffile.serverFileExt>
>
>
>
>source="#application.settings.fileDir#project_images\#cffile.serverFile#"
> action="resize" width="413" height=""
> destination="#application.settings.fileDir#project_images\#new_image_name#"
> quality="0.8">
>
>
>
>source="#application.settings.fileDir#project_images\#cffile.serverFile#"
> action="resize" width="115" height=""
> destination="#application.settings.fileDir#project_images\thumb_#new_image_name#"
> quality="0.8">
>
>source="#application.settings.fileDir#project_images\#cffile.serverFile#"
> destination="#application.settings.fileDir#project_images\thumb_#new_image_name#">
>
>
>
>
>fileExists("#application.settings.fileDir#project_images\#cffile.serverFile#")>
>File="#application.settings.fileDir#project_images\#cffile.serverFile#">
>
>
>source="#application.settings.fileDir#project_images\#cffile.serverFile#"
> destination="#application.settings.fileDir#project_images\#new_image_name#">
>
>
>
>
>
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;203748912;27390454;j
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310662
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: SVN in Production
You need to delete those SVN dir's with a script. >Hello, > >Looking at some of the responses in the recent thread on SVN v ftp I get >an impression that some folk are using SVN clients on Production boxes. >What are people's thoughts on this? Is it a security risk, is it >dangerous in some other way, or is it a "bad thing" because of all of >those extra files that cause havoc with backups? > >-- > >Yours, > >Kym Kovan >mbcomms ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310663 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SVN in Production
>You need to delete those SVN dir's with a script. > >>mbcomms BTW: I still prefer using DIFF in combination with FTP... But I am a lonely guy, if you search with "deploy web app" on google it's all SVN nowadays. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310664 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SVN in Production
SVN SHOULD NEVER BE USED IN PRODUCTION... SVN is used to have a revision control system, so that you could roll back to a previous version or whatever you need to do. When it comes to production, why the hell would you install 99% of extra space taking codes and indexes to a production server? Over a period of time, your code might be 1meg in size, but after a year the SVN indexes could result in 2gig and more of space that is no longer needed. But then if one read the docs to these tools, one would not use SVN in production. SVN can be expensive when it comes to hard drive space, and one should never and I will repeat this again. NEVER USE SVN in production. Use a program like beyond compare to syn file changes or something, but NEVER USE SVN in production. I am shocked to find people don't research their tools enough. So let me recap, DO NOT USE SVN IN PRODUCTION. If you do then your a damn fool, and should be shot on sight. -- Senior Coldfusion Developer Aegeon Pty. Ltd. www.aegeon.com.au Phone: +613 9015 8628 Mobile: 0404 998 273 -Original Message- From: Kym Kovan [mailto:[EMAIL PROTECTED] Sent: Monday, 11 August 2008 11:07 AM To: CF-Talk Subject: SVN in Production Hello, Looking at some of the responses in the recent thread on SVN v ftp I get an impression that some folk are using SVN clients on Production boxes. What are people's thoughts on this? Is it a security risk, is it dangerous in some other way, or is it a "bad thing" because of all of those extra files that cause havoc with backups? -- Yours, Kym Kovan mbcomms ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310665 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
CFEclipse code folding; not working
Hi all, i've just installed eclipse ganymede with aptana and then cfeclipse and code folding just isn't happening (no little grey fold icons). I have checked all the cfeclipse code folding preferences and no clues. Anyone experienced this? Thanks in advance, Dominic -- Blog it up: http://fusion.dominicwatson.co.uk ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310666 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL injection attack on House of Fusion
Well... This has got to be the strongest case for unit testing then... If a component is unit tested, then the first thing is that you will know that this could happen and fix it straight away. The second is that this is why. ColdFusion should have adopted an approach that used an ORM instead With an ORM it reduces the risk, provided the ORM takes these attacks seriously. I have never seen these attacks with hibernate, within GORM and Domain Driven design approaches. I so hope that ColdFusion 9, has 2 things on its release. 1) The engine itself is open sourced. And the extra functionality and support for middle tier API integration is adopted. 2) GORM style approach as in DDD (Domain Driven Design) is taken more seriously. With these 2 additions then SQL injection will be a thing of the past. -- Senior Coldfusion Developer Aegeon Pty. Ltd. www.aegeon.com.au Phone: +613 9015 8628 Mobile: 0404 998 273 -Original Message- From: Ben Forta [mailto:[EMAIL PROTECTED] Sent: Saturday, 9 August 2008 2:05 AM To: CF-Talk Subject: RE: SQL injection attack on House of Fusion Yep, was curious about that too. I modified Justin's script to not send e-mails, but to write a simple log entry - more an act of curiosity than anything else - I just log the date, time, and client IP address. --- Ben -Original Message- From: Brad Wood [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2008 12:03 PM To: CF-Talk Subject: Re: SQL injection attack on House of Fusion Tell us how you really feel Ben. :) I had to temporarily stop apache on my site long enough to get a stop gap in place. My database is safe, but I was getting around 90 requests a second and ColdFusion and MySQL were eating up all the server's CPU trying to keep up. SSH was even unresponsive. I think I'm going to dump all these attempts in a database to analyze. I curious where the majority of the IPs are coming from. There has to be a way to squeak in the ear of ISPs loud enough to have them shut down infected users until they are cleaned. ~Brad - Original Message - From: "Ben Forta" <[EMAIL PROTECTED]> To: "CF-Talk" Sent: Friday, August 08, 2008 10:50 AM Subject: RE: SQL injection attack on House of Fusion > Yep, I turned e-mail notifications off too, leave it on and you can > inadvertently turn blocking SQL injection attacks into a self-imposed DoS > attack. Fun stuff. > > On the plus side, it's nice to see CF finally getting the recognition it > deserves, even if it is from parasitic bottom-feeding bots created by > despicable scum-sucking feeble-excuse-for-a-carbon-based-life-form > repugnant > socially-inept basement-dwelling death-penalty-deserving hacker-wannabes. > > --- Ben ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310667 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL injection attack on House of Fusion
Hmmm... Of course it is possible to use cookies They chose not too... Why... Because they have no real need to be attached to a session Think about it for a minute or two... -- Senior Coldfusion Developer Aegeon Pty. Ltd. www.aegeon.com.au Phone: +613 9015 8628 Mobile: 0404 998 273 -Original Message- From: Wil Genovese [mailto:[EMAIL PROTECTED] Sent: Saturday, 9 August 2008 2:26 AM To: CF-Talk Subject: Re: SQL injection attack on House of Fusion very few bots accept cookies. I've never actually seen one that does, but I have read it is possible to write one that will. Wil Genovese One man with courage makes a majority. -Andrew Jackson A fine is a tax for doing wrong. A tax is a fine for doing well. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310668 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: CFEclipse code folding; not working
What version of cfeclipse are you using? 1.3.2 beta? Then maybe dropn back to the latest stable release of 1.3.1.6 and you should be fine. -- Senior Coldfusion Developer Aegeon Pty. Ltd. www.aegeon.com.au Phone: +613 9015 8628 Mobile: 0404 998 273 -Original Message- From: Dominic Watson [mailto:[EMAIL PROTECTED] Sent: Monday, 11 August 2008 6:36 PM To: CF-Talk Subject: CFEclipse code folding; not working Hi all, i've just installed eclipse ganymede with aptana and then cfeclipse and code folding just isn't happening (no little grey fold icons). I have checked all the cfeclipse code folding preferences and no clues. Anyone experienced this? Thanks in advance, Dominic -- Blog it up: http://fusion.dominicwatson.co.uk ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310669 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: CFEclipse code folding; not working
i have ganymede installed, even though i do not use eclipse day-to-day, and one thing i had to manually configure was to enable the line numbers bar - i think the latest cfeclipse has it disabled by default... now i do have the code folding handles... can't remember which blog i found the instructions on - but I am sure google knows... Azadi Saryev Sabai-dee.com http://www.sabai-dee.com/ Dominic Watson wrote: > Hi all, i've just installed eclipse ganymede with aptana and then > cfeclipse and code folding just isn't happening (no little grey fold > icons). I have checked all the cfeclipse code folding preferences and > no clues. > > Anyone experienced this? > > Thanks in advance, > > Dominic > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310670 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CFEclipse code folding; not working
I'm using the stable release :0 (couldn't open files in beta releases) Dominic 2008/8/11 Andrew Scott <[EMAIL PROTECTED]>: > What version of cfeclipse are you using? 1.3.2 beta? Then maybe dropn back > to the latest stable release of 1.3.1.6 and you should be fine. > > > > > > -- > Senior Coldfusion Developer > Aegeon Pty. Ltd. > www.aegeon.com.au > Phone: +613 9015 8628 > Mobile: 0404 998 273 > > > > > -Original Message- > From: Dominic Watson [mailto:[EMAIL PROTECTED] > Sent: Monday, 11 August 2008 6:36 PM > To: CF-Talk > Subject: CFEclipse code folding; not working > > Hi all, i've just installed eclipse ganymede with aptana and then > cfeclipse and code folding just isn't happening (no little grey fold > icons). I have checked all the cfeclipse code folding preferences and > no clues. > > Anyone experienced this? > > Thanks in advance, > > Dominic > > -- > Blog it up: http://fusion.dominicwatson.co.uk > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310671 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: CFEclipse code folding; not working
;) google it appears, is stumped. I've never had problems getting the code folding to work and it works at home with the same setup (though it can't quite be the same obviously!). Dominic 2008/8/11 Azadi Saryev <[EMAIL PROTECTED]>: > i have ganymede installed, even though i do not use eclipse day-to-day, > and one thing i had to manually configure was to enable the line numbers > bar - i think the latest cfeclipse has it disabled by default... now i > do have the code folding handles... > can't remember which blog i found the instructions on - but I am sure > google knows... > > Azadi Saryev > Sabai-dee.com > http://www.sabai-dee.com/ > > > > Dominic Watson wrote: >> Hi all, i've just installed eclipse ganymede with aptana and then >> cfeclipse and code folding just isn't happening (no little grey fold >> icons). I have checked all the cfeclipse code folding preferences and >> no clues. >> >> Anyone experienced this? >> >> Thanks in advance, >> >> Dominic >> >> > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310672 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SVN in Production
clear statement, I'll use that in my meeting with the boss :) >SVN SHOULD NEVER BE USED IN PRODUCTION... > >SVN is used to have a revision control system, so that you could roll back >to a previous version or whatever you need to do. > >When it comes to production, why the hell would you install 99% of extra >space taking codes and indexes to a production server? Over a period of >time, your code might be 1meg in size, but after a year the SVN indexes >could result in 2gig and more of space that is no longer needed. But then if >one read the docs to these tools, one would not use SVN in production. > >SVN can be expensive when it comes to hard drive space, and one should never >and I will repeat this again. > >NEVER USE SVN in production. > >Use a program like beyond compare to syn file changes or something, but >NEVER USE SVN in production. > >I am shocked to find people don't research their tools enough. > >So let me recap, DO NOT USE SVN IN PRODUCTION. If you do then your a damn >fool, and should be shot on sight. > > > >-- >Senior Coldfusion Developer >Aegeon Pty. Ltd. >www.aegeon.com.au >Phone: +613 9015 8628 >Mobile: 0404 998 273 > > > > >Hello, > >Looking at some of the responses in the recent thread on SVN v ftp I get >an impression that some folk are using SVN clients on Production boxes. >What are people's thoughts on this? Is it a security risk, is it >dangerous in some other way, or is it a "bad thing" because of all of >those extra files that cause havoc with backups? > >-- > >Yours, > >Kym Kovan >mbcomms ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310673 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: CFEclipse code folding; not working
http://blog.critical-web.com/blog/index.cfm/2008/8/3/Enabling-Line-Numbers-In-CFEclipse-1316-On-Eclipse-Ganymede-34 Azadi Saryev Sabai-dee.com http://www.sabai-dee.com/ Dominic Watson wrote: > ;) google it appears, is stumped. I've never had problems getting the > code folding to work and it works at home with the same setup (though > it can't quite be the same obviously!). > > Dominic > > 2008/8/11 Azadi Saryev <[EMAIL PROTECTED]>: > >> i have ganymede installed, even though i do not use eclipse day-to-day, >> and one thing i had to manually configure was to enable the line numbers >> bar - i think the latest cfeclipse has it disabled by default... now i >> do have the code folding handles... >> can't remember which blog i found the instructions on - but I am sure >> google knows... >> >> Azadi Saryev >> Sabai-dee.com >> http://www.sabai-dee.com/ >> >> >> >> Dominic Watson wrote: >> >>> Hi all, i've just installed eclipse ganymede with aptana and then >>> cfeclipse and code folding just isn't happening (no little grey fold >>> icons). I have checked all the cfeclipse code folding preferences and >>> no clues. >>> >>> Anyone experienced this? >>> >>> Thanks in advance, >>> >>> Dominic >>> >>> >>> >> > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310674 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CFEclipse code folding; not working
Thanks, but I have no problem with line numbers. My problem is with code folding. Dominic 2008/8/11 Azadi Saryev <[EMAIL PROTECTED]>: > http://blog.critical-web.com/blog/index.cfm/2008/8/3/Enabling-Line-Numbers-In-CFEclipse-1316-On-Eclipse-Ganymede-34 > > Azadi Saryev > Sabai-dee.com > http://www.sabai-dee.com/ > > > > Dominic Watson wrote: >> ;) google it appears, is stumped. I've never had problems getting the >> code folding to work and it works at home with the same setup (though >> it can't quite be the same obviously!). >> >> Dominic >> >> 2008/8/11 Azadi Saryev <[EMAIL PROTECTED]>: >> >>> i have ganymede installed, even though i do not use eclipse day-to-day, >>> and one thing i had to manually configure was to enable the line numbers >>> bar - i think the latest cfeclipse has it disabled by default... now i >>> do have the code folding handles... >>> can't remember which blog i found the instructions on - but I am sure >>> google knows... >>> >>> Azadi Saryev >>> Sabai-dee.com >>> http://www.sabai-dee.com/ >>> >>> >>> >>> Dominic Watson wrote: >>> Hi all, i've just installed eclipse ganymede with aptana and then cfeclipse and code folding just isn't happening (no little grey fold icons). I have checked all the cfeclipse code folding preferences and no clues. Anyone experienced this? Thanks in advance, Dominic >>> >> >> > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310675 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SVN in Production
Yeah There are so many different ways to deploy, the problem boils down to the tools that we use. Me, I can't vouch for the likes of svnAnt and I DO not see a need for svnAnt to migrate changes to production, a first of deployment sure I could see its merits. But not as I make changes or fixes. I might make 10 FIXES, but only 2 should or need to go live. Me, I use the fact that the application I use / write has 2 states of development. One, is the latest build and changes or additions to the application itself. The second is what is currently in production. I use and endorse Beyond Compare by Scooter Software, when deploying changes to production. However when it comes to total control. I will have a branch in SVN for stable and build/release version number and use the switch to switch between the versions. But when it comes to DIFF, BC (Beyond Compare) is as simple as it needs to be. Does the change I made need to be deployed, visually the change says no so then I can deploy that file or line by line. Just in case I was working on other things when I fixed a major bug or something. But eventually one should deploy the best that suits their needs, and SVN is not the way to go. Use what best suits you, but DO NOT USE SVN as a means to keep production upto date. NEVER... -- Senior Coldfusion Developer Aegeon Pty. Ltd. www.aegeon.com.au Phone: +613 9015 8628 Mobile: 0404 998 273 -Original Message- From: Joeri B [mailto:[EMAIL PROTECTED] Sent: Monday, 11 August 2008 7:04 PM To: CF-Talk Subject: Re: SVN in Production clear statement, I'll use that in my meeting with the boss :) >SVN SHOULD NEVER BE USED IN PRODUCTION... > >SVN is used to have a revision control system, so that you could roll back >to a previous version or whatever you need to do. > >When it comes to production, why the hell would you install 99% of extra >space taking codes and indexes to a production server? Over a period of >time, your code might be 1meg in size, but after a year the SVN indexes >could result in 2gig and more of space that is no longer needed. But then if >one read the docs to these tools, one would not use SVN in production. > >SVN can be expensive when it comes to hard drive space, and one should never >and I will repeat this again. > >NEVER USE SVN in production. > >Use a program like beyond compare to syn file changes or something, but >NEVER USE SVN in production. > >I am shocked to find people don't research their tools enough. > >So let me recap, DO NOT USE SVN IN PRODUCTION. If you do then your a damn >fool, and should be shot on sight. > > > >-- >Senior Coldfusion Developer >Aegeon Pty. Ltd. >www.aegeon.com.au >Phone: +613 9015 8628 >Mobile: 0404 998 273 > > > > >Hello, > >Looking at some of the responses in the recent thread on SVN v ftp I get >an impression that some folk are using SVN clients on Production boxes. >What are people's thoughts on this? Is it a security risk, is it >dangerous in some other way, or is it a "bad thing" because of all of >those extra files that cause havoc with backups? > >-- > >Yours, > >Kym Kovan >mbcomms ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310676 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CFEclipse code folding; not working
iirc, i had the code folding problem until i sorted the line numbers out... sorry caouln't help you more... Azadi Saryev Sabai-dee.com http://www.sabai-dee.com/ Dominic Watson wrote: > Thanks, but I have no problem with line numbers. My problem is with > code folding. > > Dominic > > 2008/8/11 Azadi Saryev <[EMAIL PROTECTED]>: > >> http://blog.critical-web.com/blog/index.cfm/2008/8/3/Enabling-Line-Numbers-In-CFEclipse-1316-On-Eclipse-Ganymede-34 >> >> Azadi Saryev >> Sabai-dee.com >> http://www.sabai-dee.com/ >> >> >> >> Dominic Watson wrote: >> >>> ;) google it appears, is stumped. I've never had problems getting the >>> code folding to work and it works at home with the same setup (though >>> it can't quite be the same obviously!). >>> >>> Dominic >>> >>> 2008/8/11 Azadi Saryev <[EMAIL PROTECTED]>: >>> >>> i have ganymede installed, even though i do not use eclipse day-to-day, and one thing i had to manually configure was to enable the line numbers bar - i think the latest cfeclipse has it disabled by default... now i do have the code folding handles... can't remember which blog i found the instructions on - but I am sure google knows... Azadi Saryev Sabai-dee.com http://www.sabai-dee.com/ Dominic Watson wrote: > Hi all, i've just installed eclipse ganymede with aptana and then > cfeclipse and code folding just isn't happening (no little grey fold > icons). I have checked all the cfeclipse code folding preferences and > no clues. > > Anyone experienced this? > > Thanks in advance, > > Dominic > > > > >>> >> > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310677 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: SVN in Production
Kym Kovan wrote: > Looking at some of the responses in the recent thread on SVN v ftp I get > an impression that some folk are using SVN clients on Production boxes. > What are people's thoughts on this? Is it a security risk, is it > dangerous in some other way, or is it a "bad thing" because of all of > those extra files that cause havoc with backups? You only get the extra files if you do a checkout to create a working copy, not if you do an export. Since in our workflow web content has a strict one way (dev -> QA -> prod) publishing cycle that works fine with exports. For server configuration files (basically all of /etc/) I need working copies because they go both ways, from repo to server and from server to repo. But on the other hand, I don't want any extra files in my /etc/ because that would seriously mess up anything that works with config directories instead of config files. So there I typically have a working copy in /tmp/ that mirrors /etc/ and use that if I have to push files to the repository. That does require discipline though to keep /etc/ and /tmp/etc/ in sync. Jochem ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310678 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CFEclipse code folding; not working
Ah I see, thank you. Frustrating, the line numbers are all working perfectly. I'll try installing europa and see if I have any luck there. Dominc 2008/8/11 Azadi Saryev <[EMAIL PROTECTED]>: > iirc, i had the code folding problem until i sorted the line numbers > out... sorry caouln't help you more... > > Azadi Saryev > Sabai-dee.com > http://www.sabai-dee.com/ > > > > Dominic Watson wrote: >> Thanks, but I have no problem with line numbers. My problem is with >> code folding. >> >> Dominic >> >> 2008/8/11 Azadi Saryev <[EMAIL PROTECTED]>: >> >>> http://blog.critical-web.com/blog/index.cfm/2008/8/3/Enabling-Line-Numbers-In-CFEclipse-1316-On-Eclipse-Ganymede-34 >>> >>> Azadi Saryev >>> Sabai-dee.com >>> http://www.sabai-dee.com/ >>> >>> >>> >>> Dominic Watson wrote: >>> ;) google it appears, is stumped. I've never had problems getting the code folding to work and it works at home with the same setup (though it can't quite be the same obviously!). Dominic 2008/8/11 Azadi Saryev <[EMAIL PROTECTED]>: > i have ganymede installed, even though i do not use eclipse day-to-day, > and one thing i had to manually configure was to enable the line numbers > bar - i think the latest cfeclipse has it disabled by default... now i > do have the code folding handles... > can't remember which blog i found the instructions on - but I am sure > google knows... > > Azadi Saryev > Sabai-dee.com > http://www.sabai-dee.com/ > > > > Dominic Watson wrote: > > >> Hi all, i've just installed eclipse ganymede with aptana and then >> cfeclipse and code folding just isn't happening (no little grey fold >> icons). I have checked all the cfeclipse code folding preferences and >> no clues. >> >> Anyone experienced this? >> >> Thanks in advance, >> >> Dominic >> >> >> >> >>> >> >> > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310679 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Database Sessions
Morning guys, Does anyone know how ColdFusion handles opening and closing a database session? Is it for every cfquery tag set? Or for every cftransaction tag set? Or is it less predictable than that? The reason I ask is that I've been looking at using temporary tables in a procedure, as I understand it, SQL Server creates these in a session local variable. I need to know how long the temporary table will be accessible to me in this session scope, can it spread across multiple queries? Or just the single one?. Any ideas? Cheers, Rob ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310680 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SVN in Production
What Do you mean by repo -> server and server -> repo? The latter should never be an issue, or even considered. Anyone who makes changes to production and not in a development environment shouod be hung out to dry or better still beaten with a stick until you realise that development is what it means. You develop, you fix and you test. And when you and your client are happy then it is moved from dev / qa to production. If you make changes to production and the stick back into the SVN, you seriously need to rethink your procedures. NEVER USE production WITH YOUR SVN REPOSTIORY. Development at all costs, needs to do one of two things. Be the latest, be tested and if required then deployed to live. NEVER the other way around. If youu are intent on following the wrong rules of development then you are doomed to be the one that is developing with the wrong frame of mind. Once you have deployed to a production server, it should never have any ties with the repository in any way shape or form. If you are one of those that think this is ok, then you will need to adopt new procedures quickly. Before you adopt bad and I mean VERY BAD ideas. SVN was created for one purpose and one purpse only, that was to provide a revision control system for you to roll back, and manage different versions of your code. If you chose to ignore that then you are creating more work and more headaches to your development team or yourself if you are a lone developer. The thing to remember is what someone else might think about your procedures, and I do not care what anyone else has to say about using SVN when it comes to production code. If you can't be bothered to read the docs on what SVN actually is, or how to best utilise it then you should NOT be using it. -- Senior Coldfusion Developer Aegeon Pty. Ltd. www.aegeon.com.au Phone: +613 9015 8628 Mobile: 0404 998 273 -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Monday, 11 August 2008 7:29 PM To: CF-Talk Subject: Re: SVN in Production Kym Kovan wrote: > Looking at some of the responses in the recent thread on SVN v ftp I get > an impression that some folk are using SVN clients on Production boxes. > What are people's thoughts on this? Is it a security risk, is it > dangerous in some other way, or is it a "bad thing" because of all of > those extra files that cause havoc with backups? You only get the extra files if you do a checkout to create a working copy, not if you do an export. Since in our workflow web content has a strict one way (dev -> QA -> prod) publishing cycle that works fine with exports. For server configuration files (basically all of /etc/) I need working copies because they go both ways, from repo to server and from server to repo. But on the other hand, I don't want any extra files in my /etc/ because that would seriously mess up anything that works with config directories instead of config files. So there I typically have a working copy in /tmp/ that mirrors /etc/ and use that if I have to push files to the repository. That does require discipline though to keep /etc/ and /tmp/etc/ in sync. Jochem ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310682 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SVN in Production
On Monday 11 Aug 2008, Andrew Scott wrote: > SVN SHOULD NEVER BE USED IN PRODUCTION... I assume you mean 'to deploy code to a production box' ? Because as a production RCS it's well known for being utterly solid. > When it comes to production, why the hell would you install 99% of extra > space taking codes and indexes to a production server? Over a period of > time, your code might be 1meg in size, but after a year the SVN indexes > could result in 2gig and more of space that is no longer needed. SVN checkouts only contain one extra copy of each file (in side the .svn directory). This is unlikely to be an order of magnitude greater than the 'actual' file as you suggest. > But then > if one read the docs to these tools, one would not use SVN in production. I think 'svn help export' is fairly clear in not saying one way or the other. > SVN can be expensive when it comes to hard drive space, Hard drive space is *very* cheap, really. A lot of people are using virtual servers anyway, so more hard drive space is free*. > Use a program like beyond compare to syn file changes or something, but > NEVER USE SVN in production. Why wouldn't I use 'svn diff' or a suitable GUI ? > So let me recap, DO NOT USE SVN IN PRODUCTION. If you do then your a damn > fool, and should be shot on sight. I think you must have had a bad experience at some point... -- Tom Chiverton This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310681 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SVN in Production
Yes, indeed. With a diff ( I want to use free commander with Winmerge) tool, you SEE the changes going live. I point that one out in a previous post. I work on a large project in a existing application which I check-in constantly (Backup purpose and team work) , but doesn't need to go live. Because it's not finished yet. With a diff tool it's easy to put other fixes live, and others not. With SVN (export) it's difficult. You can work with branches... but that is tricky. >Yeah > >There are so many different ways to deploy, the problem boils down to the >tools that we use. Me, I can't vouch for the likes of svnAnt and I DO not >see a need for svnAnt to migrate changes to production, a first of >deployment sure I could see its merits. But not as I make changes or fixes. >I might make 10 FIXES, but only 2 should or need to go live. > >Me, I use the fact that the application I use / write has 2 states of >development. > >One, is the latest build and changes or additions to the application itself. >The second is what is currently in production. I use and endorse Beyond >Compare by Scooter Software, when deploying changes to production. > >However when it comes to total control. I will have a branch in SVN for >stable and build/release version number and use the switch to switch between >the versions. > >But when it comes to DIFF, BC (Beyond Compare) is as simple as it needs to >be. Does the change I made need to be deployed, visually the change says no >so then I can deploy that file or line by line. Just in case I was working >on other things when I fixed a major bug or something. > >But eventually one should deploy the best that suits their needs, and SVN is >not the way to go. > >Use what best suits you, but DO NOT USE SVN as a means to keep production >upto date. NEVER... > > > >-- >Senior Coldfusion Developer >Aegeon Pty. Ltd. >www.aegeon.com.au >Phone: +613 9015 8628 >Mobile: 0404 998 273 > > > > >clear statement, I'll use that in my meeting with the boss :) > >if >>one read the docs to these tools, one would not use SVN in production. >> >>SVN can be expensive when it comes to hard drive space, and one should >never ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310683 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SVN in Production
This is an interesting conversation, I've been using SVN Export for some time now when looking to deploy changes to production and not really had any beef from it. I understand what you guys are saying here about only wishing to deploy certain changes, that's a very valid use case, but to be honest, I would perhaps suggest that you guys are not strict enough on your version control in the first place and perhaps you processes rant quite right, as it sounds like you're deploying code straight from trunk / branches? Using your DIFF based stuff to pick and choose which modifications get deployed? Surely, once you know what code version is 'production ready' then you build it into a release candidate in a new tag? You then can use SVN to deploy from the latest tag to production? No? I wouldn't ever deploy from anything that wasn't in /tags, and the only way anything makes it into a tag is when its test and ready as a release candidate. -Original Message- From: Joeri B [mailto:[EMAIL PROTECTED] Sent: 11 August 2008 10:58 To: CF-Talk Subject: Re: SVN in Production Yes, indeed. With a diff ( I want to use free commander with Winmerge) tool, you SEE the changes going live. I point that one out in a previous post. I work on a large project in a existing application which I check-in constantly (Backup purpose and team work) , but doesn't need to go live. Because it's not finished yet. With a diff tool it's easy to put other fixes live, and others not. With SVN (export) it's difficult. You can work with branches... but that is tricky. >Yeah > >There are so many different ways to deploy, the problem boils down to the >tools that we use. Me, I can't vouch for the likes of svnAnt and I DO not >see a need for svnAnt to migrate changes to production, a first of >deployment sure I could see its merits. But not as I make changes or fixes. >I might make 10 FIXES, but only 2 should or need to go live. > >Me, I use the fact that the application I use / write has 2 states of >development. > >One, is the latest build and changes or additions to the application itself. >The second is what is currently in production. I use and endorse Beyond >Compare by Scooter Software, when deploying changes to production. > >However when it comes to total control. I will have a branch in SVN for >stable and build/release version number and use the switch to switch between >the versions. > >But when it comes to DIFF, BC (Beyond Compare) is as simple as it needs to >be. Does the change I made need to be deployed, visually the change says no >so then I can deploy that file or line by line. Just in case I was working >on other things when I fixed a major bug or something. > >But eventually one should deploy the best that suits their needs, and SVN is >not the way to go. > >Use what best suits you, but DO NOT USE SVN as a means to keep production >upto date. NEVER... > > > >-- >Senior Coldfusion Developer >Aegeon Pty. Ltd. >www.aegeon.com.au >Phone: +613 9015 8628 >Mobile: 0404 998 273 > > > > >clear statement, I'll use that in my meeting with the boss :) > >if >>one read the docs to these tools, one would not use SVN in production. >> >>SVN can be expensive when it comes to hard drive space, and one should >never ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310684 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SVN in Production
On Monday 11 Aug 2008, Andrew Scott wrote: > The latter should never be an issue, or even considered. Anyone who makes > changes to production and not in a development environment shouod be hung > out to dry or better still beaten with a stick until you realise that > development is what it means. You have clearly never worked with a slightly broken production system, and a PHB/client/boss breathing on your neck. > You develop, you fix and you test. And when you and your client are happy > then it is moved from dev / qa to production. Man, if only the world was that simple all the time ! > SVN was created for one purpose and one purpse only, that was to provide a > revision control system for you to roll back, a Actually, no, SVN was created "To take over the CVS user base. Specifically, we're writing a new version control system that is very similar to CVS, but fixes many things that are broken" (http://subversion.tigris.org/faq.html#why) -- Tom Chiverton This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310685 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: HELP! SQL Injection Attack!
On Friday 08 Aug 2008, Brian Peddle wrote: > Just curious as I have no seen this on an old asp site months ago and > now on CF. Every IP lookup I do goes back to If it's just a blind SQL injection attempt, the actual sending of the attack could be from a spoofed IP. -- Tom Chiverton This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310686 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SVN in Production
No one and I will repeat myself... No one is saying hard drive is not cheap. But let me ask you this, if you had a shared hosting plan with 100mb of storagespace, and part of this is your SQL space is also included. If you checkout it might be a copy of the current index from svn, but that is still and let me repeat myself this is still double your storage space if in a shared environment where space is an issue. No even so, whether it is an issue or not. You should never have .svn directories in a production environment, if you do then I can no longer help your ignorance. -- Senior Coldfusion Developer Aegeon Pty. Ltd. www.aegeon.com.au Phone: +613 9015 8628 Mobile: 0404 998 273 -Original Message- From: Tom Chiverton [mailto:[EMAIL PROTECTED] Sent: Monday, 11 August 2008 7:46 PM To: CF-Talk Subject: Re: SVN in Production On Monday 11 Aug 2008, Andrew Scott wrote: > SVN SHOULD NEVER BE USED IN PRODUCTION... I assume you mean 'to deploy code to a production box' ? Because as a production RCS it's well known for being utterly solid. > When it comes to production, why the hell would you install 99% of extra > space taking codes and indexes to a production server? Over a period of > time, your code might be 1meg in size, but after a year the SVN indexes > could result in 2gig and more of space that is no longer needed. SVN checkouts only contain one extra copy of each file (in side the .svn directory). This is unlikely to be an order of magnitude greater than the 'actual' file as you suggest. > But then > if one read the docs to these tools, one would not use SVN in production. I think 'svn help export' is fairly clear in not saying one way or the other. > SVN can be expensive when it comes to hard drive space, Hard drive space is *very* cheap, really. A lot of people are using virtual servers anyway, so more hard drive space is free*. > Use a program like beyond compare to syn file changes or something, but > NEVER USE SVN in production. Why wouldn't I use 'svn diff' or a suitable GUI ? > So let me recap, DO NOT USE SVN IN PRODUCTION. If you do then your a damn > fool, and should be shot on sight. I think you must have had a bad experience at some point... -- Tom Chiverton This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310687 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Database Sessions
CF does conenctions two ways: 1) CF uses pooled connections if you have maintain connections checked for the datasource, This means a connection will stay open for quite some time, across multiple web requests. 2) If you don't maintain connections, CF opens a connection at the first cfquery tag and keeps it open until the request ends, so that all the queries in a single request use the same connection. So, at the very least, you should be able to use your temporary table for everything in the page. On Mon, Aug 11, 2008 at 5:42 PM, Robert Rawlins <[EMAIL PROTECTED]> wrote: > Morning guys, > > Does anyone know how ColdFusion handles opening and closing a database > session? Is it for every cfquery tag set? Or for every cftransaction tag > set? Or is it less predictable than that? > > The reason I ask is that I've been looking at using temporary tables in a > procedure, as I understand it, SQL Server creates these in a session local > variable. I need to know how long the temporary table will be accessible to > me in this session scope, can it spread across multiple queries? Or just the > single one?. -- mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310688 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Database Sessions
Thanks James, that makes fair sense, I'll check my connection pooling setting and have a play around, I'll let you know how I get on. Rob -Original Message- From: James Holmes [mailto:[EMAIL PROTECTED] Sent: 11 August 2008 11:55 To: CF-Talk Subject: Re: Database Sessions CF does conenctions two ways: 1) CF uses pooled connections if you have maintain connections checked for the datasource, This means a connection will stay open for quite some time, across multiple web requests. 2) If you don't maintain connections, CF opens a connection at the first cfquery tag and keeps it open until the request ends, so that all the queries in a single request use the same connection. So, at the very least, you should be able to use your temporary table for everything in the page. On Mon, Aug 11, 2008 at 5:42 PM, Robert Rawlins <[EMAIL PROTECTED]> wrote: > Morning guys, > > Does anyone know how ColdFusion handles opening and closing a database > session? Is it for every cfquery tag set? Or for every cftransaction tag > set? Or is it less predictable than that? > > The reason I ask is that I've been looking at using temporary tables in a > procedure, as I understand it, SQL Server creates these in a session local > variable. I need to know how long the temporary table will be accessible to > me in this session scope, can it spread across multiple queries? Or just the > single one?. -- mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310689 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SVN in Production
I am the same, I could have 20 tickets at any one time that I am also working on. The moment the client says I want ticket number such and such to go live, but the ticket that is completed I haven't completed. So what do you do. 1) Export from SVN to live, this will not work because the tickets that do go live are not requested to go live. Do you branch and for what reason, I would only branch or tag under specific conditions and these conditions are determined by the team involved. 2) Make the eyeball changes that are needed to go live? Me, I would branch as much as possible. If you have only one client for your application then you might not need too. The point is this, if I was to make a production for the first time then an export would be fine. However that is never the case when it has been live for many days or more and I need to make changes to the system over a period of time. If I was to do a full export with all changes that I was working on there are two things that can happen. The first is that my changes that were never asked to go live will go live, if I choose to branch every change I make will be branched then it comes down to a nightmare as to which version I should switch too. I am not going to tell you how to use SVN, but I can guide you to the proper uses and if anyone chooses to ignore that, then they are on their own when it comes to support and what constitutes migration or a normal release. So this is what I have to say on the subject... If you want to migrate from SVN (via export) that is your choice, and you obviously have a different approach to your life cycle of the application you developed. But when it comes to experience, someone is always going to come along and tell you that you need to do it this way. But if you feel that your way is better (not you as the person who began this thread, but you as a developer who might be reading this thread.) thern by all means do what you need. But if I have to come along, and migrate from production to SVN because you made the changes live before being in a tested state and approved before making it live Then you seriously need to look at your FULL SDLC And make changes quickly before someone who knows what they are doing takes over from your work Clients are not stupid, they act that way to play you against other developers. If you think you know better then good luck to you. -- Senior Coldfusion Developer Aegeon Pty. Ltd. www.aegeon.com.au Phone: +613 9015 8628 Mobile: 0404 998 273 -Original Message- From: Joeri B [mailto:[EMAIL PROTECTED] Sent: Monday, 11 August 2008 7:58 PM To: CF-Talk Subject: Re: SVN in Production Yes, indeed. With a diff ( I want to use free commander with Winmerge) tool, you SEE the changes going live. I point that one out in a previous post. I work on a large project in a existing application which I check-in constantly (Backup purpose and team work) , but doesn't need to go live. Because it's not finished yet. With a diff tool it's easy to put other fixes live, and others not. With SVN (export) it's difficult. You can work with branches... but that is tricky. >Yeah > >There are so many different ways to deploy, the problem boils down to the >tools that we use. Me, I can't vouch for the likes of svnAnt and I DO not >see a need for svnAnt to migrate changes to production, a first of >deployment sure I could see its merits. But not as I make changes or fixes. >I might make 10 FIXES, but only 2 should or need to go live. > >Me, I use the fact that the application I use / write has 2 states of >development. > >One, is the latest build and changes or additions to the application itself. >The second is what is currently in production. I use and endorse Beyond >Compare by Scooter Software, when deploying changes to production. > >However when it comes to total control. I will have a branch in SVN for >stable and build/release version number and use the switch to switch between >the versions. > >But when it comes to DIFF, BC (Beyond Compare) is as simple as it needs to >be. Does the change I made need to be deployed, visually the change says no >so then I can deploy that file or line by line. Just in case I was working >on other things when I fixed a major bug or something. > >But eventually one should deploy the best that suits their needs, and SVN is >not the way to go. > >Use what best suits you, but DO NOT USE SVN as a means to keep production >upto date. NEVER... > > > >-- >Senior Coldfusion Developer >Aegeon Pty. Ltd. >www.aegeon.com.au >Phone: +613 9015 8628 >Mobile: 0404 998 273 > > > > >clear statement, I'll use that in my meeting with the boss :) > >if >>one read the docs to these tools, one would not use SVN in production. >> >>SVN can be expensive when it comes to hard drive space, and one should >never ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release
RE: SVN in Production
Really Let me tell you something then... I have 10 copies of this application in production, I could be fixing a bug that is related to only one of these branches. So if I switch ( come on I can't be the only one who uses the switch, to switch between different branches/tags?) then I can work on that one version, but then I decide that this fix needs to go to all the versions... I then merge/migrate this change, then I know need to migrate this change so how do I do it? Easy, I DO NOT EXPORT THE ENTIRE APPLICATION. Why is that, because the fix is related to the one client and I need to sync just that change. And how do you do that? That is not for me to tell you that, it is documented in the SVN and can be googled as well.. But the point is simple... 1) if I want to take 100% out of SVN then an export is good enough 2) if I need to migrate a change then I would compare the changes that I need, and this needs to be at an eyeball level. If you are dealing with an ORM, like I am with GORM then you need to be extremely careful what change you make live, it might only reflect a fix for one of your clients. And in this case you WILL not do an export, you would sync your changes only. Again I will say this to you all, think about your problem first. Then think about how it would work under certain circumstances, if it will not work for you then your approach is wrong as simple as that. NEVER USE SVN FOR PRODUCTION. NEVER, NEVER, NEVER. -- Senior Coldfusion Developer Aegeon Pty. Ltd. www.aegeon.com.au Phone: +613 9015 8628 Mobile: 0404 998 273 -Original Message- From: Robert Rawlins [mailto:[EMAIL PROTECTED] Sent: Monday, 11 August 2008 8:09 PM To: CF-Talk Subject: RE: SVN in Production This is an interesting conversation, I've been using SVN Export for some time now when looking to deploy changes to production and not really had any beef from it. I understand what you guys are saying here about only wishing to deploy certain changes, that's a very valid use case, but to be honest, I would perhaps suggest that you guys are not strict enough on your version control in the first place and perhaps you processes rant quite right, as it sounds like you're deploying code straight from trunk / branches? Using your DIFF based stuff to pick and choose which modifications get deployed? Surely, once you know what code version is 'production ready' then you build it into a release candidate in a new tag? You then can use SVN to deploy from the latest tag to production? No? I wouldn't ever deploy from anything that wasn't in /tags, and the only way anything makes it into a tag is when its test and ready as a release candidate. -Original Message- From: Joeri B [mailto:[EMAIL PROTECTED] Sent: 11 August 2008 10:58 To: CF-Talk Subject: Re: SVN in Production Yes, indeed. With a diff ( I want to use free commander with Winmerge) tool, you SEE the changes going live. I point that one out in a previous post. I work on a large project in a existing application which I check-in constantly (Backup purpose and team work) , but doesn't need to go live. Because it's not finished yet. With a diff tool it's easy to put other fixes live, and others not. With SVN (export) it's difficult. You can work with branches... but that is tricky. >Yeah > >There are so many different ways to deploy, the problem boils down to the >tools that we use. Me, I can't vouch for the likes of svnAnt and I DO not >see a need for svnAnt to migrate changes to production, a first of >deployment sure I could see its merits. But not as I make changes or fixes. >I might make 10 FIXES, but only 2 should or need to go live. > >Me, I use the fact that the application I use / write has 2 states of >development. > >One, is the latest build and changes or additions to the application itself. >The second is what is currently in production. I use and endorse Beyond >Compare by Scooter Software, when deploying changes to production. > >However when it comes to total control. I will have a branch in SVN for >stable and build/release version number and use the switch to switch between >the versions. > >But when it comes to DIFF, BC (Beyond Compare) is as simple as it needs to >be. Does the change I made need to be deployed, visually the change says no >so then I can deploy that file or line by line. Just in case I was working >on other things when I fixed a major bug or something. > >But eventually one should deploy the best that suits their needs, and SVN is >not the way to go. > >Use what best suits you, but DO NOT USE SVN as a means to keep production >upto date. NEVER... > > > >-- >Senior Coldfusion Developer >Aegeon Pty. Ltd. >www.aegeon.com.au >Phone: +613 9015 8628 >Mobile: 0404 998 273 > > > > >clear statement, I'll use that in my meeting with the boss :) > >if >>one read the docs to these tools, one would not use SVN in production. >> >>SVN can be expensive when it comes to hard drive space, and one should >never
RE: SVN in Production
DO NOT ASSUME WHAT I HAVE DONE OR NOT DONE I have not only been there, but that was 10 years ago and I have not only learnt from that, I have moved onto better and bigger things. If you feel it works for you then continue, but let me tell you this. Move outside of coldfusion and use those same approaches you will be not only scoldered. But I would say you might become an outcast to boot If you feel SVN -> production works for you... Then go for it... But let me tell you this, change jobs into java/groovy/grails and you will and I will say this WILL be a minority who knows nothing. I could create an image, this image could be used for 10 different sites and slight changes to each version, but it is only relevant to one of my clients. I would not be making that an export from SVN because you will end up with images that do not belong to the project wasting HD space... Think about it for a minute -- Senior Coldfusion Developer Aegeon Pty. Ltd. www.aegeon.com.au Phone: +613 9015 8628 Mobile: 0404 998 273 -Original Message- From: Tom Chiverton [mailto:[EMAIL PROTECTED] Sent: Monday, 11 August 2008 8:09 PM To: CF-Talk Subject: Re: SVN in Production On Monday 11 Aug 2008, Andrew Scott wrote: > The latter should never be an issue, or even considered. Anyone who makes > changes to production and not in a development environment shouod be hung > out to dry or better still beaten with a stick until you realise that > development is what it means. You have clearly never worked with a slightly broken production system, and a PHB/client/boss breathing on your neck. > You develop, you fix and you test. And when you and your client are happy > then it is moved from dev / qa to production. Man, if only the world was that simple all the time ! > SVN was created for one purpose and one purpse only, that was to provide a > revision control system for you to roll back, a Actually, no, SVN was created "To take over the CVS user base. Specifically, we're writing a new version control system that is very similar to CVS, but fixes many things that are broken" (http://subversion.tigris.org/faq.html#why) -- Tom Chiverton This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310692 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: SVN in Production
Andrew Scott wrote: > ... snip If you > checkout it might be a copy of the current index from svn, but that is still > and let me repeat myself this is still double your storage space if in a > shared environment where space is an issue. Andrew, that is a major step back from your earlier statements. I have been sitting back watching the responses, from Andrew's original "Extreme" statement to more measured responses from others and what I gather in one aspect at least is that the extra disk space could be an issue in that a simple checkout will take double the space of the code base itself. Beyond that I have seen no "hard" comments about security risks, etc., only fluffy ones. Andrew said again: > No even so, whether it is an issue or not. You should never have .svn > directories in a production environment, if you do then I can no longer help > your ignorance. Why not Andrew? I asked what I thought was a reasonable question and I did it because of a request of a client of ours. I have always thought "SVN is not for prod servers" but when I saw that thread I thought it might be sensible to ask why? You suggested doing some Googling, I found a whole bunch of folk who do use SVN clients on their Production servers as well as folk who say "never" just like you but also not with explanations as to why, just like you. So why? To put the whole thing in perspective a little context may come in handy. We started as a CF development shop back in the 1.5 days and took up hosting CF sites as no-one else did back then. The wheels have turned and now we do development work again as well as serious hosting and have a nice environment with workstations that run several versions of CF flowing through to test and stage servers where clients can make sure all is right before their sites get flipped over into production. SVN in the background, etc, all nicely civilized. On the hosting side we have many sites that we have had nothing to do with from a development perspective but suddenly one of those clients has hit a wall in terms of the size of their site and maintaining it and they want to drop into version control with us and "do it properly". Umm, 400MB+ of cfm files, the site with base gifs, js, css, etc to make it work was over 1.5GB. The whole site with client upload areas, etc is about 7GB. We did an initial copy of code, js, etc., onto an intermediate server to import it into SVN and then checked it out to the test server and then ran some file sync tools to the Production boxes which are FTP distance away. It took over an hour to say "no difference"! So our problem is how to push out changes to the Production boxes in a sensible fashion and hence our question that has raised such ire amongst one person at least :-) -- Yours, Kym Kovan mbcomms ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310693 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SVN in Production
You're an extremely aggressive individual aren't you Andrew? -Original Message- From: Andrew Scott [mailto:[EMAIL PROTECTED] Sent: 11 August 2008 12:15 To: CF-Talk Subject: RE: SVN in Production DO NOT ASSUME WHAT I HAVE DONE OR NOT DONE I have not only been there, but that was 10 years ago and I have not only learnt from that, I have moved onto better and bigger things. If you feel it works for you then continue, but let me tell you this. Move outside of coldfusion and use those same approaches you will be not only scoldered. But I would say you might become an outcast to boot If you feel SVN -> production works for you... Then go for it... But let me tell you this, change jobs into java/groovy/grails and you will and I will say this WILL be a minority who knows nothing. I could create an image, this image could be used for 10 different sites and slight changes to each version, but it is only relevant to one of my clients. I would not be making that an export from SVN because you will end up with images that do not belong to the project wasting HD space... Think about it for a minute -- Senior Coldfusion Developer Aegeon Pty. Ltd. www.aegeon.com.au Phone: +613 9015 8628 Mobile: 0404 998 273 -Original Message- From: Tom Chiverton [mailto:[EMAIL PROTECTED] Sent: Monday, 11 August 2008 8:09 PM To: CF-Talk Subject: Re: SVN in Production On Monday 11 Aug 2008, Andrew Scott wrote: > The latter should never be an issue, or even considered. Anyone who makes > changes to production and not in a development environment shouod be hung > out to dry or better still beaten with a stick until you realise that > development is what it means. You have clearly never worked with a slightly broken production system, and a PHB/client/boss breathing on your neck. > You develop, you fix and you test. And when you and your client are happy > then it is moved from dev / qa to production. Man, if only the world was that simple all the time ! > SVN was created for one purpose and one purpse only, that was to provide a > revision control system for you to roll back, a Actually, no, SVN was created "To take over the CVS user base. Specifically, we're writing a new version control system that is very similar to CVS, but fixes many things that are broken" (http://subversion.tigris.org/faq.html#why) -- Tom Chiverton This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310694 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SVN in Production
Andrew Scott wrote: > I could create an image, this image could be used for 10 different sites and > slight changes to each version, but it is only relevant to one of my > clients. I would not be making that an export from SVN because you will end > up with images that do not belong to the project wasting HD space... I think the above paragraph describes where we are at. In your context Andrew what you are saying is correct. I someone has one client with one codebase and one website then your concerns are not theirs. > Think about it for a minute Yeah, do that, not all the world is the same colour. -- Yours, Kym Kovan mbcomms ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310695 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SVN in Production
On Monday 11 Aug 2008, Andrew Scott wrote: > If you feel it works for you then continue, but let me tell you this. Move > outside of coldfusion and use those same approaches you will be not only > scoldered. But I would say you might become an outcast to boot I dunno, I bet the PHP folks are fond of it too. Obviously fully compiled languages like Java don't let you, but that's another matter... > tell you this, change jobs into java/groovy/grails and you will and I will > say this WILL be a minority who knows nothing. ah ha, you see ? -- Tom Chiverton This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310696 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: SVN in Production
On Monday 11 Aug 2008, Kym Kovan wrote: > intermediate server to import it into SVN and then checked it out to the > test server and then ran some file sync tools to the Production boxes > which are FTP distance away. It took over an hour to say "no difference"! That's one of the great steps SVN decided to take over CVS - keeping a clean local copy so 'diff' is fast and doesn't need access to the network. -- Tom Chiverton This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310697 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SVN in Production
Kym, I was not responding to you directly, if I did not answer your question then let me ask you this. If you are tight for HD space, and not everyone is. But what good would it be too actually have .svn files on your production server? If it doesn't need to be required to run, then it doesn't need to be there. >From a security point of view, unless it is behind a VPN that is totally secure you have your code base open to the whole world when and if it is hacked. Small chance that someone would work out that your production server is connected to your SVN server. If you are like ME and most others, your company or business is behind a firewall. This means a number of things, and if hacked then the code could include your SVN details to connect to your SVN server. Unlikely, but why take the chance? Do you really want me to go further? SVN might be used by some people in production, and these people are in need of a good damn slapping and told to give it up... And over time, all changes made to production and stored back into .svn directories end up increasing your HD space so over a year it will grwo depending on how often youu make changes directly to production and DO NOT FOLLOW a full SDLC. But I guess that anyone who does use an approach of production->svn, do not know what an SDLC is all about or how to protect themselves. In one application, I had made changes to the application that DOES and WILL effect LIVE data. So until the client is happy it gores through the stages of dev -> QA -> production and then at least, once made live if the changes made to production effect live application data the ownus falls onto the developer and the client. If it is the developer, then they migrated changes that should never have been made live. If it is the client then they have no excuse, because it went through a QA phase for the client to approve from a UAT point of view... And I will make the assumption that if you follow an SDLC you would also be using the UAT, before a client signs of on the changes. Oh wait, some comments here have made a reference to the fact that changes are not signed off on. Which means you could have 20 changes waiting for approval, how do you migrate these changes? You certainly would not export the entire repository now would you? -- Senior Coldfusion Developer Aegeon Pty. Ltd. www.aegeon.com.au Phone: +613 9015 8628 Mobile: 0404 998 273 ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310698 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: SVN in Production
No, but bad habits an ill advice can hurt you down the track, could it not? -- Senior Coldfusion Developer Aegeon Pty. Ltd. www.aegeon.com.au Phone: +613 9015 8628 Mobile: 0404 998 273 -Original Message- From: Kym Kovan [mailto:[EMAIL PROTECTED] Sent: Monday, 11 August 2008 9:33 PM To: CF-Talk Subject: Re: SVN in Production Andrew Scott wrote: > I could create an image, this image could be used for 10 different sites and > slight changes to each version, but it is only relevant to one of my > clients. I would not be making that an export from SVN because you will end > up with images that do not belong to the project wasting HD space... I think the above paragraph describes where we are at. In your context Andrew what you are saying is correct. I someone has one client with one codebase and one website then your concerns are not theirs. > Think about it for a minute Yeah, do that, not all the world is the same colour. -- Yours, Kym Kovan mbcomms ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310699 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SVN in Production
Actually that's not entirely true And this is one reason I refuse to use subclipse What you don't see is the processes that can and do run in the background, if you run eclipse you can switch on to show hidden processes. Doing this will show you that svn can be contacted and updated without your knowledge, how else do you know if there are changes to the code... You think it guesses? Although having said that, you can even switch this caching off for svn as well. Well in subversive you can, the problem is that when you do sync / merge changes before doing an update can take sooo much longer :-( -- Senior Coldfusion Developer Aegeon Pty. Ltd. www.aegeon.com.au Phone: +613 9015 8628 Mobile: 0404 998 273 -Original Message- From: Tom Chiverton [mailto:[EMAIL PROTECTED] Sent: Monday, 11 August 2008 9:38 PM To: CF-Talk Subject: Re: SVN in Production On Monday 11 Aug 2008, Kym Kovan wrote: > intermediate server to import it into SVN and then checked it out to the > test server and then ran some file sync tools to the Production boxes > which are FTP distance away. It took over an hour to say "no difference"! That's one of the great steps SVN decided to take over CVS - keeping a clean local copy so 'diff' is fast and doesn't need access to the network. -- Tom Chiverton This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310700 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SVN in Production
Tom Chiverton wrote: > On Monday 11 Aug 2008, Kym Kovan wrote: >> intermediate server to import it into SVN and then checked it out to the >> test server and then ran some file sync tools to the Production boxes >> which are FTP distance away. It took over an hour to say "no difference"! > > That's one of the great steps SVN decided to take over CVS - keeping a clean > local copy so 'diff' is fast and doesn't need access to the network. Yes, and that lends me to the thought that the best scenario for our particular problem would be to have an exported copy on each production box (yes, they are clustered) and use a standard diff tool from there to flip the changes over to the actual production site. It would not be too hard to set off the flip to happen on all servers at the same time to avoid mayhem. I should have mentioned in my previous explanation that this site is on dedicated boxes so disk space is not an issue. Anyone see a difficulty in doing that? -- Yours, Kym Kovan mbcomms ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310701 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: SVN in Production
And how are you going to migrate small changes in a midst of other changes? -- Senior Coldfusion Developer Aegeon Pty. Ltd. www.aegeon.com.au Phone: +613 9015 8628 Mobile: 0404 998 273 -Original Message- From: Kym Kovan [mailto:[EMAIL PROTECTED] Sent: Monday, 11 August 2008 10:04 PM To: CF-Talk Subject: Re: SVN in Production Tom Chiverton wrote: > On Monday 11 Aug 2008, Kym Kovan wrote: >> intermediate server to import it into SVN and then checked it out to the >> test server and then ran some file sync tools to the Production boxes >> which are FTP distance away. It took over an hour to say "no difference"! > > That's one of the great steps SVN decided to take over CVS - keeping a clean > local copy so 'diff' is fast and doesn't need access to the network. Yes, and that lends me to the thought that the best scenario for our particular problem would be to have an exported copy on each production box (yes, they are clustered) and use a standard diff tool from there to flip the changes over to the actual production site. It would not be too hard to set off the flip to happen on all servers at the same time to avoid mayhem. I should have mentioned in my previous explanation that this site is on dedicated boxes so disk space is not an issue. Anyone see a difficulty in doing that? -- Yours, Kym Kovan mbcomms ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310702 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: CFEclipse code folding; not working
I'm having trouble with code folding, too, and looked for a 1.3.1.6 release, but couldn't find one. I'm currently using 1.3.1.5, which comes upon the cfeclipse.org site as the latest stable release. Where can I get 1.3.1.6? Rick > -Original Message- > From: Andrew Scott [mailto:[EMAIL PROTECTED] > Sent: Monday, August 11, 2008 4:57 AM > To: CF-Talk > Subject: RE: CFEclipse code folding; not working > > What version of cfeclipse are you using? 1.3.2 beta? Then maybe dropn back > to the latest stable release of 1.3.1.6 and you should be fine. > > > > > > -- > Senior Coldfusion Developer > Aegeon Pty. Ltd. > www.aegeon.com.au > Phone: +613 9015 8628 > Mobile: 0404 998 273 > > > > > -Original Message- > From: Dominic Watson [mailto:[EMAIL PROTECTED] > Sent: Monday, 11 August 2008 6:36 PM > To: CF-Talk > Subject: CFEclipse code folding; not working > > Hi all, i've just installed eclipse ganymede with aptana and then > cfeclipse and code folding just isn't happening (no little grey fold > icons). I have checked all the cfeclipse code folding preferences and > no clues. > > Anyone experienced this? > > Thanks in advance, > > Dominic > > -- > Blog it up: http://fusion.dominicwatson.co.uk > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310703 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SVN in Production
Andrew Scott wrote: > What > Do you mean by repo -> server and server -> repo? > > The latter should never be an issue, or even considered. Anyone who makes > changes to production and not in a development environment shouod be hung > out to dry or better still beaten with a stick until you realise that > development is what it means. So you think the entire /etc/ folder on a production box is the same as an /etc/ folder on a development box? You think they have the same hostnames? The same IP addresses? The same firewall rules? That the test environment has a two year backup retention like production has? Not everybody uses SVN just for sourcecode. Some use it for their university thesis. Some for their grocery list. Some use SVN for complete server configurations. And what you use it for does influence the usage pattern. It is perfectly acceptable to change the -Dmail.host oarameter in your jvm.config file directly on production and then back it up to SVN. > Once you have deployed to a production server, it should never have any ties > with the repository in any way shape or form. If you are one of those that > think this is ok, then you will need to adopt new procedures quickly. Before > you adopt bad and I mean VERY BAD ideas. Generally speaking you don't want to have production running directly from a working copy. But there is nothing wrong with putting $Id$, $HeadURL$ etc. in your sources so that code and configuration files on the production box points back to a specific version of a file in a repository. Jochem ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310704 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL injection attack on House of Fusion
Ah. You're from the "blame the victim" school. Unfortunately, when I wrote the first 1,000 ColdFusion templates using Ben Forta's CF 4.0 book, there was no CFQueryParam. So going back and rewriting all those programs (now well into several thousand) has been a bitch. And all it took was one missed spot. So I shouldn't be mad at the poor little hackers, because they were doing us all favor by pointing out our faults. That is your school of thought, right? Dave Morris > -Original Message- > From: Dave Watts [mailto:[EMAIL PROTECTED] > Sent: Sunday, August 10, 2008 11:15 PM > To: CF-Talk > Subject: RE: SQL injection attack on House of Fusion > > > Anyway, I propose the dot-com millionaires who left us stuck > > with the current mess in the spam and virus arena be > > personally required to fund an international Goon Squad with > > kneecap breaking instructions to go after these vandals. > > And who exactly would that be? > > > If someone did this crap to your house, you'd have the police > > and/or FBI out there in a heartbeat tracking down the > > criminals. This is criminal mischief on a global scale. > > If you left your front door open, so that anyone could just walk in, > you'd > have no one but yourself to blame. If you're looking for an analogy, > that's > the one that fits. The reason this particular attack has been so > successful > is the arguably criminal negligence of so many web developers, coupled > with > the typical improper usage of administrator rights on untrained users' > desktops. > > People have been harping on these two issues for years - I know I have. > As a > web developer, one of these issues is within your direct control. If > you've > failed to do anything about unparameterized queries until something bad > happens to you, you've failed to meet the minimal due diligence for > being a > web application developer. > > > And if Interpol won't do anything about it, and if the powers > > that be refuse to attach any form of responsibility or > > traceability to the ownership of an IP address, then we may > > just have to implement vigilante measures and go after the > > crooks ourselves. > > Well, uh, good luck with that. Let me know how it goes with you against > the > Russian mafia. This stuff is no longer just maladjusted kids in their > parents' basement - there's money to be had here, and there are people > going > after that money. I suggest your efforts are better directed at > ensuring the > adequacy of your own sites' protection instead. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > > Fig Leaf Software provides the highest caliber vendor-authorized > instruction at our training centers in Washington DC, Atlanta, > Chicago, Baltimore, Northern Virginia, or on-site at your location. > Visit http://training.figleaf.com/ for more information! > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310705 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: SVN in Production
Andrew Scott wrote: > And how are you going to migrate small changes in a midst of other changes? > Good response Andrew to my question, just what I wanted. Unfortunately your response is top-replied with your signature as well, with its correct "--", so in Thunderbird my question below that is lost. But this brings up a point I noticed in your earlier replies, you talked of 20 tickets open and sending one ticket to production. You also talked in another reply about the work in maintaining multiple branches for them all but surely this is what keeping tight control over your code is all about? "A" change is "A" branch, merge it when it is right and there is no problem surely? You talked about one application but many clients running off it, with variations for all of them. If changing one client's code affects others then surely the site architecture is wrong, it isn't one application is it many similar ones. I feel motivated to shout at you like you shout at everyone else about how bad that is, but I won't -- Yours, Kym Kovan mbcomms ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310706 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SVN in Production
On Monday 11 Aug 2008, Andrew Scott wrote: > And this is one reason I refuse to use subclipse > will show you that svn can be contacted and updated without your knowledge, > how else do you know if there are changes to the code... That's a good thing. I want my RCS updated when I delete or rename a file, and I really don't want it bothering my all the time either. I can always look in Eclipse's console to see what it's done, or the web view of the repository, or the RSS feed of recent changes or ... > well. Well in subversive you can, the problem is that when you do sync / > merge changes before doing an update can take sooo much longer :-( Err, yes ? That's one of the trade-offs the SVN folks made when they were designing things... -- Tom Chiverton This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310707 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SVN in Production
On Monday 11 Aug 2008, Andrew Scott wrote: > secure you have your code base open to the whole world when and if it is > hacked. With the vast majority of ColdFusion deployments, that's the case anyway. The default JRun connector for Adobe's engine still runs the .cfm files from inside the .svn sub dirs, so even if you did have an actual checkout in your web root (rather than an export) there's still no way for source code to leak out, without logging interactively on to the box. > firewall. This means a number of things, and if hacked then the code could > include your SVN details to connect to your SVN server. Unlikely, but why > take the chance? Then can also read neo-query.xml and get to my DB directly. Or sniff my home SSH pass phrase. I don't see how this is SVNs 'fault'. > SVN might be used by some people in production, and these people are in > need of a good damn slapping and told to give it up... Geez. You are not the world. > And over time, all changes made to production and stored back into .svn > directories end up increasing your HD space so over a year it will grwo > depending on how often youu make changes directly to production and DO NOT > FOLLOW a full SDLC. I've no idea what a SDLC is in this context, but our SVN repo is only 403 meg, and we've been using it heavily for years, with rev. numbers now in the mid four figures. This is not excessive use of space by any stretch. > But I guess that anyone who does use an approach of production->svn, do not > know what an SDLC is all about or how to protect themselves. Assuming you mean Systems Development Life Cycle, we've got a perfectly good one, tyvm. > of dev -> QA -> production and then at least, once made live if the changes Uh huh. We then use SVN make sure what was QA'ed and tested is exactly the same as what was deployed. Why is this bad ? > approval, how do you migrate these changes? > You certainly would not export the entire repository now would you? Err, no. What has one to do with the other ? -- Tom Chiverton This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310708 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
CFLOGON and screens go blank!
I have been really struggling with this login thing. I really need some help. There must be something I am really not understanding about CFLOGIN. I've attached a copy of my Application.cfc and other templates. What happens is that if you start with a fresh session, you can link to the login screen from the home page, enter the login, then the next page (to which the form posts) is empty. Now, if I go back to the home page (up one level in the directory), then request the login page, I see nothing again. Finally, if I change the address bar to point to my logout page, I get logged out, it returns me to the home page, and I can now link to the login page. So, it appears that once I am logged in, something very bad is happening. What am I missing? Note that the index page is one level higher in the directory structure from all the other pages I am referencing in this post, including the Application.cfc, and that they are all in the same directory. you can get to my home page at http://www.changent.com/rr/index.html. to login, use help/me (this will only last until i have an answer) to logout, go to http://www.changent.com/rr/app/logout.cfm. Your help is really appreciated! Attach Code Application.cfc --- SELECT r.password FROM realtors r WHERE r.biz_email = credentials invalid. account_login.cfm - application.Datasource_RR_Prod=#application.Datasource_RR_Prod# Form.login isDefinedForm.login isNotDefined errorCode=#errorCode# errorMessage=#errorMessage# http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> http://www.w3.org/1999/xhtml";> Login - Realtor Reality | | Temporary Navigation HOME My Account Login Edit My Account Information View Client Roster Edit Client Roster Seminars Business Tools in a Box About Business Tools in a Box Tool 1: Processes Tool 2: Personal Brand Tool 3: Client Feedback FAQ Contact My Account Already have an account? Business E-mailBusiness E-mail PasswordPassword #errorMessage# Forget your password? Click here Don't h
Re: SVN in Production
I disagree completely. There's absolutely nothing wrong with using SVN in production for deployment. Beyond Compare? It's a great program...but using it to deploy code? The idea makes me shudder. In fact, doing anything manual related to code deployment makes me shudder. There are easy ways around the issue you bring up about size: it's called an SVN Export. It's meant to do EXACTLY what you're talking about: create a copy of the source code with no SVN-related files. All of this can (and should) be automated with ANT. That means at the click of my mouse I can execute the entire deployment process in exactly the same way every single time. That might mean: - Zip the current code, timestamp it, and copy it to a back folder for easy retrieval. - Delete the current code - Copy a site maintenance file into the site folder - Pull latest from SVN - Perform export to site folder - Run a reinit HTTP request to reload the application - Send an email to notify stakeholders of success You can also have it run unit tests and only deploy if all tests pass. The bottom line is that using SVN and ANT to help you deploy code is EXACTLY what these tools were meant to do. If I have to do anything more than click my mouse once to execute an entire deployment process, I'm doing something wrong. On Mon, Aug 11, 2008 at 4:20 AM, Andrew Scott <[EMAIL PROTECTED]>wrote: > SVN SHOULD NEVER BE USED IN PRODUCTION... > > SVN is used to have a revision control system, so that you could roll back > to a previous version or whatever you need to do. > > When it comes to production, why the hell would you install 99% of extra > space taking codes and indexes to a production server? Over a period of > time, your code might be 1meg in size, but after a year the SVN indexes > could result in 2gig and more of space that is no longer needed. But then > if > one read the docs to these tools, one would not use SVN in production. > > SVN can be expensive when it comes to hard drive space, and one should > never > and I will repeat this again. > > NEVER USE SVN in production. > > Use a program like beyond compare to syn file changes or something, but > NEVER USE SVN in production. > > I am shocked to find people don't research their tools enough. > > So let me recap, DO NOT USE SVN IN PRODUCTION. If you do then your a damn > fool, and should be shot on sight. > > > > -- > Senior Coldfusion Developer > Aegeon Pty. Ltd. > www.aegeon.com.au > Phone: +613 9015 8628 > Mobile: 0404 998 273 > > > > > -Original Message- > From: Kym Kovan [mailto:[EMAIL PROTECTED] > Sent: Monday, 11 August 2008 11:07 AM > To: CF-Talk > Subject: SVN in Production > > Hello, > > Looking at some of the responses in the recent thread on SVN v ftp I get > an impression that some folk are using SVN clients on Production boxes. > What are people's thoughts on this? Is it a security risk, is it > dangerous in some other way, or is it a "bad thing" because of all of > those extra files that cause havoc with backups? > > -- > > Yours, > > Kym Kovan > mbcomms > > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310710 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL injection attack on House of Fusion
Ummm but is it not your website that YOU left vulnerable? If you didn't have access to cfqueryparam then you should have used an alternate approach. I'm sure they exist even for CF 4.0, a little extra time at the beginning validating variables would save so much grief now right? And from what I'm hearing from popular sites is it's not so much the cfqueryparam because they are still getting hit thousands of times every minute, like HoF. So there's other steps, not just within CF. I think MD was working on a something to stop the intruders at the server, before it even hits CF. I'm not saying it's entirely YOUR fault but you allowed it to happen, same thing Dave Watts is saying.. On Mon, Aug 11, 2008 at 7:45 AM, Dave Morris <[EMAIL PROTECTED]> wrote: > Ah. You're from the "blame the victim" school. > > Unfortunately, when I wrote the first 1,000 ColdFusion templates using Ben > Forta's CF 4.0 book, there was no CFQueryParam. So going back and rewriting > all those programs (now well into several thousand) has been a bitch. And > all it took was one missed spot. > > So I shouldn't be mad at the poor little hackers, because they were doing us > all favor by pointing out our faults. That is your school of thought, > right? > > Dave Morris > > >> -Original Message- >> From: Dave Watts [mailto:[EMAIL PROTECTED] >> Sent: Sunday, August 10, 2008 11:15 PM >> To: CF-Talk >> Subject: RE: SQL injection attack on House of Fusion >> >> > Anyway, I propose the dot-com millionaires who left us stuck >> > with the current mess in the spam and virus arena be >> > personally required to fund an international Goon Squad with >> > kneecap breaking instructions to go after these vandals. >> >> And who exactly would that be? >> >> > If someone did this crap to your house, you'd have the police >> > and/or FBI out there in a heartbeat tracking down the >> > criminals. This is criminal mischief on a global scale. >> >> If you left your front door open, so that anyone could just walk in, >> you'd >> have no one but yourself to blame. If you're looking for an analogy, >> that's >> the one that fits. The reason this particular attack has been so >> successful >> is the arguably criminal negligence of so many web developers, coupled >> with >> the typical improper usage of administrator rights on untrained users' >> desktops. >> >> People have been harping on these two issues for years - I know I have. >> As a >> web developer, one of these issues is within your direct control. If >> you've >> failed to do anything about unparameterized queries until something bad >> happens to you, you've failed to meet the minimal due diligence for >> being a >> web application developer. >> >> > And if Interpol won't do anything about it, and if the powers >> > that be refuse to attach any form of responsibility or >> > traceability to the ownership of an IP address, then we may >> > just have to implement vigilante measures and go after the >> > crooks ourselves. >> >> Well, uh, good luck with that. Let me know how it goes with you against >> the >> Russian mafia. This stuff is no longer just maladjusted kids in their >> parents' basement - there's money to be had here, and there are people >> going >> after that money. I suggest your efforts are better directed at >> ensuring the >> adequacy of your own sites' protection instead. >> >> Dave Watts, CTO, Fig Leaf Software >> http://www.figleaf.com/ >> >> Fig Leaf Software provides the highest caliber vendor-authorized >> instruction at our training centers in Washington DC, Atlanta, >> Chicago, Baltimore, Northern Virginia, or on-site at your location. >> Visit http://training.figleaf.com/ for more information! >> >> > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310711 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL injection attack on House of Fusion
> I'm sure they exist even for CF 4.0 Yup, the val() function did/does wonders for integer input on queries, even way back in CF4. -Justin Scott ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310712 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
CF 8 Built in SQL Server drivers vs. MS SQL Server 2000 SP3 Driver
Hey all, I've run into an issue that I need opinions on. We've run into some SQL server issues, where MS is saying "patch the driver". Has anyone used the MS SQL Server 2000 SP3 JDBC driver in place of the one shipped with CF8? Has it cleared up 8180 errors? Any performance gains/losses? Any "gotchas"? thanks sas -- -- Scott Stewart ColdFusion Developer Office of Research Information Systems Research & Economic Development University of North Carolina at Chapel Hill Phone:(919)843-2408 Fax: (919)962-3600 Email: [EMAIL PROTECTED] ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310713 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL injection attack on House of Fusion
And that girl who was raped should not have been wearing a skirt. Yes, we've implemented things way more sophisticated than CFQUERYPARAM. Anybody who waits until the SQL query to try to detect bogus data is asking for trouble. But crime is crime, and we should not be allowing criminals to CHOP away at our systems until they find that one hole we didn't catch, and then blame it on the victim! Dave Morris > -Original Message- > From: Greg Morphis [mailto:[EMAIL PROTECTED] > Sent: Monday, August 11, 2008 9:04 AM > To: CF-Talk > Subject: Re: SQL injection attack on House of Fusion > > Ummm but is it not your website that YOU left vulnerable? If you > didn't have access to cfqueryparam then you should have used an > alternate approach. I'm sure they exist even for CF 4.0, a little > extra time at the beginning validating variables would save so much > grief now right? And from what I'm hearing from popular sites is it's > not so much the cfqueryparam because they are still getting hit > thousands of times every minute, like HoF. So there's other steps, not > just within CF. I think MD was working on a something to stop the > intruders at the server, before it even hits CF. > I'm not saying it's entirely YOUR fault but you allowed it to happen, > same thing Dave Watts is saying.. > > > On Mon, Aug 11, 2008 at 7:45 AM, Dave Morris <[EMAIL PROTECTED]> > wrote: > > Ah. You're from the "blame the victim" school. > > > > Unfortunately, when I wrote the first 1,000 ColdFusion templates > using Ben > > Forta's CF 4.0 book, there was no CFQueryParam. So going back and > rewriting > > all those programs (now well into several thousand) has been a bitch. > And > > all it took was one missed spot. > > > > So I shouldn't be mad at the poor little hackers, because they were > doing us > > all favor by pointing out our faults. That is your school of > thought, > > right? > > > > Dave Morris > > > > > >> -Original Message- > >> From: Dave Watts [mailto:[EMAIL PROTECTED] > >> Sent: Sunday, August 10, 2008 11:15 PM > >> To: CF-Talk > >> Subject: RE: SQL injection attack on House of Fusion > >> > >> > Anyway, I propose the dot-com millionaires who left us stuck > >> > with the current mess in the spam and virus arena be > >> > personally required to fund an international Goon Squad with > >> > kneecap breaking instructions to go after these vandals. > >> > >> And who exactly would that be? > >> > >> > If someone did this crap to your house, you'd have the police > >> > and/or FBI out there in a heartbeat tracking down the > >> > criminals. This is criminal mischief on a global scale. > >> > >> If you left your front door open, so that anyone could just walk in, > >> you'd > >> have no one but yourself to blame. If you're looking for an analogy, > >> that's > >> the one that fits. The reason this particular attack has been so > >> successful > >> is the arguably criminal negligence of so many web developers, > coupled > >> with > >> the typical improper usage of administrator rights on untrained > users' > >> desktops. > >> > >> People have been harping on these two issues for years - I know I > have. > >> As a > >> web developer, one of these issues is within your direct control. If > >> you've > >> failed to do anything about unparameterized queries until something > bad > >> happens to you, you've failed to meet the minimal due diligence for > >> being a > >> web application developer. > >> > >> > And if Interpol won't do anything about it, and if the powers > >> > that be refuse to attach any form of responsibility or > >> > traceability to the ownership of an IP address, then we may > >> > just have to implement vigilante measures and go after the > >> > crooks ourselves. > >> > >> Well, uh, good luck with that. Let me know how it goes with you > against > >> the > >> Russian mafia. This stuff is no longer just maladjusted kids in > their > >> parents' basement - there's money to be had here, and there are > people > >> going > >> after that money. I suggest your efforts are better directed at > >> ensuring the > >> adequacy of your own sites' protection instead. > >> > >> Dave Watts, CTO, Fig Leaf Software > >> http://www.figleaf.com/ > >> > >> Fig Leaf Software provides the highest caliber vendor-authorized > >> instruction at our training centers in Washington DC, Atlanta, > >> Chicago, Baltimore, Northern Virginia, or on-site at your location. > >> Visit http://training.figleaf.com/ for more information! > >> > >> > > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310714 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL injection attack on House of Fusion
I see it as different than pointing fingers.. You ALLOWED it to happen by not fully protecting your code, you're not necessarily to blame. Anyways, good luck defending the attacks. On Mon, Aug 11, 2008 at 9:15 AM, Dave Morris <[EMAIL PROTECTED]> wrote: > And that girl who was raped should not have been wearing a skirt. > > Yes, we've implemented things way more sophisticated than CFQUERYPARAM. > Anybody who waits until the SQL query to try to detect bogus data is asking > for trouble. > > But crime is crime, and we should not be allowing criminals to CHOP away at > our systems until they find that one hole we didn't catch, and then blame it > on the victim! > > Dave Morris > > > >> -Original Message- >> From: Greg Morphis [mailto:[EMAIL PROTECTED] >> Sent: Monday, August 11, 2008 9:04 AM >> To: CF-Talk >> Subject: Re: SQL injection attack on House of Fusion >> >> Ummm but is it not your website that YOU left vulnerable? If you >> didn't have access to cfqueryparam then you should have used an >> alternate approach. I'm sure they exist even for CF 4.0, a little >> extra time at the beginning validating variables would save so much >> grief now right? And from what I'm hearing from popular sites is it's >> not so much the cfqueryparam because they are still getting hit >> thousands of times every minute, like HoF. So there's other steps, not >> just within CF. I think MD was working on a something to stop the >> intruders at the server, before it even hits CF. >> I'm not saying it's entirely YOUR fault but you allowed it to happen, >> same thing Dave Watts is saying.. >> >> >> On Mon, Aug 11, 2008 at 7:45 AM, Dave Morris <[EMAIL PROTECTED]> >> wrote: >> > Ah. You're from the "blame the victim" school. >> > >> > Unfortunately, when I wrote the first 1,000 ColdFusion templates >> using Ben >> > Forta's CF 4.0 book, there was no CFQueryParam. So going back and >> rewriting >> > all those programs (now well into several thousand) has been a bitch. >> And >> > all it took was one missed spot. >> > >> > So I shouldn't be mad at the poor little hackers, because they were >> doing us >> > all favor by pointing out our faults. That is your school of >> thought, >> > right? >> > >> > Dave Morris >> > >> > >> >> -Original Message- >> >> From: Dave Watts [mailto:[EMAIL PROTECTED] >> >> Sent: Sunday, August 10, 2008 11:15 PM >> >> To: CF-Talk >> >> Subject: RE: SQL injection attack on House of Fusion >> >> >> >> > Anyway, I propose the dot-com millionaires who left us stuck >> >> > with the current mess in the spam and virus arena be >> >> > personally required to fund an international Goon Squad with >> >> > kneecap breaking instructions to go after these vandals. >> >> >> >> And who exactly would that be? >> >> >> >> > If someone did this crap to your house, you'd have the police >> >> > and/or FBI out there in a heartbeat tracking down the >> >> > criminals. This is criminal mischief on a global scale. >> >> >> >> If you left your front door open, so that anyone could just walk in, >> >> you'd >> >> have no one but yourself to blame. If you're looking for an analogy, >> >> that's >> >> the one that fits. The reason this particular attack has been so >> >> successful >> >> is the arguably criminal negligence of so many web developers, >> coupled >> >> with >> >> the typical improper usage of administrator rights on untrained >> users' >> >> desktops. >> >> >> >> People have been harping on these two issues for years - I know I >> have. >> >> As a >> >> web developer, one of these issues is within your direct control. If >> >> you've >> >> failed to do anything about unparameterized queries until something >> bad >> >> happens to you, you've failed to meet the minimal due diligence for >> >> being a >> >> web application developer. >> >> >> >> > And if Interpol won't do anything about it, and if the powers >> >> > that be refuse to attach any form of responsibility or >> >> > traceability to the ownership of an IP address, then we may >> >> > just have to implement vigilante measures and go after the >> >> > crooks ourselves. >> >> >> >> Well, uh, good luck with that. Let me know how it goes with you >> against >> >> the >> >> Russian mafia. This stuff is no longer just maladjusted kids in >> their >> >> parents' basement - there's money to be had here, and there are >> people >> >> going >> >> after that money. I suggest your efforts are better directed at >> >> ensuring the >> >> adequacy of your own sites' protection instead. >> >> >> >> Dave Watts, CTO, Fig Leaf Software >> >> http://www.figleaf.com/ >> >> >> >> Fig Leaf Software provides the highest caliber vendor-authorized >> >> instruction at our training centers in Washington DC, Atlanta, >> >> Chicago, Baltimore, Northern Virginia, or on-site at your location. >> >> Visit http://training.figleaf.com/ for more information! >> >> >> >> >> > >> > >> >> > > ~| Adobe® ColdFus
RE: SQL injection attack on House of Fusion
This would probably be more productively viewed as as "responsibility" issue, rather than blame. Both parties, webmaster and attacker, bear responsibility for the status of the server/data/etc. A negligent server/website admin bears a certain amount of responsibility for the situation. The attacker also bears responsibility for the consequences of the attack. A court of law might hold only the attacker ultimately responsible. However, the supervisor of a negligent server/website administrator would view it as shared responsibility between the attacker and the attacked, as in, "Why wasn't the server/website protected in the first place?" Viewing this as a rape case, if a girl was hanging out on a street corner and asking passers-by to rape her, then, yes, she bears some responsibility for putting herself in that situation. It doesn't mean the one who rapes her doesn't bear the greater responsibility for the situation, and, therefore, punishment, but a fair judge would have to ask the girl why was she asking passers-by to rape her in the first place. Girls should reasonably avoid provoking rapists, and rapists should resist their impulses. Likewise, server/website admins should reasonably protect their servers and websites, but hackers should avoid their impulses or share responsibility for the situation. Rick > -Original Message- > From: Greg Morphis [mailto:[EMAIL PROTECTED] > Sent: Monday, August 11, 2008 10:20 AM > To: CF-Talk > Subject: Re: SQL injection attack on House of Fusion > > I see it as different than pointing fingers.. You ALLOWED it to happen > by not fully protecting your code, you're not necessarily to blame. > Anyways, good luck defending the attacks. > > On Mon, Aug 11, 2008 at 9:15 AM, Dave Morris <[EMAIL PROTECTED]> wrote: > > And that girl who was raped should not have been wearing a skirt. > > > > Yes, we've implemented things way more sophisticated than CFQUERYPARAM. > > Anybody who waits until the SQL query to try to detect bogus data is asking > > for trouble. > > > > But crime is crime, and we should not be allowing criminals to CHOP away at > > our systems until they find that one hole we didn't catch, and then blame it > > on the victim! > > > > Dave Morris > > > > > > > >> -Original Message- > >> From: Greg Morphis [mailto:[EMAIL PROTECTED] > >> Sent: Monday, August 11, 2008 9:04 AM > >> To: CF-Talk > >> Subject: Re: SQL injection attack on House of Fusion > >> > >> Ummm but is it not your website that YOU left vulnerable? If you > >> didn't have access to cfqueryparam then you should have used an > >> alternate approach. I'm sure they exist even for CF 4.0, a little > >> extra time at the beginning validating variables would save so much > >> grief now right? And from what I'm hearing from popular sites is it's > >> not so much the cfqueryparam because they are still getting hit > >> thousands of times every minute, like HoF. So there's other steps, not > >> just within CF. I think MD was working on a something to stop the > >> intruders at the server, before it even hits CF. > >> I'm not saying it's entirely YOUR fault but you allowed it to happen, > >> same thing Dave Watts is saying.. > >> > >> > >> On Mon, Aug 11, 2008 at 7:45 AM, Dave Morris <[EMAIL PROTECTED]> > >> wrote: > >> > Ah. You're from the "blame the victim" school. > >> > > >> > Unfortunately, when I wrote the first 1,000 ColdFusion templates > >> using Ben > >> > Forta's CF 4.0 book, there was no CFQueryParam. So going back and > >> rewriting > >> > all those programs (now well into several thousand) has been a bitch. > >> And > >> > all it took was one missed spot. > >> > > >> > So I shouldn't be mad at the poor little hackers, because they were > >> doing us > >> > all favor by pointing out our faults. That is your school of > >> thought, > >> > right? > >> > > >> > Dave Morris > >> > > >> > > >> >> -Original Message- > >> >> From: Dave Watts [mailto:[EMAIL PROTECTED] > >> >> Sent: Sunday, August 10, 2008 11:15 PM > >> >> To: CF-Talk > >> >> Subject: RE: SQL injection attack on House of Fusion > >> >> > >> >> > Anyway, I propose the dot-com millionaires who left us stuck > >> >> > with the current mess in the spam and virus arena be > >> >> > personally required to fund an international Goon Squad with > >> >> > kneecap breaking instructions to go after these vandals. > >> >> > >> >> And who exactly would that be? > >> >> > >> >> > If someone did this crap to your house, you'd have the police > >> >> > and/or FBI out there in a heartbeat tracking down the > >> >> > criminals. This is criminal mischief on a global scale. > >> >> > >> >> If you left your front door open, so that anyone could just walk in, > >> >> you'd > >> >> have no one but yourself to blame. If you're looking for an analogy, > >> >> that's > >> >> the one that fits. The reason this particular attack has been so > >> >> successful > >> >> is the arguably criminal negligence of so many web developers
Re: SQL injection attack on House of Fusion
Criticizing someone for negligence is not blaming the victim. If the person who coded the site is so incompetent as not to include a cfqueryparam for any user input that has direct impact on the database, then they deserve to get blamed. What's so difficult about As for going back and finding out where the unprotected queries are, its not that difficult, if you're using CFEclipse, Dan Switzer of pengoworks has written a nice bit of regex to use with the file search. It goes through your project or entire workspace and finds all the queries that need paramed. ]*>([^#]*(((?]*?) There are also a few tools out there (mentioned previously on HOF) that will do the same and produce detailed report. Try them as well. To make it easy, here are links to two of the tools: qpScanner by Peter Boughton (RiaForge) http://www.codersrevolution.com/enclosures/qpscanner7.zip Query Parameterizer by Daryl Banttari http://www.codersrevolution.com/enclosures/_parameterizeQueries.zip Brad Wood has written a good overview of both of these tools: http://www.codersrevolution.com/index.cfm/2008/7/24/Announcing-the-first-ever-International-Operation-cfSQLprotect You've got no excuse now. >Ah. You're from the "blame the victim" school. > >Unfortunately, when I wrote the first 1,000 ColdFusion templates using Ben >Forta's CF 4.0 book, there was no CFQueryParam. So going back and rewriting >all those programs (now well into several thousand) has been a bitch. And >all it took was one missed spot. > >So I shouldn't be mad at the poor little hackers, because they were doing us >all favor by pointing out our faults. That is your school of thought, >right? > >Dave Morris > > >> ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310717 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL injection attack on House of Fusion
Actually, if you read by blog analysis of the zombies: http://www.codersrevolution.com/index.cfm/2008/8/10/My-analysis-of-the-SQL-injection-zombies 7% of the IPs returned a cookie I set. 75% of IPs that sent more than 2 hits returned my cookie. (Hits came in groups of two) I'm fairly convinced this bot used the Internet Explorer on the victims machine to send out the requests. I can't prove it, but it probably would have been easier for them to code that way. ~Brad - Original Message - From: "Andrew Scott" <[EMAIL PROTECTED]> To: "CF-Talk" Sent: Monday, August 11, 2008 3:37 AM Subject: RE: SQL injection attack on House of Fusion > Hmmm... > > Of course it is possible to use cookies They chose not too... Why... > Because they have no real need to be attached to a session > > Think about it for a minute or two... > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310718 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: SQL injection attack on House of Fusion
Rick, While your argument is well put, perhaps we could choose a slightly less inflammatory analogy than rape. We have a large group here and I wouldn't want anyone to be incensed by trivializing such a traumatic event (although obviously that is not the intent). -Mark -Original Message- From: Rick Faircloth [mailto:[EMAIL PROTECTED] Sent: Monday, August 11, 2008 9:45 AM To: CF-Talk Subject: RE: SQL injection attack on House of Fusion This would probably be more productively viewed as as "responsibility" issue, rather than blame. Both parties, webmaster and attacker, bear responsibility for the status of the server/data/etc. A negligent server/website admin bears a certain amount of responsibility for the situation. The attacker also bears responsibility for the consequences of the attack. A court of law might hold only the attacker ultimately responsible. However, the supervisor of a negligent server/website administrator would view it as shared responsibility between the attacker and the attacked, as in, "Why wasn't the server/website protected in the first place?" Viewing this as a rape case, if a girl was hanging out on a street corner and asking passers-by to rape her, then, yes, she bears some responsibility for putting herself in that situation. It doesn't mean the one who rapes her doesn't bear the greater responsibility for the situation, and, therefore, punishment, but a fair judge would have to ask the girl why was she asking passers-by to rape her in the first place. Girls should reasonably avoid provoking rapists, and rapists should resist their impulses. Likewise, server/website admins should reasonably protect their servers and websites, but hackers should avoid their impulses or share responsibility for the situation. Rick ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310719 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL injection attack on House of Fusion
Rick, That might be a slightly off angle analogy. If a girl asks to be raped, then she is clearly consenting to the act and therefore it's not technically rape any more, that's the real world equivalent of building a server and publishing open source software for download, then complaining that someone 'stole' it. A better analogy is back to leaving the house door unlocked, it still doesn't change the fact that a criminal act has been committed, the burglar still takes your positions without consent, and the burglar would still be found guilty for it, however, I suspect your house insurance wouldn't pay out for the loss. You're right though, this is a shared responsibility issue here, the hacker is legally responsible for his acts, however, you have a responsibility to your client or employer not to leave the door unlocked. Rob -Original Message- From: Rick Faircloth [mailto:[EMAIL PROTECTED] Sent: 11 August 2008 15:45 To: CF-Talk Subject: RE: SQL injection attack on House of Fusion This would probably be more productively viewed as as "responsibility" issue, rather than blame. Both parties, webmaster and attacker, bear responsibility for the status of the server/data/etc. A negligent server/website admin bears a certain amount of responsibility for the situation. The attacker also bears responsibility for the consequences of the attack. A court of law might hold only the attacker ultimately responsible. However, the supervisor of a negligent server/website administrator would view it as shared responsibility between the attacker and the attacked, as in, "Why wasn't the server/website protected in the first place?" Viewing this as a rape case, if a girl was hanging out on a street corner and asking passers-by to rape her, then, yes, she bears some responsibility for putting herself in that situation. It doesn't mean the one who rapes her doesn't bear the greater responsibility for the situation, and, therefore, punishment, but a fair judge would have to ask the girl why was she asking passers-by to rape her in the first place. Girls should reasonably avoid provoking rapists, and rapists should resist their impulses. Likewise, server/website admins should reasonably protect their servers and websites, but hackers should avoid their impulses or share responsibility for the situation. Rick > -Original Message- > From: Greg Morphis [mailto:[EMAIL PROTECTED] > Sent: Monday, August 11, 2008 10:20 AM > To: CF-Talk > Subject: Re: SQL injection attack on House of Fusion > > I see it as different than pointing fingers.. You ALLOWED it to happen > by not fully protecting your code, you're not necessarily to blame. > Anyways, good luck defending the attacks. > > On Mon, Aug 11, 2008 at 9:15 AM, Dave Morris <[EMAIL PROTECTED]> wrote: > > And that girl who was raped should not have been wearing a skirt. > > > > Yes, we've implemented things way more sophisticated than CFQUERYPARAM. > > Anybody who waits until the SQL query to try to detect bogus data is asking > > for trouble. > > > > But crime is crime, and we should not be allowing criminals to CHOP away at > > our systems until they find that one hole we didn't catch, and then blame it > > on the victim! > > > > Dave Morris > > > > > > > >> -Original Message- > >> From: Greg Morphis [mailto:[EMAIL PROTECTED] > >> Sent: Monday, August 11, 2008 9:04 AM > >> To: CF-Talk > >> Subject: Re: SQL injection attack on House of Fusion > >> > >> Ummm but is it not your website that YOU left vulnerable? If you > >> didn't have access to cfqueryparam then you should have used an > >> alternate approach. I'm sure they exist even for CF 4.0, a little > >> extra time at the beginning validating variables would save so much > >> grief now right? And from what I'm hearing from popular sites is it's > >> not so much the cfqueryparam because they are still getting hit > >> thousands of times every minute, like HoF. So there's other steps, not > >> just within CF. I think MD was working on a something to stop the > >> intruders at the server, before it even hits CF. > >> I'm not saying it's entirely YOUR fault but you allowed it to happen, > >> same thing Dave Watts is saying.. > >> > >> > >> On Mon, Aug 11, 2008 at 7:45 AM, Dave Morris <[EMAIL PROTECTED]> > >> wrote: > >> > Ah. You're from the "blame the victim" school. > >> > > >> > Unfortunately, when I wrote the first 1,000 ColdFusion templates > >> using Ben > >> > Forta's CF 4.0 book, there was no CFQueryParam. So going back and > >> rewriting > >> > all those programs (now well into several thousand) has been a bitch. > >> And > >> > all it took was one missed spot. > >> > > >> > So I shouldn't be mad at the poor little hackers, because they were > >> doing us > >> > all favor by pointing out our faults. That is your school of > >> thought, > >> > right? > >> > > >> > Dave Morris > >> > > >> > > >> >> -Original Message- > >> >> From: Dave Watts [mailto:[EMAIL PROTECTED] > >> >>
Re: SQL injection attack on House of Fusion
Actually is was Dave Morris who originally used rape to compare the 2. Rick was just responding.. On Mon, Aug 11, 2008 at 10:23 AM, Mark Kruger <[EMAIL PROTECTED]> wrote: > Rick, > > While your argument is well put, perhaps we could choose a slightly less > inflammatory analogy than rape. We have a large group here and I wouldn't > want anyone to be incensed by trivializing such a traumatic event (although > obviously that is not the intent). > > -Mark > > -Original Message- > From: Rick Faircloth [mailto:[EMAIL PROTECTED] > Sent: Monday, August 11, 2008 9:45 AM > To: CF-Talk > Subject: RE: SQL injection attack on House of Fusion > > This would probably be more productively viewed as as "responsibility" > issue, rather than blame. > > Both parties, webmaster and attacker, bear responsibility for the status of > the server/data/etc. > > A negligent server/website admin bears a certain amount of responsibility > for the situation. The attacker also bears responsibility for the > consequences of the attack. > > A court of law might hold only the attacker ultimately responsible. > However, the supervisor of a negligent server/website administrator would > view it as shared responsibility between the attacker and the attacked, as > in, "Why wasn't the server/website protected in the first place?" > > Viewing this as a rape case, if a girl was hanging out on a street corner > and asking passers-by to rape her, then, yes, she bears some responsibility > for putting herself in that situation. It doesn't mean the one who rapes > her doesn't bear the greater responsibility for the situation, and, > therefore, punishment, but a fair judge would have to ask the girl why was > she asking passers-by to rape her in the first place. > > Girls should reasonably avoid provoking rapists, and rapists should resist > their impulses. > > Likewise, server/website admins should reasonably protect their servers and > websites, but hackers should avoid their impulses or share responsibility > for the situation. > > Rick > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310721 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: cfimage and Copy/Paste
On Sunday 10 Aug 2008, Tom Jones wrote: > I have a flash form on the client client... > and drop a image into a cfimage tag. on the server. > Is this possible? Not as stated, but then I'm not sure exactly what you want the end user experience to be. -- Tom Chiverton This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310722 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: CF 8 Built in SQL Server drivers vs. MS SQL Server 2000 SP3 Driver
On Monday 11 Aug 2008, Scott Stewart wrote: > I've run into an issue that I need opinions on. We've run into some SQL > server issues, where MS is saying "patch the driver". And what has Adobe said ? -- Tom Chiverton This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310723 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL injection attack on House of Fusion
On Monday 11 Aug 2008, Brad Wood wrote: > I'm fairly convinced this bot used the Internet Explorer on the victims It would make sense to use the same ActiveX control IE uses, yes. -- Tom Chiverton This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310724 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: CF 8 Built in SQL Server drivers vs. MS SQL Server 2000 SP3 Driver
Not for a while, from memory you just drop the three MS .jar's somewhere in CF's classpath and restart CF to install and creating datasources becomes a bit more dificult, I'll see if I can dig up an example for you. I seem to remember that performance wasn't all that great, in fact, CF7's built in drivers were faster in most of my test cases. Sorry I haven't tried them on CF8. The MS drivers don't cause any issues with CF's built in drivers though so why not give it a try on your dev box? Craig. -Original Message- From: Scott Stewart [mailto:[EMAIL PROTECTED] Sent: 11 August 2008 15:10 To: CF-Talk Subject: CF 8 Built in SQL Server drivers vs. MS SQL Server 2000 SP3 Driver Hey all, I've run into an issue that I need opinions on. We've run into some SQL server issues, where MS is saying "patch the driver". Has anyone used the MS SQL Server 2000 SP3 JDBC driver in place of the one shipped with CF8? Has it cleared up 8180 errors? Any performance gains/losses? Any "gotchas"? thanks sas -- -- Scott Stewart ColdFusion Developer Office of Research Information Systems Research & Economic Development University of North Carolina at Chapel Hill Phone:(919)843-2408 Fax: (919)962-3600 Email: [EMAIL PROTECTED] ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310725 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL injection attack on House of Fusion
I started not to use the rape analogy and certainly didn't want to trivialize something so terrible, but thought it appropriate, especially since someone had brought it up as an analogy previously. Please don't take offense, anyone. Know that I have a daughter and I tell her all the time not to put herself by action or location in a situation to be vulnerable to such an attack. And while I would gently remind her at some point if she were out somewhere she shouldn't have been, I would probably just have to kill her rapist...seriously. > -Original Message- > From: Mark Kruger [mailto:[EMAIL PROTECTED] > Sent: Monday, August 11, 2008 11:24 AM > To: CF-Talk > Subject: RE: SQL injection attack on House of Fusion > > Rick, > > While your argument is well put, perhaps we could choose a slightly less > inflammatory analogy than rape. We have a large group here and I wouldn't > want anyone to be incensed by trivializing such a traumatic event (although > obviously that is not the intent). > > -Mark > > -Original Message- > From: Rick Faircloth [mailto:[EMAIL PROTECTED] > Sent: Monday, August 11, 2008 9:45 AM > To: CF-Talk > Subject: RE: SQL injection attack on House of Fusion > > This would probably be more productively viewed as as "responsibility" > issue, rather than blame. > > Both parties, webmaster and attacker, bear responsibility for the status of > the server/data/etc. > > A negligent server/website admin bears a certain amount of responsibility > for the situation. The attacker also bears responsibility for the > consequences of the attack. > > A court of law might hold only the attacker ultimately responsible. > However, the supervisor of a negligent server/website administrator would > view it as shared responsibility between the attacker and the attacked, as > in, "Why wasn't the server/website protected in the first place?" > > Viewing this as a rape case, if a girl was hanging out on a street corner > and asking passers-by to rape her, then, yes, she bears some responsibility > for putting herself in that situation. It doesn't mean the one who rapes > her doesn't bear the greater responsibility for the situation, and, > therefore, punishment, but a fair judge would have to ask the girl why was > she asking passers-by to rape her in the first place. > > Girls should reasonably avoid provoking rapists, and rapists should resist > their impulses. > > Likewise, server/website admins should reasonably protect their servers and > websites, but hackers should avoid their impulses or share responsibility > for the situation. > > Rick > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310726 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
FCKeditor
Here is my code yet the editor does not seem to work correctly. No toolbar is visible etc. #Comments# Any ideas where I should start to look for problems? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310727 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: FCKeditor
If you were to use a mailto:[EMAIL PROTECTED] ::Sent: Monday, August 11, 2008 8:58 AM ::To: CF-Talk ::Subject: FCKeditor :: ::Here is my code yet the editor does not seem to work correctly. No ::toolbar is visible etc. :: :: :: :: :: ::#Comments# :: :: :: :: :: ::Any ideas where I should start to look for problems? :: :: :: :: :: :: :: :: ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310728 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL injection attack on House of Fusion
Dave Morris wrote: > Ah. You're from the "blame the victim" school. I just see different degrees of guilt. Negligence from developers, greedy shortcuts from management, lazyness from end users, criminal intent from hackers etc. > So I shouldn't be mad at the poor little hackers, because they were doing us > all favor by pointing out our faults. That is your school of thought, > right? The fact is that we all know that whatever we connect to the internet will be attacked. We all know it is an arms race that has been going on for more then a decade and there is no end in sight. What is important is what we do with that knowledge. Do we make sure we are protected to the best of our ability, both for our own sake and to make sure our systems do not become an attack vector against somebody else or not? Every IP address of an attack source that has been published on this list is from somebody who choose not to do so. Jochem ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310729 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: CF 8 Built in SQL Server drivers vs. MS SQL Server 2000 SP3 Driver
Nothing, I've found a couple of CF blogs that point to as being the culprit... But it's in very specific cases: http://www.petefreitag.com/item/677.cfm However, mine is a basic insert statement. the error code(s) returned are: [Macromedia][SQLServer JDBC Driver][SQLServer]Line 28: Incorrect syntax near '@P10'. [Macromedia][SQLServer JDBC Driver][SQLServer]Statement(s) could not be prepared. the main weirdness that I've found is that cfqueryparam is returning "true" or "false" which is a valid response for a boolean but not what a SQL server bit field is expecting. (IE: 1 or 0) Thanks sas Tom Chiverton wrote: > On Monday 11 Aug 2008, Scott Stewart wrote: > >> I've run into an issue that I need opinions on. We've run into some SQL >> server issues, where MS is saying "patch the driver". >> > > And what has Adobe said ? > > -- -- Scott Stewart ColdFusion Developer Office of Research Information Systems Research & Economic Development University of North Carolina at Chapel Hill Phone:(919)843-2408 Fax: (919)962-3600 Email: [EMAIL PROTECTED] ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310730 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CF 8 Built in SQL Server drivers vs. MS SQL Server 2000 SP3 Driver
Thanks Craig The higher ups have deemed this a "last resort"... so if it comes to this I'll put up some results. I'm pursuing what could be an issue with cfqueryparam Craig Dudley wrote: > Not for a while, from memory you just drop the three MS .jar's somewhere in > CF's classpath and restart CF to install and creating datasources becomes a > bit more dificult, I'll see if I can dig up an example for you. > > I seem to remember that performance wasn't all that great, in fact, CF7's > built in drivers were faster in most of my test cases. Sorry I haven't tried > them on CF8. > > The MS drivers don't cause any issues with CF's built in drivers though so > why not give it a try on your dev box? > > Craig. > > -Original Message- > From: Scott Stewart [mailto:[EMAIL PROTECTED] > Sent: 11 August 2008 15:10 > To: CF-Talk > Subject: CF 8 Built in SQL Server drivers vs. MS SQL Server 2000 SP3 Driver > > Hey all, > > I've run into an issue that I need opinions on. We've run into some SQL > server issues, where MS is saying "patch the driver". > Has anyone used the MS SQL Server 2000 SP3 JDBC driver in place of the > one shipped with CF8? > Has it cleared up 8180 errors? > Any performance gains/losses? > Any "gotchas"? > > thanks > > sas > > -- -- Scott Stewart ColdFusion Developer Office of Research Information Systems Research & Economic Development University of North Carolina at Chapel Hill Phone:(919)843-2408 Fax: (919)962-3600 Email: [EMAIL PROTECTED] ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310731 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: SQL injection attack on House of Fusion
Seeing code solutions to this is cool. but imho its best left to your router/firewall to handle. I'd contact the provider to have them put some better controls in place. These are scenarios that almost delve into why cisco has the zero day features on their gear.. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310732 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL injection attack on House of Fusion
> Ah. You're from the "blame the victim" school. > > Unfortunately, when I wrote the first 1,000 ColdFusion > templates using Ben Forta's CF 4.0 book, there was no > CFQueryParam. So going back and rewriting all those programs > (now well into several thousand) has been a bitch. And all > it took was one missed spot. > > So I shouldn't be mad at the poor little hackers, because > they were doing us all favor by pointing out our faults. > That is your school of thought, right? My school of thought is that, if you fail to conform to minimal standards of adequate protection, you have failed to meet due diligence requirements. Your client or employer can sue you for negligence, and they may well win. Although, to be honest, that's not really a school of thought, it's an observation of reality. My school of thought is that there are some things within my control, and other things beyond my control. I am responsible for the things within my control. I don't have control over Eastern European crime syndicates. I do have control over my own application code. CFQUERYPARAM was introduced in CF4. You have had years to solve this problem. Your applications may have been attacked long before now, without you even knowing it. You are free to be angry at the people who've done this. But you're going to have to fix the problem yourself. If we lived in a world where justice were guaranteed, I'd be right there with you in going after these folks, with the requisite tar, feathers and pitchforks. If these people are ever brought to court, I'll be right there with you in calling for their heads. But we don't live in that world, and the only thing we can do is affect the things we control. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310733 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: CF 8 Built in SQL Server drivers vs. MS SQL Server 2000 SP3 Driver
Had a good look but can't find the examples, it's fairly easy to set up anyway. The MS SQL Server JDBC driver is three/jar fiels I think? Just drop them into \ColdFusion8\runtime\jre\lib\ext and restart CF, the .jar should then appear in the big CF Server Java Class Path box in settings summary in CF Admin. When you add a datasource, elect other from the driver dropdown it will ask you for a JDBC URL, Driver Class and Driver Name. All of which is standard JDBC stuff but there are docs in the MS download package I think, it's not complex either way but sorry I couldn't find my examples as it might have saved some time. Craig. -Original Message- From: Scott Stewart [mailto:[EMAIL PROTECTED] Sent: 11 August 2008 17:14 To: CF-Talk Subject: Re: CF 8 Built in SQL Server drivers vs. MS SQL Server 2000 SP3 Driver Thanks Craig The higher ups have deemed this a "last resort"... so if it comes to this I'll put up some results. I'm pursuing what could be an issue with cfqueryparam Craig Dudley wrote: > Not for a while, from memory you just drop the three MS .jar's somewhere in > CF's classpath and restart CF to install and creating datasources becomes a > bit more dificult, I'll see if I can dig up an example for you. > > I seem to remember that performance wasn't all that great, in fact, CF7's > built in drivers were faster in most of my test cases. Sorry I haven't tried > them on CF8. > > The MS drivers don't cause any issues with CF's built in drivers though so > why not give it a try on your dev box? > > Craig. > > -Original Message- > From: Scott Stewart [mailto:[EMAIL PROTECTED] > Sent: 11 August 2008 15:10 > To: CF-Talk > Subject: CF 8 Built in SQL Server drivers vs. MS SQL Server 2000 SP3 Driver > > Hey all, > > I've run into an issue that I need opinions on. We've run into some SQL > server issues, where MS is saying "patch the driver". > Has anyone used the MS SQL Server 2000 SP3 JDBC driver in place of the > one shipped with CF8? > Has it cleared up 8180 errors? > Any performance gains/losses? > Any "gotchas"? > > thanks > > sas > > -- -- Scott Stewart ColdFusion Developer Office of Research Information Systems Research & Economic Development University of North Carolina at Chapel Hill Phone:(919)843-2408 Fax: (919)962-3600 Email: [EMAIL PROTECTED] ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310734 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL injection attack on House of Fusion
> Viewing this as a rape case, if a girl was hanging out on a > street corner and asking passers-by to rape her, then, yes, > she bears some responsibility for putting herself in that > situation. It doesn't mean the one who rapes her doesn't > bear the greater responsibility for the situation, and, > therefore, punishment, but a fair judge would have to ask the > girl why was she asking passers-by to rape her in the first place. > > Girls should reasonably avoid provoking rapists, and rapists > should resist their impulses. > > Likewise, server/website admins should reasonably protect > their servers and websites, but hackers should avoid their > impulses or share responsibility for the situation. This is a poor example, because there are issues of negligence that exist in a professional setting (employee/employer or consultant/client) that don't exist in a personal setting (hanging out on a street corner). Unwise actions aren't necessary negligent in the eyes of the law. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310735 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CF 8 Built in SQL Server drivers vs. MS SQL Server 2000 SP3 Driver
That's cool, I appreciate the input. thanks sas Craig Dudley wrote: > Had a good look but can't find the examples, it's fairly easy to set up > anyway. > > The MS SQL Server JDBC driver is three/jar fiels I think? Just drop them > into \ColdFusion8\runtime\jre\lib\ext and restart CF, the .jar should then > appear in the big CF Server Java Class Path box in settings summary in CF > Admin. > > When you add a datasource, elect other from the driver dropdown it will ask > you for a JDBC URL, Driver Class and Driver Name. All of which is standard > JDBC stuff but there are docs in the MS download package I think, it's not > complex either way but sorry I couldn't find my examples as it might have > saved some time. > > Craig. > > -Original Message- > From: Scott Stewart [mailto:[EMAIL PROTECTED] > Sent: 11 August 2008 17:14 > To: CF-Talk > Subject: Re: CF 8 Built in SQL Server drivers vs. MS SQL Server 2000 SP3 > Driver > > Thanks Craig > > The higher ups have deemed this a "last resort"... so if it comes to > this I'll put up some results. > I'm pursuing what could be an issue with cfqueryparam > > Craig Dudley wrote: > >> Not for a while, from memory you just drop the three MS .jar's somewhere >> > in > >> CF's classpath and restart CF to install and creating datasources becomes >> > a > >> bit more dificult, I'll see if I can dig up an example for you. >> >> I seem to remember that performance wasn't all that great, in fact, CF7's >> built in drivers were faster in most of my test cases. Sorry I haven't >> > tried > >> them on CF8. >> >> The MS drivers don't cause any issues with CF's built in drivers though so >> why not give it a try on your dev box? >> >> Craig. >> >> -Original Message- >> From: Scott Stewart [mailto:[EMAIL PROTECTED] >> Sent: 11 August 2008 15:10 >> To: CF-Talk >> Subject: CF 8 Built in SQL Server drivers vs. MS SQL Server 2000 SP3 >> > Driver > >> Hey all, >> >> I've run into an issue that I need opinions on. We've run into some SQL >> server issues, where MS is saying "patch the driver". >> Has anyone used the MS SQL Server 2000 SP3 JDBC driver in place of the >> one shipped with CF8? >> Has it cleared up 8180 errors? >> Any performance gains/losses? >> Any "gotchas"? >> >> thanks >> >> sas >> >> >> > > -- -- Scott Stewart ColdFusion Developer Office of Research Information Systems Research & Economic Development University of North Carolina at Chapel Hill Phone:(919)843-2408 Fax: (919)962-3600 Email: [EMAIL PROTECTED] ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310736 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: SQL injection attack on House of Fusion
> The second is that this is why. ColdFusion should have > adopted an approach that used an ORM instead With an ORM > it reduces the risk, provided the ORM takes these attacks seriously. > > I have never seen these attacks with hibernate, within GORM > and Domain Driven design approaches. ColdFusion is a programming language, like Java. Just as Java doesn't come with an ORM, neither should CF. > I so hope that ColdFusion 9, has 2 things on its release. > > 1) The engine itself is open sourced. And the extra > functionality and support for middle tier API integration is adopted. I strongly doubt that CF will be open source. > 2) GORM style approach as in DDD (Domain Driven Design) is > taken more seriously. > > With these 2 additions then SQL injection will be a thing of the past. With prepared statements, SQL injection has long been a thing of the past. It's not the job of an ORM to separate SQL code from data values. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310737 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
select input value selection problem
Country selectedselected>#getCountries.cty_name# and I am using this query SELECT cty_iso2, cty_name FROMref_countries ORDER BYcty_name but unfortunately, the correct country is not getting selected. If a country value is there, I want it to be selected, if nothing is there, I want United States as default. The column cty_iso2 has two letter code for the country like 'US' and cty_name contains the whole name like United States of America. I am not able to pi point what's wrong with this code. Also, I convert all the form fields values into vairables scope before the start of the page. Please help. Thanks for help in advance. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310738 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL injection attack on House of Fusion
Security in layers. While it is usually best to thwart this style of attack at the route/firewall, it is wise to have the extra layers at the Apache/IIS/webserver, Coldfusion Application, CF Query and JDBC DB user permission layers. If the first layer is bypassed or compromised then the next layer catches the attack and so on. Having security in layers makes it that much harder for someone to launch a successful attack. Wil Genovese Sr. Web Application Developer On Mon, Aug 11, 2008 at 11:22 AM, Dana Kowalski <[EMAIL PROTECTED]>wrote: > Seeing code solutions to this is cool. but imho its best left to your > router/firewall to handle. I'd contact the provider to have them put some > better controls in place. These are scenarios that almost delve into why > cisco has the zero day features on their gear.. > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310739 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
select input value selection problem
Country selectedselected>#getCountries.cty_name# and I am using this query SELECT cty_iso2, cty_name FROMref_countries ORDER BYcty_name but unfortunately, the correct country is not getting selected. If a country value is there, I want it to be selected, if nothing is there, I want United States as default. The column cty_iso2 has two letter code for the country like 'US' and cty_name contains the whole name like United States of America. I am not able to pi point what's wrong with this code. Also, I convert all the form fields values into vairables scope before the start of the page. Please help. Thanks for help in advance. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310740 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: FCKeditor
No this is not working actually. So this means I just need to add a mapping in IIS for the CFIDE directory for this site and it should work? I think I tried that with no joy. -Original Message- From: William Seiter [mailto:[EMAIL PROTECTED] Sent: Monday, August 11, 2008 12:03 PM To: CF-Talk Subject: RE: FCKeditor If you were to use a mailto:[EMAIL PROTECTED] ::Sent: Monday, August 11, 2008 8:58 AM ::To: CF-Talk ::Subject: FCKeditor :: ::Here is my code yet the editor does not seem to work correctly. No ::toolbar is visible etc. :: :: :: :: :: ::#Comments# :: :: :: :: :: ::Any ideas where I should start to look for problems? :: :: :: :: :: :: :: :: ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310741 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SVN in Production
Kym Kovan wrote: > Yes, and that lends me to the thought that the best scenario for our > particular problem would be to have an exported copy on each production > box (yes, they are clustered) and use a standard diff tool from there to > flip the changes over to the actual production site. I can not imagine any scenario where diff / patch / merge ever is the best way to deploy production code. Because what you would do with diff / patch / merge is either an svn export of tag X to some temporary location and then make your production location equal to the temporary location, or you do something more complex where you do an actual merge and choose to apply some changesets and not others. In the first case, you should just do an svn export followed by a filesystem move. Not only is that much easier, in most modern filesystems a move is an atomic operation so it is much safer. (Or just point your mapping/webroot to the new version you exported. Talk about an easy rollback scenario :) The second case is something you just shouldn't do. Because what you are really saying is "compare version A and B and apply the changes to version C". That means that the final outcome of the process depends on what is in position on the final location already and if some file got corrupted in that power failure three months ago, it will still be corrupted after the new release. In that scenario it is an absolute nightmare to guarantee that what you tested in QA is the same as what you deployed in production. If you deploy code in production you always want it to be an unchanged export of some unique svn URL (preferably a tag). Even a checkout with all the extra files is better then a local merge. Jochem ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310742 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Using CFLoop to Define Variables
Hello -- I am not sure if I am approaching this correctly BUT I have a list of 22 possible items where only 5 can be selected. I then need to assign these five items to a list of variables - SC1, SC2, SC3, SC4, SC5. I am trying to use CFSet within a CFLOOP tag (which loops through the list) to set up these variables but it is failing. Could somone point me in the right direction? Below is the CFLoop code I have been using. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310743 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Using CFLoop to Define Variables
Try putting quotes around your variable: -- Josh - Original Message - From: "Jeanmarie Richardson" <[EMAIL PROTECTED]> To: "CF-Talk" Sent: Monday, August 11, 2008 10:23 AM Subject: Using CFLoop to Define Variables > Hello -- I am not sure if I am approaching this correctly BUT I have a > list of 22 possible items where only 5 can be selected. I then need to > assign these five items to a list of variables - SC1, SC2, SC3, SC4, SC5. > I am trying to use CFSet within a CFLOOP tag (which loops through the > list) to set up these variables but it is failing. Could somone point me > in the right direction? Below is the CFLoop code I have been using. > > > > > > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310744 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: FCKeditor
I readded this virtual directory and this time it works. Thanks for the help. -Original Message- From: William Seiter [mailto:[EMAIL PROTECTED] Sent: Monday, August 11, 2008 12:03 PM To: CF-Talk Subject: RE: FCKeditor If you were to use a mailto:[EMAIL PROTECTED] ::Sent: Monday, August 11, 2008 8:58 AM ::To: CF-Talk ::Subject: FCKeditor :: ::Here is my code yet the editor does not seem to work correctly. No ::toolbar is visible etc. :: :: :: :: :: ::#Comments# :: :: :: :: :: ::Any ideas where I should start to look for problems? :: :: :: :: :: :: :: :: ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310745 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Using CFLoop to Define Variables
Thanks Josh!! Not sure why I didn't try that :-) >Try putting quotes around your variable: > > > >-- Josh > >> ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310746 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: FCKeditor
cheers ::-Original Message- ::From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ::Sent: Monday, August 11, 2008 10:33 AM ::To: CF-Talk ::Subject: RE: FCKeditor :: ::I readded this virtual directory and this time it works. Thanks for the ::help. :: :: ::-Original Message- ::From: William Seiter [mailto:[EMAIL PROTECTED] ::Sent: Monday, August 11, 2008 12:03 PM ::To: CF-Talk ::Subject: RE: FCKeditor :: ::If you were to use a mailto:[EMAIL PROTECTED] Sent: Monday, August 11, 2008 8:58 AM To: CF-Talk Subject: FCKeditor Here is my code yet the editor does not seem to work correctly. No toolbar is visible etc. #Comments# Any ideas where I should start to look for problems? :: :: :: :: ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310747 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
select problem
Country selectedselected>#getCountries.cty_name# and I am using this query SELECT cty_iso2, cty_name FROMref_countries ORDER BY cty_name but unfortunately, the correct country is not getting selected. If a country value is there, I want it to be selected, if nothing is there, I want United States as default. The column cty_iso2 has two letter code for the country like 'US' and cty_name contains the whole name like United States of America. I am not able to pin point what's wrong with this code. Also, I convert all the form fields values into variables scope before the start of the page. Please help. Thanks for help in advance. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310748 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: select problem
Have you looked at your 'view source' code to see if 'selected' is every being generated? Are there any records in your table that have an empty cty_iso2 column? Dave -Original Message- From: Eclectic User [mailto:[EMAIL PROTECTED] Sent: Monday, August 11, 2008 1:07 PM To: CF-Talk Subject: select problem Country selectedselected>#getCountries.cty_name# and I am using this query SELECT cty_iso2, cty_name FROMref_countries ORDER BY cty_name but unfortunately, the correct country is not getting selected. If a country value is there, I want it to be selected, if nothing is there, I want United States as default. The column cty_iso2 has two letter code for the country like 'US' and cty_name contains the whole name like United States of America. I am not able to pin point what's wrong with this code. Also, I convert all the form fields values into variables scope before the start of the page. Please help. Thanks for help in advance. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310749 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
cfqueryparam and bit field (was:Re: CF 8 Built in SQL Server drivers vs. MS SQL Server 2000 SP3 Driver)
The cfqueryparam tags work fine with the character fields, but they're returning true or false as opposed to 1 or 0, even though 1 or 0 is passed to it from the form. Any ideas? Scott Stewart wrote: > That's cool, I appreciate the input. > > thanks > > sas > > Craig Dudley wrote: > >> Had a good look but can't find the examples, it's fairly easy to set up >> anyway. >> >> The MS SQL Server JDBC driver is three/jar fiels I think? Just drop them >> into \ColdFusion8\runtime\jre\lib\ext and restart CF, the .jar should then >> appear in the big CF Server Java Class Path box in settings summary in CF >> Admin. >> >> When you add a datasource, elect other from the driver dropdown it will ask >> you for a JDBC URL, Driver Class and Driver Name. All of which is standard >> JDBC stuff but there are docs in the MS download package I think, it's not >> complex either way but sorry I couldn't find my examples as it might have >> saved some time. >> >> Craig. >> >> -Original Message- >> From: Scott Stewart [mailto:[EMAIL PROTECTED] >> Sent: 11 August 2008 17:14 >> To: CF-Talk >> Subject: Re: CF 8 Built in SQL Server drivers vs. MS SQL Server 2000 SP3 >> Driver >> >> Thanks Craig >> >> The higher ups have deemed this a "last resort"... so if it comes to >> this I'll put up some results. >> I'm pursuing what could be an issue with cfqueryparam >> >> Craig Dudley wrote: >> >> >>> Not for a while, from memory you just drop the three MS .jar's somewhere >>> >>> >> in >> >> >>> CF's classpath and restart CF to install and creating datasources becomes >>> >>> >> a >> >> >>> bit more dificult, I'll see if I can dig up an example for you. >>> >>> I seem to remember that performance wasn't all that great, in fact, CF7's >>> built in drivers were faster in most of my test cases. Sorry I haven't >>> >>> >> tried >> >> >>> them on CF8. >>> >>> The MS drivers don't cause any issues with CF's built in drivers though so >>> why not give it a try on your dev box? >>> >>> Craig. >>> >>> -Original Message- >>> From: Scott Stewart [mailto:[EMAIL PROTECTED] >>> Sent: 11 August 2008 15:10 >>> To: CF-Talk >>> Subject: CF 8 Built in SQL Server drivers vs. MS SQL Server 2000 SP3 >>> >>> >> Driver >> >> >>> Hey all, >>> >>> I've run into an issue that I need opinions on. We've run into some SQL >>> server issues, where MS is saying "patch the driver". >>> Has anyone used the MS SQL Server 2000 SP3 JDBC driver in place of the >>> one shipped with CF8? >>> Has it cleared up 8180 errors? >>> Any performance gains/losses? >>> Any "gotchas"? >>> >>> thanks >>> >>> sas >>> >>> >>> >>> >> >> > > -- -- Scott Stewart ColdFusion Developer Office of Research Information Systems Research & Economic Development University of North Carolina at Chapel Hill Phone:(919)843-2408 Fax: (919)962-3600 Email: [EMAIL PROTECTED] ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310750 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Using CFLoop to Define Variables
Jeanmarie,
Another way is like this:
Or for more cfscript purists:
loop here... {
setVariable("SC"&x,listElement);
}
Regarding : Since this is an 'evaluation',
and I have heard that 'evaluations' cost more performance wise than using a
setVariable() with a concatenated variable name, I prefer to use the first
method I indicated above. However, I can't confirm this performance issue,
although maybe someone else on the list has done some performance testing
with 'evaluations' and can comment on that.
Dave Phillips
-Original Message-
From: Jeanmarie Richardson [mailto:[EMAIL PROTECTED]
Sent: Monday, August 11, 2008 12:32 PM
To: CF-Talk
Subject: Re: Using CFLoop to Define Variables
Thanks Josh!! Not sure why I didn't try that :-)
>Try putting quotes around your variable:
>
>
>
>-- Josh
>
>>
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;203748912;27390454;j
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310751
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Using CFLoop to Define Variables
design wise, would you be better putting those in an array instead of seperate variables? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310752 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: cfqueryparam and bit field
Scott, What cfsqltype attribute are you using in your cfqueryparam? You might try "cf_sql_bit". Also, I had to write a custom function to generate bit values for all boolean values. Here's my function: HTH, Carl Scott Stewart wrote: > The cfqueryparam tags work fine with the character fields, but they're > returning true or false as opposed to 1 or 0, even though 1 or 0 is > passed to it from the form. > > Any ideas? > > Scott Stewart wrote: > >> That's cool, I appreciate the input. >> >> thanks >> >> sas >> >> Craig Dudley wrote: >> >> >>> Had a good look but can't find the examples, it's fairly easy to set up >>> anyway. >>> >>> The MS SQL Server JDBC driver is three/jar fiels I think? Just drop them >>> into \ColdFusion8\runtime\jre\lib\ext and restart CF, the .jar should then >>> appear in the big CF Server Java Class Path box in settings summary in CF >>> Admin. >>> >>> When you add a datasource, elect other from the driver dropdown it will ask >>> you for a JDBC URL, Driver Class and Driver Name. All of which is standard >>> JDBC stuff but there are docs in the MS download package I think, it's not >>> complex either way but sorry I couldn't find my examples as it might have >>> saved some time. >>> >>> Craig. >>> >>> -Original Message- >>> From: Scott Stewart [mailto:[EMAIL PROTECTED] >>> Sent: 11 August 2008 17:14 >>> To: CF-Talk >>> Subject: Re: CF 8 Built in SQL Server drivers vs. MS SQL Server 2000 SP3 >>> Driver >>> >>> Thanks Craig >>> >>> The higher ups have deemed this a "last resort"... so if it comes to >>> this I'll put up some results. >>> I'm pursuing what could be an issue with cfqueryparam >>> >>> Craig Dudley wrote: >>> >>> >>> Not for a while, from memory you just drop the three MS .jar's somewhere >>> in >>> >>> >>> CF's classpath and restart CF to install and creating datasources becomes >>> a >>> >>> >>> bit more dificult, I'll see if I can dig up an example for you. I seem to remember that performance wasn't all that great, in fact, CF7's built in drivers were faster in most of my test cases. Sorry I haven't >>> tried >>> >>> >>> them on CF8. The MS drivers don't cause any issues with CF's built in drivers though so why not give it a try on your dev box? Craig. -Original Message- From: Scott Stewart [mailto:[EMAIL PROTECTED] Sent: 11 August 2008 15:10 To: CF-Talk Subject: CF 8 Built in SQL Server drivers vs. MS SQL Server 2000 SP3 >>> Driver >>> >>> >>> Hey all, I've run into an issue that I need opinions on. We've run into some SQL server issues, where MS is saying "patch the driver". Has anyone used the MS SQL Server 2000 SP3 JDBC driver in place of the one shipped with CF8? Has it cleared up 8180 errors? Any performance gains/losses? Any "gotchas"? thanks sas >>> >>> >>> >> >> > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310753 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Using CFLoop to Define Variables
> Regarding : Since this is an 'evaluation', > and I have heard that 'evaluations' cost more performance wise than using a > setVariable() with a concatenated variable name, I prefer to use the first > method I indicated above. However, I can't confirm this performance issue, > although maybe someone else on the list has done some performance testing > with 'evaluations' and can comment on that. >From http://www.cfquickdocs.com/?getDoc=SetVariable#SetVariable: Description This function is no longer required in well-formed ColdFusion pages. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310754 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: ColdFusion8 silent installation
Thank you, Andy, I initially did not find the link about cf8 silient installation. The missing attribute may also imply that some of these attributes are optional... > ColdFusion8 silent installation - Andy Allan > The main differences between the CF7 and CF8 silent installs are the > properties for things such as LCDS and the .NET bridge. > > CF7 http://www.adobe.com/go/87bd20f4 > CF8 http://www.adobe.com/go/kb402572 > > The one omission that both have is the property for installing the > Report Builder. > > SILENT_INSTALL_REPORTBUILDER=true|false > > Andy > ColdFusion8 silent installation - Andy Allan ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310755 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: ColdFusion8 silent installation
Sure. But there's a reason to add a cf8 datasource without using the admin API. >ColdFusion8 silent installation - Dave Watts, CTO, Fig Leaf Software >> Thanks, Dave. Another question, it looks like one may also >> be able to create a cf8 data source dynamically, and the >> neo-datasource.xml file seems to be the first 'crack' or a >> better way to do it? > >I would prefer to use the admin API to do this, I think. > >ColdFusion8 silent installation - Dave Watts, CTO, Fig Leaf Software ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310756 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Using CFLoop to Define Variables
> From http://www.cfquickdocs.com/?getDoc=SetVariable#SetVariable: > >Description >This function is no longer required in well-formed ColdFusion pages. Well, that's good news. So all it comes down to then is preference. Although I do second Yuliang's comment that using an array might be better design. Dave ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310757 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: select problem
Hi Dave! Thanks for responding. There is no NULL value in the country table and in the source code, United States is 'selected' but its not selected on the page. I am not getting why its happening. Please guide me if you know the reason. >Have you looked at your 'view source' code to see if 'selected' is every >being generated? > >Are there any records in your table that have an empty cty_iso2 column? > >Dave > > Country > > > > getCountries.cty_iso2>selectedlen(trim(variables.addr_country)) and getCountries.cty_iso2 eq >'US'>selected>#getCountries.cty_name# > > > > > >and I am using this query > > > SELECT cty_iso2, cty_name > FROMref_countries > ORDER BY cty_name > >but unfortunately, the correct country is not getting selected. If a country >value is there, I want it to be selected, if nothing is there, I want United >States as default. The column cty_iso2 has two letter code for the country >like 'US' and cty_name contains the whole name like United States of >America. I am not able to pin point what's wrong with this code. Also, I >convert all the form fields values into variables scope before the start of >the page. Please help. Thanks for help in advance. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310758 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: select problem
What browser are you using? Some browsers like to "help" their users by remembering the most recent "state" (what was selected in a select box, or typed in a text field) and defaulting to that when you hit a form again. This will even override the "Selected" attribute of a select box. I know FireFox can be guilty of this. It's real simple, view the source of your rendered page, as long as the item in the select box that should be set to selected has the selected attribute, and no other item in the list has it, you succeeded. However, the browser can screw you from a presentation standpoint if it decides something else should be selected. Clearing the cache should help. =] -- Alan Rother Adobe Certified Advanced ColdFusion MX 7 Developer Manager, Phoenix Cold Fusion User Group, AZCFUG.org ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310759 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: cfqueryparam and bit field
Y'know, this has wound up being one of those "Ghost in the machine" things. I back pedaled and took all of the cfqueryparams out of the query and ran it a couple of times to make sure that the sql was sound, it was. Then I added the query params back in, starting with the char fields, they worked, then I added the cfquery params to the date fields, they worked. Lastly I added them back to the bit fields.. it all works. I did make sure that the incoming cfarguments were defined as boolean, for the corresponding bit fields, but other than that I can only assume that I cleared something funky out of cache somewhere Carl Von Stetten wrote: > Scott, > > What cfsqltype attribute are you using in your cfqueryparam? You might > try "cf_sql_bit". Also, I had to write a custom function to generate > bit values for all boolean values. Here's my function: > > > > > > > > > > > > > > > > > > > > > > > HTH, > Carl > > Scott Stewart wrote: > >> The cfqueryparam tags work fine with the character fields, but they're >> returning true or false as opposed to 1 or 0, even though 1 or 0 is >> passed to it from the form. >> >> Any ideas? >> >> Scott Stewart wrote: >> >> >>> That's cool, I appreciate the input. >>> >>> thanks >>> >>> sas >>> >>> Craig Dudley wrote: >>> >>> >>> Had a good look but can't find the examples, it's fairly easy to set up anyway. The MS SQL Server JDBC driver is three/jar fiels I think? Just drop them into \ColdFusion8\runtime\jre\lib\ext and restart CF, the .jar should then appear in the big CF Server Java Class Path box in settings summary in CF Admin. When you add a datasource, elect other from the driver dropdown it will ask you for a JDBC URL, Driver Class and Driver Name. All of which is standard JDBC stuff but there are docs in the MS download package I think, it's not complex either way but sorry I couldn't find my examples as it might have saved some time. Craig. -Original Message- From: Scott Stewart [mailto:[EMAIL PROTECTED] Sent: 11 August 2008 17:14 To: CF-Talk Subject: Re: CF 8 Built in SQL Server drivers vs. MS SQL Server 2000 SP3 Driver Thanks Craig The higher ups have deemed this a "last resort"... so if it comes to this I'll put up some results. I'm pursuing what could be an issue with cfqueryparam Craig Dudley wrote: > Not for a while, from memory you just drop the three MS .jar's somewhere > > > > in > CF's classpath and restart CF to install and creating datasources becomes > > > > a > bit more dificult, I'll see if I can dig up an example for you. > > I seem to remember that performance wasn't all that great, in fact, CF7's > built in drivers were faster in most of my test cases. Sorry I haven't > > > > tried > them on CF8. > > The MS drivers don't cause any issues with CF's built in drivers though so > why not give it a try on your dev box? > > Craig. > > -Original Message- > From: Scott Stewart [mailto:[EMAIL PROTECTED] > Sent: 11 August 2008 15:10 > To: CF-Talk > Subject: CF 8 Built in SQL Server drivers vs. MS SQL Server 2000 SP3 > > > > Driver > Hey all, > > I've run into an issue that I need opinions on. We've run into some SQL > server issues, where MS is saying "patch the driver". > Has anyone used the MS SQL Server 2000 SP3 JDBC driver in place of the > one shipped with CF8? > Has it cleared up 8180 errors? > Any performance gains/losses? > Any "gotchas"? > > thanks > > sas > > > > > > >>> >>> >>> >> >> > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310760 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: ColdFusion8 silent installation
> Sure. But there's a reason to add a cf8 datasource without > using the admin API. What is that reason? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310761 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
