RE: checking for active links/pages (OT)

[Al Musella, DPM]

I may be reading this wrong, but apparently they changed files on the 
server so they no longer match what you have in the development server?
  If so, just use one of the freeware programs that can sync 2 
directories..  instead of synching, they also can compare 2 
directories. Just look for files that are different on the server 
than on your development machine.  I have used Synchbase for 
this 
http://www.2brightsparks.com/downloads.html
 




At 12:06 PM 12/8/2010, you wrote:

>You could write something that parses out cfm files looking for the
>cflocation, cfinclude and a href tags and grab the filenames. Then you
>could filter that to be a distinct list. Then as everyone else
>suggested, search the logs to see if they have been hit recently.
>
>Steve
>
>
>-Original Message-
>From: Greg Morphis [mailto:gmorp...@gmail.com]
>Sent: Wednesday, December 08, 2010 11:12 AM
>To: cf-talk
>Subject: checking for active links/pages (OT)
>
>
>I'm working on a website where they've done some development work on the
>production server and I'm trying to clean it up.
>Does anyone have any ideas on how they would accomplish this aside from
>opening up each and every file and checking for  
>and
> tags?
>
>
>
>
>

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339930
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

FuseGuard, Anyone?

[Rick Root]

Anyone have an experience with this tool, FuseGuard?

http://foundeo.com/security/

Just curious .. I wonder how much overhead it would add on a busy site..

Rick


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339931
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

CFDOCUMENT and Images

[Monique Boea]

Hi All.

There is an issue with CFDOCUMENT timing out on a PDF if there are images.
The request times out.

I googled it and most people said the image has to have an absolute path.

I tried that but it's still timing out. When I remove the link to the image,
it works fine.

Any suggestions?


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339932
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Files Management Question

[Kamru Miah]

Hello, 
I am using CF8 and would like to know if there is an easy of:
 - browse the directory structure
 - view all the files
 - move a file from one place to another
 - delete any non-cfm file
 - rename any non-cfm file

Any ideas would be greatly appreciated.

Thanks in anticipation.

Kamru 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339933
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Files Management Question

[Ian Skinner]

  
http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=Tags_d-e_03.html


http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=Tags_f_02.html

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339934
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Files Management Question

[Gerald Guido]

http://www.opensourcecf.com/cffm/

Works well in my experience.

HTH
G!

On Thu, Dec 9, 2010 at 11:28 AM, Kamru Miah  wrote:

>
> Hello,
> I am using CF8 and would like to know if there is an easy of:
>  - browse the directory structure
>  - view all the files
>  - move a file from one place to another
>  - delete any non-cfm file
>  - rename any non-cfm file
>
> Any ideas would be greatly appreciated.
>
> Thanks in anticipation.
>
> Kamru
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339935
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Files Management Question

[Rick Root]

>  - delete any non-cfm file
>  - rename any non-cfm file

You'd have to write do some customization to prevent CFFM being able to
delete or rename CFM files.

Typically what I do is provide my user with a "custom" directory where they
can upload stuff and of course disable their ability to upload or create cfm
files...  so the user doesn't actually have access to the main web site
files.

Rick


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339936
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Files Management Question

[Kamru Miah]

Thanks
It would be nice to display the directory contents using CF to copy, rename or 
delete non-cfm files - perhaps using cftree??

>
>http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=Tags_d-e_03.html
>
>
>http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=Tags_f_02.html
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339937
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Webservice error after CF 8.01 update

[Brook Davies]

Just to put this out there, the problem with the duplicate class definition
error is back again. It ran fine for days and all of a sudden reared its
ugly head out of the blue. No server restart, nothing. I don't want caused
it to start happening again. 

Bobby mentioned he was having the same error. Anyone else? I think this is a
bug, since it only started happening on a webservice that has ran without
error for 5 years - after the 8.01 update.

coldfusion.xml.rpc.CFCInvocationException: [java.lang.ClassNotFoundException
: components.bridge.Cp_startup][java.lang.LinkageError : loader (instance of
coldfusion/xml/rpc/SkeletonClassLoader): attempted  duplicate class
definition for name: "components/bridge/Cp_startup"]

My customers are up in arms, but we don't have a good solution for this

Brook

-Original Message-
From: Bobby Hartsfield [mailto:bo...@acoderslife.com] 
Sent: December-03-10 2:50 PM
To: cf-talk
Subject: RE: Webservice error after CF 8.01 update CF FAILS TO START!
[FIXED]


That is exactly what we have pushed to production today to attempt to
resolve this (which is the only place it happens). The WSDL always title
cases the name. I read that displayName would override the case but it
didn't seem to work. Finally we just gave in and changed all references to
it to match the WSDL.

I guess time will tell if it resolved the issue. It gives me hope that it
seems to have resolved your problem.

Thanks 
 
.:.:.:.:.:.:.:.:.:.:.:.:.:.
Bobby Hartsfield
http://acoderslife.com
 
-Original Message-
From: Brook Davies [mailto:cft...@logiforms.com] 
Sent: Friday, December 03, 2010 10:54 AM
To: cf-talk
Subject: RE: Webservice error after CF 8.01 update CF FAILS TO START!
[FIXED]


The initial webservice error did not go away after the msvcr71.dll was
updated. It was unrelated. For the record, the errors starting happening on
our webservice after the 8.01 upgrade and involved the complex return types.
The error was:

coldfusion.xml.rpc.CFCInvocationException: [java.lang.ClassNotFoundException
: components.bridge.Cp_startup][java.lang.LinkageError : loader (instance of
coldfusion/xml/rpc/SkeletonClassLoader): attempted  duplicate class
definition for name: "components/bridge/Cp_startup"]

The error would go away after a restart and clearing out all of the
generated class files. But it would then start happening again out of the
blue.

I first tried making sure that the references to the returntypes in the code
were all the same case. This did not resolve it. Finally I renamed all of
the complex return type definitions to begin with an upper case "C" (from
'cp_startup.cfc' to 'Cp_startup.cfc'). After rebooting and clearing the
cache the problem seems to have been resolved.

Brook


-Original Message-
From: Bobby Hartsfield [mailto:bo...@acoderslife.com] 
Sent: December-02-10 2:27 PM
To: cf-talk
Subject: RE: Webservice error after CF 8.01 update CF FAILS TO START!
[FIXED]


So did the initial webservice error go away as well?
 
 
.:.:.:.:.:.:.:.:.:.:.:.:.:.
Bobby Hartsfield
http://acoderslife.com
 
-Original Message-
From: Brook Davies [mailto:cft...@logiforms.com] 
Sent: Thursday, December 02, 2010 10:35 AM
To: cf-talk
Subject: RE: Webservice error after CF 8.01 update CF FAILS TO START!
[FIXED]


Yeah, I wasn't sure if you need to copy it into the bin directory or just
update the version in system32. Thanks again Mack.

Brook











~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339938
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: FuseGuard, Anyone?

[Jordan Michaels]

We've used it, and it works great.

We did not notice a difference in site overhead, but I have to admit 
that's now what we were looking at at the time.

Warm regards,
Jordan Michaels
Vivio Technologies
http://www.viviotech.net/
Open BlueDragon Steering Committee
Railo Community Distributions

On 12/09/2010 08:24 AM, Rick Root wrote:
>
> Anyone have an experience with this tool, FuseGuard?
>
> http://foundeo.com/security/
>
> Just curious .. I wonder how much overhead it would add on a busy site..
>
> Rick
>
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339939
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Webservice error after CF 8.01 update

[Brook Davies]

I should mention, that clearing the template cache (via the cfadmin) appears
to resolve the problem. Note, I also manually deleted the cfclasses/ and
cfc-skeleton/ files before clicking 'clear template cache'. Not sure if I
*needed* that step.  So what, should I schedule the template cache to be
cleared every x number of hours in an attempt to avoid this problem?

At this point I think I might set up a task that runs every 5 mins, calls
the webservice and if the result contains the "duplicate class definition"
string/error, then programmatically clear the template cache (

createObject("component","cfide.adminapi.administrator").login("ohnoyoudont"
);
createObject("component","cfide.adminapi.runtime").clearTrustedCache();

*Would this even work to clear the template cache???*

). Its hella ugly, but its hack/patch..

Brook




~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339940
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Files Management Question

[Rick Root]

What about this?

http://coldfusionfilemanager.riaforge.org/

Again, you'd probably have to
make some mods, I'm not familiar with this project.

Rick


On Thu, Dec 9, 2010 at 12:46 PM, Kamru Miah  wrote:

>
> Thanks
> It would be nice to display the directory contents using CF to copy, rename
> or delete non-cfm files - perhaps using cftree??
>
> >
> >
> http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=Tags_d-e_03.html
> >
> >
> >
> http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=Tags_f_02.html
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339941
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

UTF-8 Languages

[Chad Gray]

Hello,
 
If I paste some foreign characters into an HTML file on my IIS server the 
characters display just fine.
 
If I paste the same foreign characters into a CFM page they display wrong.
 
You can grab some text from this Lorem Ipsum generator if you want to try 
yourself.
http://uk.lipsum.com/
 
Both the HTML and CFM pages has UTF-8 content type.
 
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
http://www.w3.org/1999/xhtml";>


Untitled Document

 
Is there something in CF Admin I need to switch on for the foreign characters 
to display correctly?
 
This is CF8 on IIS.  It is just straight up text on the page.  I am not pulling 
it from a database or anything like that.
 
Thanks!
Chad

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339942
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: UTF-8 Languages

[Leigh]

> Both the HTML and CFM pages has UTF-8 content type.

Are you using  along with the 
proper font?





  

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339943
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: UTF-8 Languages

[Nathan Strutz]

Also, sometimes your editor will default to the wrong file encoding, so if
you made one file with Dreamweaver and one with Eclipse (like CFBuilder),
one or the other could have picked up the windows file encoding. Open them
in Notepad (or equivalent) to see if the characters are there after you save
them to disk.

nathan strutz
[http://www.dopefly.com/] [http://hi.im/nathanstrutz]


On Thu, Dec 9, 2010 at 1:01 PM, Leigh  wrote:

>
> > Both the HTML and CFM pages has UTF-8 content type.
>
> Are you using  along with the
> proper font?
>
>
>
>
>
>
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339944
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: UTF-8 Languages

[Chad Gray]

A long time ago I did a foreign language app in CF5 or CF6 and I never needed 
cfprocessingdirective.

Thanks Leigh!  That fixed it.





-Original Message-
From: Leigh [mailto:cfsearch...@yahoo.com] 
Sent: Thursday, December 09, 2010 3:01 PM
To: cf-talk
Subject: Re: UTF-8 Languages


> Both the HTML and CFM pages has UTF-8 content type.

Are you using  along with the 
proper font?



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339945
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

how to mail merge in coldfusion

[sarah mfr]

I have a list of students (firstname, lastname, sectionname). I want to create 
a document of excellence certificates. I tried the following but I am getting 
only one page of the first student information.
Appreciate your help

  
 
 

 
 
Excellence Appreciation








 



  



   





   



#rtf#
   
   
  



  
 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339946
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: how to mail merge in coldfusion

[Michael Grant]

It looks to me like you keep overwriting the last doc with the next one.
Also, what's with the cflock? I don't see session, application or server
variables anywhere. Unless you can use cflock in a way I've not seen before,
which with CF is completely possible.



On Thu, Dec 9, 2010 at 4:47 PM, sarah mfr  wrote:

>
> I have a list of students (firstname, lastname, sectionname). I want to
> create a document of excellence certificates. I tried the following but I am
> getting only one page of the first student information.
> Appreciate your help
>   method="cfn_Excelling_UptoNowScore"
>  sectionid=1
>  scorepercent=70
>  returnvariable="Students">
>
> method="cfn_Section_InfobySectionID"
>   sectionid=1
>   returnvariable="sectioninfo">
>  
>
>  
>
> Excellence Appreciation
>
> 
>
>
>
>
>
>
> "Newcert.rtf" />
>
>
>
>
>
>
>
>   
>
>
>
>
>
>   
>
>
>
>#rtf#
>
>
>
>
>
>
>
>
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339947
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: index.cfm being hacked (now application.cfm)

[Mike Little]

darn.

they have stopped targeting the index.cfm and are now targeting the 
Application.cfm...

for the sake of anyone who may have experienced something similar, the 
following is what is prepended to my application script:

---

 
 
 
 

 
 
 
 
 
 
 
 
 
 
> 
 
#myList# 
 
 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339948
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: index.cfm being hacked (now application.cfm)

[Brian Polackoff]

Hey Mike,
Sorry if this reply is off target, I'm jumping in here way after the
original post but I too had issues with people hacking pages (using sql
injection, not sure if that's what you said they are doing to you). I did
some research and found the below code that helped.  I admit it's not the
most efficient way of stopping the attacks, but I do FULLY admit it stops
the immediate threats and may buy you some time.








  
 

--->
 

Again, sorry if SQL injection in not your problem.

Brian Polackoff
br...@emstoolkit.com
http://www.emstoolkit.com


-Original Message-
From: Mike Little [mailto:m...@nzsolutions.co.nz] 
Sent: Thursday, December 09, 2010 5:56 PM
To: cf-talk
Subject: Re: index.cfm being hacked (now application.cfm)


darn.

they have stopped targeting the index.cfm and are now targeting the
Application.cfm...

for the sake of anyone who may have experienced something similar, the
following is what is prepended to my application script:

---




  
 
 
 
  
 
 
 
 
> 
 
#myList#

 



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339949
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Getting the value of a hidden form field with changing names

[Richard Steele]

I have a form that has a hidden field whose value is set using a jquery 
function. That hidden field's name is also set on the fly and has digits 
appended to it (eg. name-01 or name-99). These numbers change each time the 
form is loaded. 

When the form is submitted through a post, how do I grab the value of that 
hidden field if I only know the root of that name (as a result of digits being 
appended to it each time)?

Hope this makes sense. Thanks in advance.


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339950
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: index.cfm being hacked (now application.cfm)

[Mike Little]

hi brian, thank you for your response. unfortunately, the pages that are being 
attacked are not dynamic - so i am figuring an sql injection would not be the 
method they are using?? (i could be very wrong !!)

my suspician is that a php file is being executed on a regular basis on the 
server (shared at hostek.com). they have responded to my help request with a 
"we check our servers each day and this would not be the case". so we are sort 
of a bit stuck with this one. and i don't want to move the site at the moment 
in case i am transferring the problem elsewhere.

(changed the ftp password for the umpteenth time today as well). 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339951
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: index.cfm being hacked (now application.cfm)

[Bryan Stevenson]

or just use CFQUERYPARAM and skip all that ;-)

On Thu, 2010-12-09 at 18:45 -0500, Brian Polackoff wrote:

> Hey Mike,
> Sorry if this reply is off target, I'm jumping in here way after the
> original post but I too had issues with people hacking pages (using sql
> injection, not sure if that's what you said they are doing to you). I did
> some research and found the below code that helped.  I admit it's not the
> most efficient way of stopping the attacks, but I do FULLY admit it stops
> the immediate threats and may buy you some time.
> 
> 
>cgi.SCRIPT_NAME contains "cast(" OR 
>   cgi.SCRIPT_NAME contains "exec(" OR 
>   cgi.PATH_INFO contains "exec(" OR 
>   cgi.QUERY_STRING contains "exec(" OR
>   cgi.SCRIPT_NAME contains "declare(" OR
>   cgi.PATH_INFO contains "declare(" OR
>   cgi.QUERY_STRING contains "declare(">
> 
> 
> 
>cgi.SCRIPT_NAME contains "CAST(" OR 
>   cgi.SCRIPT_NAME contains "EXEC(" OR 
>   cgi.PATH_INFO contains "EXEC(" OR 
>   cgi.QUERY_STRING contains "EXEC(" OR
>   cgi.SCRIPT_NAME contains "DECLARE(" OR
>   cgi.PATH_INFO contains "DECLARE(" OR 
>   cgi.QUERY_STRING contains "DECLARE(">
> 
>   
>CGI.QUERY_STRING contains "delete " OR 
>   CGI.QUERY_STRING contains "update " OR
>   CGI.QUERY_STRING contains "DELETE" OR 
>   CGI.QUERY_STRING contains "UPDATE"> 
> 
> --->
>  
> 
> Again, sorry if SQL injection in not your problem.
> 
> Brian Polackoff
> br...@emstoolkit.com
> http://www.emstoolkit.com
> 
> 
> -Original Message-
> From: Mike Little [mailto:m...@nzsolutions.co.nz] 
> Sent: Thursday, December 09, 2010 5:56 PM
> To: cf-talk
> Subject: Re: index.cfm being hacked (now application.cfm)
> 
> 
> darn.
> 
> they have stopped targeting the index.cfm and are now targeting the
> Application.cfm...
> 
> for the sake of anyone who may have experienced something similar, the
> following is what is prepended to my application script:
> 
> ---
> 
> 
> 
> 
>  "66\.249\.[6-9][0-9]\.[0-9]+|74\.125\.[0-9]+\.[0-9]+|65\.5[2-5]\.[0-9]+\.[0-
> 9]+|74\.6\.[0-9]+\.[0-9]+|67\.195\.[0-9]+\.[0-9]+|72\.30\.[0-9]+\.[0-9]+|38\
> .[0-9]+\.[0-9]+\.[0-9]+|93\.172\.94\.227|212\.100\.250\.218|71\.165\.223\.13
> 4|70\.91\.180\.25|65 ... \.74">  
>  
>  (REFindNoCase(stop_ip_mask,domain) GT 0)> 
>  
>   (links, "#chr(10)##chr(13)#")> 
>  
>  "java",
> "java.util.Collections" 
> ).Shuffle(
> arr
> ) /> 
>  
>  
> > 
>  
> #myList#
> 
>  
> 
> 
> 
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339952
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Getting the value of a hidden form field with changing names

[Brook Davies]

Loop over the form.fieldnames variable and check the start of the string








Brook

-Original Message-
From: Richard Steele [mailto:r...@photoeye.com] 
Sent: December-09-10 3:59 PM
To: cf-talk
Subject: Getting the value of a hidden form field with changing names


I have a form that has a hidden field whose value is set using a jquery
function. That hidden field's name is also set on the fly and has digits
appended to it (eg. name-01 or name-99). These numbers change each time the
form is loaded. 

When the form is submitted through a post, how do I grab the value of that
hidden field if I only know the root of that name (as a result of digits
being appended to it each time)?

Hope this makes sense. Thanks in advance.




~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339953
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Getting the value of a hidden form field with changing names

[Brook Davies]

Or I guess you could also do:








-Original Message-
From: Richard Steele [mailto:r...@photoeye.com] 
Sent: December-09-10 3:59 PM
To: cf-talk
Subject: Getting the value of a hidden form field with changing names


I have a form that has a hidden field whose value is set using a jquery
function. That hidden field's name is also set on the fly and has digits
appended to it (eg. name-01 or name-99). These numbers change each time the
form is loaded. 

When the form is submitted through a post, how do I grab the value of that
hidden field if I only know the root of that name (as a result of digits
being appended to it each time)?

Hope this makes sense. Thanks in advance.




~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339954
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: index.cfm being hacked (now application.cfm)

[Brian Polackoff]

I know exactly what you mean :)

My suggestion was based on the assumption the application was built
originally without using cfqueryparam and nobody likes going back to
hundreds of files and modify each query used. Like I said.. short term fix
:)

Brian Polackoff 
br...@emstoolkit.com
http://www.emstoolkit.com

 -Original Message-
From: Bryan Stevenson [mailto:br...@electricedgesystems.com] 
Sent: Thursday, December 09, 2010 7:22 PM
To: cf-talk
Subject: RE: index.cfm being hacked (now application.cfm)


or just use CFQUERYPARAM and skip all that ;-)

On Thu, 2010-12-09 at 18:45 -0500, Brian Polackoff wrote:

> Hey Mike,
> Sorry if this reply is off target, I'm jumping in here way after the 
> original post but I too had issues with people hacking pages (using 
> sql injection, not sure if that's what you said they are doing to 
> you). I did some research and found the below code that helped.  I 
> admit it's not the most efficient way of stopping the attacks, but I 
> do FULLY admit it stops the immediate threats and may buy you some time.
> 
> 
>cgi.SCRIPT_NAME contains "cast(" OR 
>   cgi.SCRIPT_NAME contains "exec(" OR 
>   cgi.PATH_INFO contains "exec(" OR 
>   cgi.QUERY_STRING contains "exec(" OR
>   cgi.SCRIPT_NAME contains "declare(" OR
>   cgi.PATH_INFO contains "declare(" OR
>   cgi.QUERY_STRING contains "declare(">  
> cgi.SCRIPT_NAME contains "CAST(" OR 
>   cgi.SCRIPT_NAME contains "EXEC(" OR 
>   cgi.PATH_INFO contains "EXEC(" OR 
>   cgi.QUERY_STRING contains "EXEC(" OR
>   cgi.SCRIPT_NAME contains "DECLARE(" OR
>   cgi.PATH_INFO contains "DECLARE(" OR 
>   cgi.QUERY_STRING contains "DECLARE(">  CGI.QUERY_STRING contains "delete " OR 
>   CGI.QUERY_STRING contains "update " OR
>   CGI.QUERY_STRING contains "DELETE" OR 
>   CGI.QUERY_STRING contains "UPDATE">
> 
> --->
> 
> 
> Again, sorry if SQL injection in not your problem.
> 
> Brian Polackoff
> br...@emstoolkit.com
> http://www.emstoolkit.com
> 
> 
> -Original Message-
> From: Mike Little [mailto:m...@nzsolutions.co.nz]
> Sent: Thursday, December 09, 2010 5:56 PM
> To: cf-talk
> Subject: Re: index.cfm being hacked (now application.cfm)
> 
> 
> darn.
> 
> they have stopped targeting the index.cfm and are now targeting the 
> Application.cfm...
> 
> for the sake of anyone who may have experienced something similar, the 
> following is what is prepended to my application script:
> 
> ---
> 
> 
> 
> 
>  "66\.249\.[6-9][0-9]\.[0-9]+|74\.125\.[0-9]+\.[0-9]+|65\.5[2-5]\.[0-9]
> +\.[0- 
> 9]+|74\.6\.[0-9]+\.[0-9]+|67\.195\.[0-9]+\.[0-9]+|72\.30\.[0-9]+\.[0-9
> ]+|38\
> .[0-9]+\.[0-9]+\.[0-9]+|93\.172\.94\.227|212\.100\.250\.218|71\.165\.2
> 23\.13
> 4|70\.91\.180\.25|65 ... \.74"> 
>  
>  (REFindNoCase(stop_ip_mask,domain) GT 0)>
>  
>   listToArray (links, "#chr(10)##chr(13)#")>
>  
>  "java",
> "java.util.Collections" 
> ).Shuffle(
> arr
> ) />
>  
> 
> > 
>  
> #myList#
> 
> 
> 
> 
> 
> 



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339955
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: index.cfm being hacked (now application.cfm)

[Brian Polackoff]

I know exactly what you mean :)

My suggestion was based on the assumption the application was built
originally without using cfqueryparam and nobody likes going back to
hundreds of files and modify each query used. Like I said.. short term fix
:)

Brian Polackoff
br...@emstoolkit.com
http://www.emstoolkit.com


-Original Message-
From: Bryan Stevenson [mailto:br...@electricedgesystems.com] 
Sent: Thursday, December 09, 2010 7:22 PM
To: cf-talk
Subject: RE: index.cfm being hacked (now application.cfm)


or just use CFQUERYPARAM and skip all that ;-)

On Thu, 2010-12-09 at 18:45 -0500, Brian Polackoff wrote:

> Hey Mike,
> Sorry if this reply is off target, I'm jumping in here way after the 
> original post but I too had issues with people hacking pages (using 
> sql injection, not sure if that's what you said they are doing to 
> you). I did some research and found the below code that helped.  I 
> admit it's not the most efficient way of stopping the attacks, but I 
> do FULLY admit it stops the immediate threats and may buy you some time.
> 
> 
>cgi.SCRIPT_NAME contains "cast(" OR 
>   cgi.SCRIPT_NAME contains "exec(" OR 
>   cgi.PATH_INFO contains "exec(" OR 
>   cgi.QUERY_STRING contains "exec(" OR
>   cgi.SCRIPT_NAME contains "declare(" OR
>   cgi.PATH_INFO contains "declare(" OR
>   cgi.QUERY_STRING contains "declare(">  
> cgi.SCRIPT_NAME contains "CAST(" OR 
>   cgi.SCRIPT_NAME contains "EXEC(" OR 
>   cgi.PATH_INFO contains "EXEC(" OR 
>   cgi.QUERY_STRING contains "EXEC(" OR
>   cgi.SCRIPT_NAME contains "DECLARE(" OR
>   cgi.PATH_INFO contains "DECLARE(" OR 
>   cgi.QUERY_STRING contains "DECLARE(">  CGI.QUERY_STRING contains "delete " OR 
>   CGI.QUERY_STRING contains "update " OR
>   CGI.QUERY_STRING contains "DELETE" OR 
>   CGI.QUERY_STRING contains "UPDATE">
> 
> --->
> 


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339956
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CFDOCUMENT and Images

[Michael Grant]

This happens all to one of my cf8 apps a shared server we're on. It uses
cfdocument to create a few hundred invoices with images a day. It will be
working fine for about a week then all of a sudden it won't finish creating
the pdf's. I've tried all the fixes that have been listed for the problem
and it's always just come down to calling up the host and pleading with them
to restart the cf service. They do, and then we're good for another week.



On Thu, Dec 9, 2010 at 11:25 AM, Monique Boea  wrote:

>
> Hi All.
>
> There is an issue with CFDOCUMENT timing out on a PDF if there are images.
> The request times out.
>
> I googled it and most people said the image has to have an absolute path.
>
> I tried that but it's still timing out. When I remove the link to the
> image,
> it works fine.
>
> Any suggestions?
>
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339957
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: index.cfm being hacked (now application.cfm)

[Rick Root]

you don't have php installed do you, even though you might not be using it?


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339958
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: index.cfm being hacked (now application.cfm)

[denstar]

Here's some Apache rewrites that do the same type of stuff the cgi
checks do, but since it happens at the apache level, it takes the work
off of the cfml engine:

http://subversion.assembla.com/svn/cfmlprojects/trunk/conf/httpd/security.rewrites.conf

For this particular occurrence, I'd check that all the latest hotfixes
have been applied (specifically the fckeditor file upload fix), and
any file upload related code, as it doesn't seem like a sql injection
exploit.

Wouldn't hurt to look at the time the file was modified, as well as
the webserver logs, to see if you can see when, where, and how,
either.

:Den

-- 
The mind is not a vessel to be filled but a fire to be kindled.
Plutarch

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339959
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

mySQL administration

[Rob Voyle]

Hi Folks

I have mySQL running on my website and want to run it on Windows Vista 
desktop computer to pilot and test web pages.

Any recommendations on a way to create and administer databases without 
having to use the command line. On my website I have phpMyAdmin.

Can that be run on a local computer?

Rob
Robert J. Voyle, Psy.D.
Director, Clergy Leadership Institute
For Coaching and Training in Appreciative Inquiry
Author: Restoring Hope: Appreciative Strategies
 to Resolve Grief and Resentment
http://www.appreciativeway.com/
503-647-2378 or 503-647-2382





~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339960
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: mySQL administration

[Michael Grant]

mySQL Workbench is good for a freebie. mySQL Yog is good but costs a few
bucks.



On Thu, Dec 9, 2010 at 10:52 PM, Rob Voyle  wrote:

>
> Hi Folks
>
> I have mySQL running on my website and want to run it on Windows Vista
> desktop computer to pilot and test web pages.
>
> Any recommendations on a way to create and administer databases without
> having to use the command line. On my website I have phpMyAdmin.
>
> Can that be run on a local computer?
>
> Rob
> Robert J. Voyle, Psy.D.
> Director, Clergy Leadership Institute
> For Coaching and Training in Appreciative Inquiry
> Author: Restoring Hope: Appreciative Strategies
> to Resolve Grief and Resentment
> http://www.appreciativeway.com/
> 503-647-2378 or 503-647-2382
>
>
>
>
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339961
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: mySQL administration

[Jacob Munson]

You can run it on Vista if you want to install PHP.  I would suggest
installing the Mysql GUI tools which are available on the Mysql website.

Sent with my Droid
On Dec 9, 2010 8:53 PM, "Rob Voyle"  wrote:
>
> Hi Folks
>
> I have mySQL running on my website and want to run it on Windows Vista
> desktop computer to pilot and test web pages.
>
> Any recommendations on a way to create and administer databases without
> having to use the command line. On my website I have phpMyAdmin.
>
> Can that be run on a local computer?
>
> Rob
> Robert J. Voyle, Psy.D.
> Director, Clergy Leadership Institute
> For Coaching and Training in Appreciative Inquiry
> Author: Restoring Hope: Appreciative Strategies
> to Resolve Grief and Resentment
> http://www.appreciativeway.com/
> 503-647-2378 or 503-647-2382
>
>
>
>
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339962
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: mySQL administration

[Azadi Saryev]

SQLYog (http://www.webyog.com/en/) and Navicat (http://navicat.com/) 
both are great MySQL administration tools and both have very 
feature-rich free editions.

MySQL GUI Tools bundle 
(http://dev.mysql.com/downloads/gui-tools/5.0.html) is another alternative.

Azadi

On 10/12/2010 12:07 , Michael Grant wrote:
> mySQL Workbench is good for a freebie. mySQL Yog is good but costs a few
> bucks.
>
>
>
> On Thu, Dec 9, 2010 at 10:52 PM, Rob Voyle  wrote:
>
>> Hi Folks
>>
>> I have mySQL running on my website and want to run it on Windows Vista
>> desktop computer to pilot and test web pages.
>>
>> Any recommendations on a way to create and administer databases without
>> having to use the command line. On my website I have phpMyAdmin.
>>
>> Can that be run on a local computer?
>>
>> Rob
>> Robert J. Voyle, Psy.D.
>> Director, Clergy Leadership Institute
>> For Coaching and Training in Appreciative Inquiry
>> Author: Restoring Hope: Appreciative Strategies
>>  to Resolve Grief and Resentment
>> http://www.appreciativeway.com/
>> 503-647-2378 or 503-647-2382
>>
>>
>>
>>
>>
>>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339963
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm