[ACFUG Discuss] Idiot needs HMAC SHA 256 help, will pay. Please, take advantage of me
= ecs.amazonaws.com cfset theHTTPRequestURI = /onca/xml cfset theSecretAccessKey = YOUR-AMAZON-SECRET-ACCESS-KEY !--- each param on a new line for readability. order is immaterial here, see code source for more options --- cfset theQueryString = AWSAccessKeyId=YOUR-AMAZON-ACCESS-KEY-ID AssociateTag=YOUR-AMAZON-ASSOCIATE-ID IdType=ASIN ItemId=iPad2 MerchantID=Amazon Operation=ItemLookup ResponseGroup=Large SearchIndex=Electronics Service=AWSECommerceService SignatureMethod=HmacSHA256 SignatureVersion=2 Version=2011-08-01 !--- debug --- cfoutput a href=#GenerateSignedAmazonURL(theHTTPVerb, theHostHeader, theHTTPRequestURI, theSecretAccessKey, theQueryString)##GenerateSignedAmazonURL(theHTTPVerb, theHostHeader, theHTTPRequestURI, theSecretAccessKey, theQueryString)#/a /cfoutput END ENTIRE CF CODE: ** So, what happens when you run this? Well, you get an output like this which is correct EXCEPT for the signature: http://ecs.amazonaws.com/onca/xml?AssociateTag=YOUR-ASSOCIATE-IDAWSAccessKeyId=YOUR-AWS-ACCESS-JEYIdType=ASINItemId=iPad2MerchantID=AmazonOperation=ItemLookupResponseGroup=LargeSearchIndex=ElectronicsService=AWSECommerceServiceSignatureMethod=HmacSHA1SignatureVersion=2Timestamp=2011-11-10T16%3A32%3A40.00ZVersion=2011-08-01Signature=Cbojm2j3XyG8i%2FweIT%2Fzkt4uff4wWjcqLHwwg8EkG0I%3D HOW DO I KNOW THAT THE REQUEST IS CORRECT - - EXCEPT FOR THE SIGNATURE? Test the code at http://associates-amazon.s3.amazonaws.com/signed-requests/helper/index.html ...by entering the URL created by the CF code above - except for the time stamp and the signature at the end: http://ecs.amazonaws.com/onca/xml?AssociateTag=YOUR-ASSOCIATE-IDAWSAccessKeyId=YOUR-AWS-ACCESS-JEYIdType=ASINItemId=iPad2MerchantID=AmazonOperation=ItemLookupResponseGroup=LargeSearchIndex=ElectronicsService=AWSECommerceServiceSignatureMethod=HmacSHA1SignatureVersion=2Version=2011-08-01 remove this part == Timestamp=2011-11-10T16%3A32%3A40.00Z and remove this part == Signature=Cbojm2j3XyG8i%2FweIT%2Fzkt4uff4wWjcqLHwwg8EkG0I%3D The Amazon request helper will then generate the time stamp and signature for you, then cut and paste the final Signed URL that Amazon generates into a browser address bar and you will get the XML data back as you should. However, if you test your output WITH the signature, you will get: ?xml version=1.0? ItemLookupErrorResponse xmlns=http://ecs.amazonaws.com/doc/2011-08-01/;ErrorCodeSignatureDoesNotMatch/CodeMessageThe request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details./Message/ErrorRequestIDcdddeba5-953a-4315-8248-9bdc0101101e/RequestID/ItemLookupErrorResponse ** Encryption seems to be a major PITA in CF. But the function at the start of this code is Java and so it woudl seem that the problem is with Java and getting Java to generate the correct signature. But, I'm not a Java pro, so I don't know. This could be as easy as installing the correct Java encryption library, but I've not been successful in discovering what that is. So, if that's the problem and you know, well you just made a little cash. __ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” - Steve Jobs In economics, the majority is always wrong. - John Kenneth Galbraith Faced with the choice between changing one’s mind and proving there is no need to do so, almost everyone gets busy on the proof. - John Kenneth Galbraith _ - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
[ACFUG Discuss] Typo in that last message -
In that request fort help - there was a typo Last part of message should be as follows, HmacSHA1 being replaced with HmacSHA256: END ENTIRE CF CODE: ** So, what happens when you run this? Well, you get an output like this which is correct EXCEPT for the signature: http://ecs.amazonaws.com/onca/xml?AssociateTag=YOUR-ASSOCIATE-IDAWSAccessKeyId=YOUR-AWS-ACCESS-JEYIdType=ASINItemId=iPad2MerchantID=AmazonOperation=ItemLookupResponseGroup=LargeSearchIndex=ElectronicsService=AWSECommerceServiceSignatureMethod=HmacSHA256SignatureVersion=2Timestamp=2011-11-10T16%3A32%3A40.00ZVersion=2011-08-01Signature=Cbojm2j3XyG8i%2FweIT%2Fzkt4uff4wWjcqLHwwg8EkG0I%3D HOW DO I KNOW THAT THE REQUEST IS CORRECT - - EXCEPT FOR THE SIGNATURE? Test the code at http://associates-amazon.s3.amazonaws.com/signed-requests/helper/index.html ...by entering the URL created by the CF code above - except for the time stamp and the signature at the end: http://ecs.amazonaws.com/onca/xml?AssociateTag=YOUR-ASSOCIATE-IDAWSAccessKeyId=YOUR-AWS-ACCESS-JEYIdType=ASINItemId=iPad2MerchantID=AmazonOperation=ItemLookupResponseGroup=LargeSearchIndex=ElectronicsService=AWSECommerceServiceSignatureMethod=HmacSHA256SignatureVersion=2Version=2011-08-01 remove this part == Timestamp=2011-11-10T16%3A32%3A40.00Z and remove this part == Signature=Cbojm2j3XyG8i%2FweIT%2Fzkt4uff4wWjcqLHwwg8EkG0I%3D The Amazon request helper will then generate the time stamp and signature for you, then cut and paste the final Signed URL that Amazon generates into a browser address bar and you will get the XML data back as you should. However, if you test your output WITH the signature, you will get: ?xml version=1.0? ItemLookupErrorResponse xmlns=http://ecs.amazonaws.com/doc/2011-08-01/;ErrorCodeSignatureDoesNotMatch/CodeMessageThe request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details./Message/ErrorRequestIDcdddeba5-953a-4315-8248-9bdc0101101e/RequestID/ItemLookupErrorResponse ** Encryption seems to be a major PITA in CF. But the function at the start of this code is Java and so it woudl seem that the problem is with Java and getting Java to generate the correct signature. But, I'm not a Java pro, so I don't know. This could be as easy as installing the correct Java encryption library, but I've not been successful in discovering what that is. So, if that's the problem and you know, well you just made a little cash. __ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” - Steve Jobs In economics, the majority is always wrong. - John Kenneth Galbraith Faced with the choice between changing one’s mind and proving there is no need to do so, almost everyone gets busy on the proof. - John Kenneth Galbraith _ - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Railo/Blue Dragon Error Files
Kevin, Thank you! I took a look and that's what I had in mind. Will try it out. __ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” - Steve Jobs In economics, the majority is always wrong. - John Kenneth Galbraith Faced with the choice between changing one’s mind and proving there is no need to do so, almost everyone gets busy on the proof. - John Kenneth Galbraith _ On Sep 22, 2011, at 7:44 PM, Kevin Pepperman wrote: Kakapo runs on Railo. It does a similar HTML template of errors (like BlueDragon) and stores the error info in a database and a CFM template. It has a build in administration panel that allows you to browse the errors and all the scopes that were in the request during the error. It also can send you emails of the errors as they occur. http://kakapo.riaforge.org/ Kakapo is an enhanced ColdFusion Exception Manager, build using ColdFusion. When an error occurred anywhere, anytime, in your website, Kakapo takes a panoramic snapshot of the error and the surrounding, and provides you with error details and quot;variablequot; information you need for an easy and successful troubleshoot. On Tue, Sep 20, 2011 at 10:08 PM, Derrick Peavy derr...@derrickpeavy.com wrote: I am moving to Railo as my CF engine and I don't understand how I can replicate this kind of behavior. Anyone have an idea or done this before? -- /Kevin Pepperman Never memorize what you can look up in books. --Albert_Einstein
[ACFUG Discuss] Railo/Blue Dragon Error Files
One of the things I like - no, love - about Blue Dragon (still running a very old version), is that when an error occurs, a stand alone HTML file is generated in /work/temp/rtelogs The nice thing about that is I can check that directory at any time and find out that an error occurred when a user did something, and then address that error. I am moving to Railo as my CF engine and I don't understand how I can replicate this kind of behavior. Anyone have an idea or done this before? __ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” - Steve Jobs In economics, the majority is always wrong. - John Kenneth Galbraith _
Re: [ACFUG Discuss] Best way to handle chunk of CFIF statements
Charlie: For whatever reason, my eye missed the first link to the UDF and I clicked the cf411.com link. Going back and looking at it now. __ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” - Steve Jobs In economics, the majority is always wrong. - John Kenneth Galbraith _ On Aug 24, 2011, at 5:52 PM, Charlie Arehart wrote: You don’t really mean the code looks like that (where the #searchterm# is repeated), do you? Because that doesn’t seem to make sense. Maybe it was pseudo code and you left something out. But I will say this: I wrote a UDF (posted at cflib and since tweaked by others) that may help you: http://www.cflib.org/index.cfm?event=page.udfbyidudfid=1908 It’s not long or complicated, but it solves what was for me a problem very similar to yours, and it surprised me (as it may you) that CFML didn’t make it easier. Check it out. If nothing else, it may give you an idea to consider in a variation for your own need. All that said, I will note as well that there are other solutions out there for the common problem of handling spiders and bots. Besides the link that Ajas offered, consider also my tools of that sort at http://www.cf411.com/injectprotect. While those focus on sql injection protection (at various levels up/down the stack from CFML to hardware), some of them also offer protection for spiders. /charlie From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Derrick Peavy Sent: Wednesday, August 24, 2011 5:06 PM To: discussion@acfug.org Subject: [ACFUG Discuss] Best way to handle chunk of CFIF statements Looking for a clever solution to this problem. I have some code on a site that checks for known spiders/bots and malicious user agents. The list of known is baout 50 or so long. One solution could be: (findNoCase('#searchTerm#', cgi.http_user_agent)) OR (findNoCase('#searchTerm#', cgi.http_user_agent)) OR (findNoCase('#searchTerm#', cgi.http_user_agent)) OR ... etc and so on, 50 times. Another solution could be: cfif findNoCase('#searchTerm#', cgi.http_user_agent)do something/cfif and repeat that complete CFIF 50 times. What is a creative way to solve this without so many IF's and minimal processing? Alos, the list of user agents can be either file based or pulled from a DB. I've done it both ways and I have used both solutions above. Don't see a difference, but it just seems rather crude. __ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” - Steve Jobs In economics, the majority is always wrong. - John Kenneth Galbraith _ - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink -
Re: [ACFUG Discuss] Best way to handle chunk of CFIF statements
Well, don't stop. I prefer content over confusion (short). __ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” - Steve Jobs In economics, the majority is always wrong. - John Kenneth Galbraith _ On Aug 25, 2011, at 11:37 AM, Charlie Arehart wrote: Me and my “long” emails, I guess. ;-} /charlie From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Derrick Peavy Sent: Thursday, August 25, 2011 11:12 AM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Best way to handle chunk of CFIF statements Charlie: For whatever reason, my eye missed the first link to the UDF and I clicked the cf411.com link. Going back and looking at it now. __ Derrick Peavy On Aug 24, 2011, at 5:52 PM, Charlie Arehart wrote: You don’t really mean the code looks like that (where the #searchterm# is repeated), do you? Because that doesn’t seem to make sense. Maybe it was pseudo code and you left something out. But I will say this: I wrote a UDF (posted at cflib and since tweaked by others) that may help you: http://www.cflib.org/index.cfm?event=page.udfbyidudfid=1908 It’s not long or complicated, but it solves what was for me a problem very similar to yours, and it surprised me (as it may you) that CFML didn’t make it easier. Check it out. If nothing else, it may give you an idea to consider in a variation for your own need. All that said, I will note as well that there are other solutions out there for the common problem of handling spiders and bots. Besides the link that Ajas offered, consider also my tools of that sort at http://www.cf411.com/injectprotect. While those focus on sql injection protection (at various levels up/down the stack from CFML to hardware), some of them also offer protection for spiders. /charlie - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink -
[ACFUG Discuss] CF and OAuth/Twitter
Anyone have a good OAuth system in place for Twitter? Willing to share? __ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” - Steve Jobs In economics, the majority is always wrong. - John Kenneth Galbraith _
[ACFUG Discuss] Any CF / Railo people in Johnson City TN?
Looking for a quick couple of hours PAID consulting over coffee with someone familiar with Railo, in Johnson City TN __ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” - Steve Jobs In economics, the majority is always wrong. - John Kenneth Galbraith _
Re: [ACFUG Discuss] Important Coldfusion news
OK, that link to http://www.adrocknaphobia.com/post.cfm/the-modern-age-of-coldfusion DOES NOT work. __ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” - Steve Jobs In economics, the majority is always wrong. - John Kenneth Galbraith _ On Feb 14, 2011, at 1:01 PM, John Mason wrote: In case people don't know and many may not due to the way it was announced, there is a debate going on with the recent change in Adobe's management of coldfusion. Whether you agree with my concerns or not, it's important that everyone get a chance to voice their opinions on this. Here a the blog posts to look at... Adam's announcement http://www.adrocknaphobia.com/post.cfm/the-modern-age-of-coldfusion My reaction http://www.codfusion.com/blog/post.cfm/so-there-s-this-story-about-a-frog-in-boiling-water -there are comments that add additional problems to this move Brian Meloche's reaction http://www.brianmeloche.com/blog/index.cfm/2011/2/12/End-of-another- era John ma...@fusionlink.com - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
[ACFUG Discuss] Need solid CF Bulletin Board solution
Can anyone link me to an actual working, stable Cold Fusion bulletin board? __ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” - Steve Jobs In economics, the majority is always wrong. - John Kenneth Galbraith _
[ACFUG Discuss] ACFUG meeting on 8/4
Is there still a meeting on 8/4 and if so, what is the agenda? _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs
Re: [ACFUG Discuss] Tech nosh lunch.
Sorry, can't do that. But I have put August 4 on my calendar. I am admittedly behind on many CF related skills and need to start catching up. Not for a job, just for me. _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs On Jul 13, 2010, at 9:51 AM, Cameron Childress wrote: On Mon, Jul 12, 2010 at 8:46 PM, Derrick Peavy derr...@derrickpeavy.com wrote: When/where is the lunch. Almost impossible for me to make it Thursday. But, if I know when/where, I can try. Thursday, July 15, 2010 (12:00pm - 1:30pm) Westside Corner Tavern 1133 Huff Road Atlanta, GA You can RSVP here: http://www.facebook.com/event.php?eid=129428620428141 But you don't *have* to RSVP -Cameron ... -- Cameron Childress Sumo Consulting Inc http://www.sumoc.com --- cell: 678.637.5072 aim: cameroncf email: camer...@gmail.com - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Oauth with CF
Charlie: I think I need to take you up on an August session. Will email. _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs On Jul 13, 2010, at 9:35 AM, Charlie Arehart wrote: Or whoever’s interested can do it on the CFMeetup as well. I’m sure others would enjoy it. :-) I realize Derrick may need someone ASAP. Just to be clear, I have slots this week and next (and others in August and beyond). /charlie From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Derrick Peavy Sent: Monday, July 12, 2010 9:30 PM To: discussion@acfug.org Subject: [ACFUG Discuss] Oauth with CF Anyone willing to give a lesson in Oauth and CF? Starting from the basics. Will pay. _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink -
[ACFUG Discuss] Tech nosh lunch.
Cameron, When/where is the lunch. Almost impossible for me to make it Thursday. But, if I know when/where, I can try. _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs On Jul 9, 2010, at 7:45 PM, Cameron Childress wrote: On Fri, Jul 9, 2010 at 11:48 AM, Derrick Peavy derr...@derrickpeavy.com wrote: I know this is kind of long and winding, but I'd love some feedback. I've seen a ton of folks go through this on various mailing lists. Here's my take... PHP is not a bad language, CF is not a bad language. Performance, scale, lines of code, beautiful code - a PHP ninja can beat the crap out of a CF newbie and a CF ninja can beat the crap out of a PHP newbie. If you have a team of 5 ColdFusion developers, build in CF. If you have a team of 5 PHP developers, build in PHP. If you have a team of 5 PERL programmers, If you chose the technology before you hire the developers, hire developers who know the technology. Here's the tough love - I think you have three choices: 1) Change their mind 2) Learn PHP 3) Find another project I really don't think any of the 3 choices are bad but it sounds like #1 might already be off the table. If it's not, perhaps someone on the list can help you convince them that CF is an okay solution, but I'm not sure that's the best solution. Think about option 2 and 3, they might be an okay career move too. If you want to bounce more idea of some CF and PHP developers, I know that at least one PHP developer and at least one CF developer will be at the Tech Nosh lunch next Thursday. Come out and chat with everyone, bring the ATDC folks if you want... -Cameron -- Cameron Childress Sumo Consulting Inc http://www.sumoc.com --- cell: 678.637.5072 aim: cameroncf email: camer...@gmail.com - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
[ACFUG Discuss] Oauth with CF
Anyone willing to give a lesson in Oauth and CF? Starting from the basics. Will pay. _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs
[ACFUG Discuss] looking for PHP equiv. of query of queries (here we go)
Yep. Here we go. Example: - cfhttp to get simple xml file, main data is a list of integers. no problem - run that twice to get two separate lists from two separate sources (url's) - use cfscript to put each list into a new query (QueryNew), then run cfquery (dbtype=query) on those queries to get common integers between the two lists, then store in DB. Benefit: Fast, easy, no arrays needed, no extra memory used, no data scoping. cfhttp request data is disposable. only need it long enough to compare two strings. Key is the query of queries to compare the two strings and get the data you need. So, how do you do a query of queries in PHP, of does PHP have a functional equivalent? _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs
[ACFUG Discuss] I find myself where I have tried to avoid going. A short rant and then a question. Would love some feedback.
I know this is kind of long and winding, but I'd love some feedback. Starting a project. And, as I've discussed my coding abilities with people I meet they are continuously giving me looks of bewildering and beguiling amusement. Not talking about any Dick and Jane. I'm talking about folks from the ATDC, other entrepreneurs, coders. Whenever I say that I use CF, they act like someone just stepped out from the stone age. And, I don't care - that's their problem. I make money from my skills and can handle 500k page views a day without breaking a sweat in my applications and sleep well knowing I have no errors. But, their lack of understanding that CF even still exists baffles me. It seems that people believe that the only web language that exists now is PHP and possibly, Ruby (ergo, PHP). (Hey, Bank of America is running CF. Maybe that's not a selling point?) But on this new project, the folks say we need to do it in PHP so that it can be sold off if the project works. Ok. Fine, I get that - I really, really do and I'm actually in favor of it because I don't want a pissing contest at that future point. But I'm not coding it in PHP. No such fracking way. I'll help, offer guidance on DB design, help you translate CF code to PHP if you want. Whatever. And yet, these people keep saying, Hey, it's easier for you to learn PHP if you know CF, than for me to learn CF as a PHP developer. That makes no sense to me. On one code example (in PHP), the database connection was established on line 13 in the file$con = mysql_connect(db/id/pw) and then the connection was not closed until line 92 mysql_close($con); Within those 80 lines of code, they did 2 http calls to external web services, created two arrays, threw in 40 lines of comments and then somewhere in the bottom, finally made a SQL statement. WT-Flying-Frack Is this what people accept? Granted, this was by someone who admittedly said, they were a horrible developer - but then in the same breath asked me why this would be a problem and I kind of stood there looking like I'd been hit by a bat. I've never been shy about not being a university trained developer. But I've worked with database design since 1993, and with CF for over 12 years. So, hey, cut me some slack. I know I can't give you the lingo about why an 80 line database connection is bad in pure technical terms, but I damn well know that the faster, cleaner, shorter you make your database calls, the better off you are for so many reasons. So, here's the question(s). How do you explain to someone the basic core ideas behind CF and PHP. PHP is an Apache module. CF runs on a java servlet or on Jrun, Tomcat, etc. I'm honestly not the best to explain it. But I've seen the performance side, and it's good. And I've seen the code bloat in PHP files and it's bad. Yeah, I know anyone in any language can write bad code. But damn if PHP doesn't seem to be full of it. An ATDC person asked me if CF was an interpreted language. I said yes. And then he acted as if the argument was done because so is PHP. And so, that means what?... Therefore the two are the same and equal? Ergo, you go open source because everything thinks thats best? Bad argument. How do you explain to someone the technical idea behind something like CF? How do you explain that even in writing a PHP page that no one but you will ever use, that you don't do an 80 line open database connection call unless it's 80 lines of SQL and then, that's a whole other issue? _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs
Re: [ACFUG Discuss] I find myself where I have tried to avoid going. A short rant and then a question. Would love some feedback.
Thank you all for the responses. And to John Mason and Ajas Mohammed for clarifying some technical issues in a way that I can translate to others. Want to add a couple of things. First, I may eventually pick up some php. But not so much for this project. Second, the project is a start up that I am actually heading (1 of 2 leaders). I actually feel it DOES need to be in PHP simply because it solves an issue later on in any investment round. That might sound like a crazy thing, but it's about checking as many boxes as possible in the event if future investment. Finally, if I narrow this down, I would refine my question as follows: How do you explain to someone who writes PHP ( in this example) why their code (which I can read), is krap. They don't want to take my word since I don't do PHP. But krap is krap and you can see it if you have experience in either code base. ___ Derrick Peavy Sent from my iPhone ___ On Jul 9, 2010, at 15:56, Todd Hartle tallt...@hotmail.com wrote: I've found when it comes to programming languages it's like discussing politics or religion; you're just not going to convince anyone that doesn't already get it. Sent from my iPhone On Jul 9, 2010, at 2:16 PM, Derrick Peavy derr...@derrickpeavy.com wrote: Yea, I agree with that. If it's not my business or my project, then yeah, I agree doing it in whatever is maintainable by the greatest number of developers. No interest in trying to talk anyone in the project into CF. No way. Just wondering how you explain to someone the technical merits and how the two interpreted languages actually vary at the execution level. And then secondly, how to explain to someone who has done or does PHP, why their code (which I can read), is krap. They don't want to take my word since I don't do PHP. But krap is krap and you can smell it if you have experience in either code base. _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” - Steve Jobs On Jul 9, 2010, at 12:30 PM, Todd Hartle wrote: Language is usually immaterial so use what you know. I'm an old CF die hard myself even though I don't code much these days. In terms of PHP etc, part of the problem is that finding good CF people is getting harder and harder as other language become more popular. So based on technical merits either CF or PHP would do the job but if something is being sold off finding people to maintain the system may then indeed be a factor. From: derr...@derrickpeavy.com To: discussion@acfug.org Subject: [ACFUG Discuss] I find myself where I have tried to avoid going. A short rant and then a question. Would love some feedback. Date: Fri, 9 Jul 2010 11:48:45 -0400 I know this is kind of long and winding, but I'd love some feedback. Starting a project. And, as I've discussed my coding abilities with people I meet they are continuously giving me looks of bewildering and beguiling amusement. Not talking about any Dick and Jane. I'm talking about folks from the ATDC, other entrepreneurs, coders. Whenever I say that I use CF, they act like someone just stepped out from the stone age. And, I don't care - that's their problem. I make money from my skills and can handle 500k page views a day without breaking a sweat in my applications and sleep well knowing I have no errors. But, their lack of understanding that CF even still exists baffles me. It seems that people believe that the only web language that exists now is PHP and possibly, Ruby (ergo, PHP). (Hey, Bank of America is running CF. Maybe that's not a selling point?) But on this new project, the folks say we need to do it in PHP so that it can be sold off if the project works. Ok. Fine, I get that - I really, really do and I'm actually in favor of it because I don't want a pissing contest at that future point. But I'm not coding it in PHP. No such fracking way. I'll help, offer guidance on DB design, help you translate CF code to PHP if you want. Whatever. And yet, these people keep saying, Hey, it's easier for you to learn PHP if you know CF, than for me to learn CF as a PHP developer. That makes no sense to me. On one code example (in PHP), the database connection was established on line 13 in the file$con = mysql_connect(db/ id/pw)and then the connection was not closed until line 92 mysql_close($con); Within those 80 lines of code, they did 2 http calls to external web services, created two arrays, threw in 40 lines of comments and then somewhere in the bottom, finally made a SQL statement. WT-Flying-Frack Is this what people accept? Granted, this was by someone who admittedly said, they were a horrible developer - but then in the same breath asked me why this would be a problem and I kind of stood there looking
Re: [ACFUG Discuss] ACFUG acct
Dean: Someone somewhere has a hacked account. _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs A good deal that used to be a great deal, is not nearly as good as an awful deal that was once a horrible deal. - Dan Gilbert, http://bit.ly/8gUruX _ On May 17, 2010, at 6:49 PM, Dean H. Saxe wrote: Clearly this is the email address you signed up with. Unsubscribe following the notice at the bottom of this email... -- Dean H. Saxe A true conservationist is a person who knows that the world is not given by his fathers, but borrowed from his children. -- John James Audubon On Mon, May 17, 2010 at 3:39 PM, Music City Photo strat...@mindspring.com wrote: To whome ever Id like to get removed from thi slist, I have no idea waht email I used to set it up, but its forwardin to my main address, Ive tried many possibiliites with no luck, HELP! -Original Message- From: Todd Hartle Sent: May 17, 2010 1:10 PM To: discussion@acfug.org Subject: http://lericew.tripod.com/ The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail. Get busy. - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] validating credit card numbers with CF
Charlie, I agree with you on that. ___ Derrick Peavy Sent from my iPhone ___ On Mar 11, 2010, at 15:27, Charlie Arehart char...@carehart.org wrote: See. :-) With all due respect and admiration, Steve, that’s just the sort of attitude I’m railing against. I think it’s just dead wrong to flatly reject the tag outright, suggesting that it should N EVER be used. :-) Again, I get that for SOME people and for SOME situations, there may be reasons that it doesn’t work for you. Goodness, that’s true with just about anything, right? But before accepting that bold dismissal, I hope that some who’ve he ard only that sort of ill regard for it will take a look at the arti cle I pointed out below, where I highlighted a few ways that CFFORM and its subsidiary tags have evolved fairly significantly over the y ears. Some of them are quite valuable, such as the “submitonce” validation that was added to help prevent users from hitting submit twice on a form, or the cfinput type=”datefield” which offers a very useful popup calendar. Granted, many have the chops and motivation to craft such features by hand or may choose to use scripts (or entire libraries) they get from elsewhere, and there’s no denying that becoming versed in a new ajax library can bring still more value in features that perhaps Ad obe hasn’t yet implemented. But my whole point is that for a great majority of users, having the feature built-in without any need for coding is simply a valuable asset that shouldn’t be dismissed so readily and completely. Again, I’d recommend people take in the various perspectives but give cauti on to outright dismissals. That just isn’t due diligence. But hey, mine is indeed just one person’s opinion. I don’t expect it to carry any more weight than others. /charlie PS Here’s the PDF url again: CFFORM: Are You Sure You Want to Ignore It? http://www.carehart.org/articles/#2007_3 From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Steve Ross Sent: Thursday, March 11, 2010 1:42 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] validating credit card numbers with CF Well the problem with CFFORM is that it will burn you. I have stopped using it as a result. It is easier to know what is going to happen when there isn't some blackbox trying to do whatever you think you want for you. This is especially the case with all the built in ajax stuff. Do yourself a favor and NEVER use it unless you you are doing some one off ad hoc page that will be thrown away. However, we all know how rarely that happens and typically you will come back to it and have to rewrite when some bug hits later on down the line. Ok I'll stop ranting... back to flex. On Thu, Mar 11, 2010 at 12:01 PM, Charlie Arehart char...@carehart.org wrote: About Frank’s situation of having been burned in the past by CFFORM, it kind of makes my point. It’s this kind of situation, where someo ne gets burned and the issue is later fixed, where sadly so often th e “bad taste” is left and people “move on”. Worse, at least in your case you know the problem was fixed, but others may have see n people report the issue but never heard of MM’s solution to it, so they go on bad-mouthing the tool. snip - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink -
Re: [ACFUG Discuss] Query or Stored Proc calling
Ajas: I am not an expert on how CF actually executes, but I am pretty darn sure that the assumption you have is wrong. cfoutputgetSomething.col1 br / getSomething.col2 br / getSomething.col3 br / /cfoutput Is not re-executing the query. Once the query is run once, assuming the query is not in a loop itself, then it's done. It only runs once. If the original coder found that there was always only a single record, then there is no harm in the code you have. However, it's not great practice. If there is any chance of ever having more than one record from that query then your first code snip is best (cfoutput query=getSomething col1 br / col2 br / col3 br / / cfoutput), and in general, is a better idea. I'm sure that Charlie or someone else can chime in on how CF handles the record set in memory and how it's referenced, etc., My guess would be that it's always better to use structured code or an actual structure of some kind (list, array, structure) to reference multiple record within a query. I think the question is also similar to the old, which is better, CFLOOP or CFOUTPUT. _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs A good deal that used to be a great deal, is not nearly as good as an awful deal that was once a horrible deal. - Dan Gilbert, http://bit.ly/8gUruX _ On Feb 3, 2010, at 10:20 PM, Ajas Mohammed wrote: Hi, I came across code like this cfquery name=getSomething datasource=test select col1,col2,col3 from tbl where condition /cfquery Now, instead of using cfoutput query=getSomething col1 br / col2 br / col3 br / /cfoutput, the code uses cfoutputgetSomething.col1 br / getSomething.col2 br / getSomething.col3 br / /cfoutput The code in blue would do ONLY ONE CALL to query and display results. My take is that, the code in red is executing the query every time col1 thru col3 are referenced with query name. Is this correct? Also if getSomething was a cfprocresult name, the stored proc would be executed for every reference to stored proc name.colname right? Thanks, Ajas Mohammed / http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives.
Re: [ACFUG Discuss] Ideal memory Configuration for CF Production server?
Charlie: got all your emails - AWESOME as usual. made me ponder a couple of things. I am absolutely pooped - been working on my house all day and will be this week. Will reply in the morning after some coffee. _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs A good deal that used to be a great deal, is not nearly as good as an awful deal that was once a horrible deal. - Dan Gilbert, http://bit.ly/8gUruX _ On Jan 25, 2010, at 3:54 PM, Charlie Arehart wrote: Thanks, Ajas. As for your problem, it’s not at all uncommon--and in fact it’s a potentially severe problem that I believe has caused some to abandon CF, thinking that “it can’t scale”. What’s most tragic about this is that it’s a single check-box that can resolve it, but the default in CF is for it to NOT be checked. Once you understand what it does and how it works, if you can turn it off (by checking the checkbox), then it can make all the difference for some CF shops, and yours seems one well-suited to it. I won’t elaborate with a long note -- this time! :-) -- but I can point those interested in this to either a (lengthy) blog entry I did or the recording of a CFMeetup presentation I did that addresses the issue: http://www.carehart.org/blog/client/index.cfm/2006/10/4/bots_and_spiders_and_poor_CF_performance http://experts.na3.acrobat.com/p56344520/ I will add, as well, that this is the very sort of problem that I often help people with in my consulting (whether finding if this is the explanation for troubles, or once found helping them remediate the problem.) It’s a problem that’s not only more widespread than many may realize, but it’s also not well-documented in bringing together the several points that need to be understood. Sadly, it’s hard to communicate all that needs to be understood in just a couple of bullets, so one either should read/listen to the resources above or I can help out with a shared session of 15-30 minutes. More on that at carehart.org/consulting. (I hope folks will forgive if that seems a sales pitch. I simply know no other way to communicate the opportunity.) /charlie From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Ajas Mohammed Sent: Sunday, January 24, 2010 10:15 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Ideal memory Configuration for CF Production server? Thanks Charlie and others as well. Charlie, your long emails are always helpful. Thanks for sharing. :-) I was looking at client storage tables in the 15 databases we have and the record count is about 388466 in both CDATA and CGLOBAL. And this count is pretty much same in *Every* 15 of the databases CDATA, CGLOBAL. I am trying to find why we have so many records. If the flush is set for 1 hr 7 minutes by default, then I wonder why we have so many records. I believe we have client variables to expire if not visited in 2 days or so. Any thoughts about high number of records in CDATA CGLOBAL. Can people share their numbers i.e. record count etc Thanks, Ajas Mohammed / http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. On Fri, Jan 15, 2010 at 7:31 PM, Charlie Arehart char...@carehart.org wrote: Thanks, and to your next observation, I’ll note that I do list resources listing sites using CF in my CF411: http://www.carehart.org/cf411/#cfpowered /charlie From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Derrick Peavy Sent: Thursday, January 14, 2010 8:31 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Ideal memory Configuration for CF Production server? I for one appreciate your efforts! OT - was asked yesterday during a bus dev call what is your site built in/with that old saw. When I said cold fusion they chuckled. This from a 26 year old. No matter. He asked what other sites are built with CF. That old saw. Used to be a list but I am not sure it's kept up anymore. The one that came to mind was Bank of America, but there are other big ones. _ Derrick Peavy - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink - - To unsubscribe from this list, manage your profile @ http
Re: [ACFUG Discuss] Ideal memory Configuration for CF Production server?
Charlie: Good point about possibly treating client vars like session. I'd like to elaborate. I have 4 client vars in my app. That's all. Three are integers, and the fourth is a single char. Not sure that matters in any case. Everything else is session aside from the static application vars that most people use. In general I think it's important to create apps that are specific to the business, the client, and the users who use them. Before you write that off as a yeah, don't we all, what I want to emphasize in that, is the user part. With my main application, the traffic pattern of the user is such that they are not sticking around. I run a classifieds site and it's a very specific target. To compare, CraigsList gets about 20 pages views per user according to (cough) Alexa. Oodle gets 5-6. It's hard to compare - impossible - to these sites. But as a broad metric, having 2-3 pages per user visit is not bad. The bounce rate is low and basically, that's the nature of classifieds. That being said, if my average user is a touch and go user, and they are only looking at 2-3 pages, and their repeat frequency is going to be spread over several days possibly, then there is no value in retaining the client data. And when that client data is so sparse anyway (whole other topic), then it's even less important. On top of that, the client data that is used is non identifiable for the most part and is never required to be known by the user. So, when the session expires, it's no problem if the client data has been removed too. Again, this is less about CF or technical arguments than it is about the user pattern and the business needs. Additionally, while I do track usage internally (two systems), there is also Google Analytics which is going to track repeat users, etc., So again, the client data is of no value. If the user has been inactive for 6 hours (delete time), the client data is of no use no matter what. Now, the issue that prompted this purging on a regular basis is the issue of spiders and bots and crawlers (oh my). So, I noticed that you posted a link for that and I will be checking that out very carefully. Perhaps I can change my tactics. _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs A good deal that used to be a great deal, is not nearly as good as an awful deal that was once a horrible deal. - Dan Gilbert, http://bit.ly/8gUruX _ On Jan 25, 2010, at 4:01 PM, Charlie Arehart wrote: Derrick, I’ll offer a couple of follow-ups to your points to help others with the discussion we’re now having. First, you mention using BD, and I’ll note that the problem that I bet was hitting Ajas is not one that would happen on BD (the “global client variable updates” that I discuss in the blog and recording I point to). So your experience of the impact of client vars might be quite different from what CFers would experience. Second, you mention expiring sessions in 20-30 minutes. Whether on CF or BD (or Railo), there is no connection between sessions and client variables. The former are stored in memory and have timeouts in minutes or hours typically, while client variables are stored in either a db, the registry, or a cookie and have timeouts in days (the default being 90). But your tool that purges those records that are more than even 6 hours old suggests that you’re using client variables like session variables. Maybe you liked that they were stored in DB, rather than memory, which means they live over restarts. I will note that I indicated that session variables are stored in memory “typically”. If one runs CF (or BD or Railo) as a J2EE web app on a J2EE server and setting CF to use J2EE sessions, some J2EE servers DO let you indicate that you want sessions to be stored in other than memory. Some support DBs, some write to files, etc. Not saying all that to suggest you should change your approach, just that if one DOES want to get the goal of persisted sessions, there is another approach available to some. /charlie From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Derrick Peavy Sent: Sunday, January 24, 2010 10:40 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Ideal memory Configuration for CF Production server? Ajas: As always, I caveat my reply with I am not the usual developer. First, I only have one database for client storage for all of the CF apps on the server. Since, there are only a few on the server, and only 1 is NOT -MY- app, it's not a problem. So, that solves a large part of the problem. At least with Blue Dragon, the table structure includes a field for the app name. So, I can't see a reasonable possibility of any problems. Second, I expire sessions within 20 or 30 minutes. So, I really don't need the non
Re: [ACFUG Discuss] Ideal memory Configuration for CF Production server?
Ajas: As always, I caveat my reply with I am not the usual developer. First, I only have one database for client storage for all of the CF apps on the server. Since, there are only a few on the server, and only 1 is NOT -MY- app, it's not a problem. So, that solves a large part of the problem. At least with Blue Dragon, the table structure includes a field for the app name. So, I can't see a reasonable possibility of any problems. Second, I expire sessions within 20 or 30 minutes. So, I really don't need the non identifiable old records laying around for very long. In addition to the admin settings of expire in X days, I run a script four times a day which does a very quick, simple, clean thing - delete records from the database that are more than 6 hours old. This keeps my database used for client storage down to 40-100 MB in size depending on the day and the traffic load. _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs A good deal that used to be a great deal, is not nearly as good as an awful deal that was once a horrible deal. - Dan Gilbert, http://bit.ly/8gUruX _ On Jan 24, 2010, at 10:15 PM, Ajas Mohammed wrote: Thanks Charlie and others as well. Charlie, your long emails are always helpful. Thanks for sharing. :-) I was looking at client storage tables in the 15 databases we have and the record count is about 388466 in both CDATA and CGLOBAL. And this count is pretty much same in *Every* 15 of the databases CDATA, CGLOBAL. I am trying to find why we have so many records. If the flush is set for 1 hr 7 minutes by default, then I wonder why we have so many records. I believe we have client variables to expire if not visited in 2 days or so. Any thoughts about high number of records in CDATA CGLOBAL. Can people share their numbers i.e. record count etc Thanks, Ajas Mohammed / http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. On Fri, Jan 15, 2010 at 7:31 PM, Charlie Arehart char...@carehart.org wrote: Thanks, and to your next observation, I’ll note that I do list resources listing sites using CF in my CF411: http://www.carehart.org/cf411/#cfpowered /charlie From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Derrick Peavy Sent: Thursday, January 14, 2010 8:31 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Ideal memory Configuration for CF Production server? I for one appreciate your efforts! OT - was asked yesterday during a bus dev call what is your site built in/with that old saw. When I said cold fusion they chuckled. This from a 26 year old. No matter. He asked what other sites are built with CF. That old saw. Used to be a list but I am not sure it's kept up anymore. The one that came to mind was Bank of America, but there are other big ones. _ Derrick Peavy - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink -
Re: [ACFUG Discuss] Ideal memory Configuration for CF Production server?
Charlie: I have seen those errors before and would in the past, adjust both java Vm settings and heap size in the BD admin console, as well as MySQL settings. I did that over many months a few years back. Using the same system today. The settings I use now yielded the best results - no errors, faster execution times, no crashes, low cpu usage. However I do agree with you that there are often many other issues to solve. In fact, thinking back to our meeting back in 2004 when you helped me set up BD on my XServe and thus made me a BD fan forever, it was obvious then that there were other issues to solve and that BD/CF was not the issue. Over the past 5 years, BD 6 has proven to be very reliable and robust and I generate a fair number of page views on a daily basis. Yesterday, for example, 79,000 CF pages generated - granted 72,000 were spider/crawlers and only 7,000 were user page views. But as far as the data execution, a page load is a page load. And that does not include the 10,000 RSS feeds generated on the fly. So... When I've run into problems in the past, it's generally been either an SQL statement that I did not think through, or a server issue - mail problems, FTP break in attempt, etc., All that being said, over the pst 5 years, we've taken pains to simplify the roles of the server itself so that it is not doing 100 various things. DNS, a single mail account, a very few select number of FTP users, firewall and then web. That's it. No custom install stuff, very strict clean OS. And with that, the settings I have used for BD (CF) remain the best for my situation. 4 GB to MySQL, 2 GB to BD w/1GB heap. I say best because I sleep at night and don't have errors, excessive CPU or other crazy issues. Perhaps someone could tweak it more. But it's a proven set up. _ Derrick Peavy derr...@derrickpeavy.com “Innovation distinguishes between a leader and a follower.” -Steve Jobs A good deal that used to be a great deal, is not nearly as good as an awful deal that was once a horrible deal. - Dan Gilbert, http://bit.ly/8gUruX _ On Jan 14, 2010, at 7:18 PM, Charlie Arehart wrote: Wow, guys, I would offer significant caution about a lot of the assertions here. It’s NOT always true that increasing memory will improve performance. Not at all. Indeed, there are times when increasing the heap could cause MORE problems (and even just raising it from 512 to 768). It’s too much to get into in a mail thread, but let me just say that if you ever get the error, “outofmemory – unable to create new native threads”, that is NOT a sign that you should INCREASE the heap. Indeed, it may be an indication that you should DECREASE it (to give more space to the stack, where threads are being created and there’s not enough room left because of the higher heap size). You should only increase memory if you have evidence of needing it— whether that’s other (real) outofmemory errors in the CF runtime logs, or by viewing memory use in a tool like FusionReactor, SeeFusion, the CF8/9 Enterprise monitor, VisualVM, or the like. (And even two of those can mislead you: SeeFusion and the CF Monitor report the percent of used versus currently allocated memory. If you have not set min=max heap, then t may seem that the heap is “full” by their graphs when in fact it’s just that you’re only near the top of currently allocated memory and there’s plenty more it can/will allocate when it needs it, up to the Max. FusionReactor correctly reports all three: used, allocated, and max.) And even if you do show you’re starting to run low on memory, I would argue first that you should find the cause of the high memory use before raising it. Usually there’s an explanation. I’ve helped many do that to avoid needing to increase memory (even if they could without the native thread problem.) Similarly, Ajas has described having a slow machine. I really don’t agree with concluding that this has ANYTHING to do with memory. There are dozens of other explanations for a slow machine, and in my troubleshooting consulting I nearly always help people find that they are not EVEN code (or SQL) issues. They’re nearly always configuration issues (or surprising and unexpected traffic, or other things). Bottom line: we in the CF world need to temper our jumping on “solutions” without diagnostics and measurements. I see WAY too many blog entries and mailing list threads where people are trading JVM tweaks—when they have not yet even proven that this is where the root cause of the problem is. Not meaning to embarrass anyone here. That’s why I’m not replying specifically to anyone. It really is a bigger concern as it’s so prevalent. Nor am I saying this all to drive people to use my troubleshooting consulting. I’m just saying that we need to avail ourselves of the various logs
Re: [ACFUG Discuss] Ideal memory Configuration for CF Production server?
I for one appreciate your efforts! OT - was asked yesterday during a bus dev call what is your site built in/with that old saw. When I said cold fusion they chuckled. This from a 26 year old. No matter. He asked what other sites are built with CF. That old saw. Used to be a list but I am not sure it's kept up anymore. The one that came to mind was Bank of America, but there are other big ones. _ Derrick Peavy derr...@derrickpeavy.com “Innovation distinguishes between a leader and a follower.” -Steve Jobs A good deal that used to be a great deal, is not nearly as good as an awful deal that was once a horrible deal. - Dan Gilbert, http://bit.ly/8gUruX _ On Jan 14, 2010, at 8:19 PM, Charlie Arehart wrote: To be clear, I wasn’t referring at all to anything about you or setup Derrick. :-) Still, as you’re saying, yes there are also those kinds of issues that can cause problems as well. Good that you’ve isolated a lot of them. That said, as for your moving to BD, I will argue that when some have asserted that only another CFML engine was capable of handling their load, I always wonder if their problem with CF was really what it appeared to be on the surface. In fact, someone could install a new engine on the same machine talking to the same DB with the same load as CF did, and argue that it was better, and I would be willing to bet that a new install of CF could also have had the same improvement. Again, too much to get into in this thread, but I can attest to the situations. So I’m not knocking the other engines. I’m just saying that sometimes the moves to them (or off of CFML to some other platform) could have maybe been avoided by just getting to the root cause of the problems. There are nearly always discernable explanations, if one knows where to look and how to connect the dots. And to be clear, there are indeed many here who can and do just that, so I’m not saying I’m a superhero. I’m just saying that in addition to 12 years with CF and 25 in IT, I’ve also focused the past 3 solely on CF server troubleshooting, and I’ve learned an awful lot. I’ve had the benefit of learning from many here on this list. More than that, I’ve been able to make it my day’s work each day to focus on this stuff, so it’s a unique blessing. I realize why most can’t do this in their day. All I’m saying is that I want to help people be more effective in their trying to understand and resolve CF (or other CFML engine) problems. The problems (and solutions) are not always what they seem on the surface. :-) The good news is that there is a lot of info out there, it’s just a matter of finding the right info for the right problem—and synthesizing it. I’ll do what I can in coming years to help with that (the radio show, a planned wiki, and more). /charlie From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Derrick Peavy Sent: Thursday, January 14, 2010 7:39 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Ideal memory Configuration for CF Production server? Charlie: I have seen those errors before and would in the past, adjust both java Vm settings and heap size in the BD admin console, as well as MySQL settings. I did that over many months a few years back. Using the same system today. The settings I use now yielded the best results - no errors, faster execution times, no crashes, low cpu usage. However I do agree with you that there are often many other issues to solve. In fact, thinking back to our meeting back in 2004 when you helped me set up BD on my XServe and thus made me a BD fan forever, it was obvious then that there were other issues to solve and that BD/CF was not the issue. Over the past 5 years, BD 6 has proven to be very reliable and robust and I generate a fair number of page views on a daily basis. Yesterday, for example, 79,000 CF pages generated - granted 72,000 were spider/crawlers and only 7,000 were user page views. But as far as the data execution, a page load is a page load. And that does not include the 10,000 RSS feeds generated on the fly. So... When I've run into problems in the past, it's generally been either an SQL statement that I did not think through, or a server issue - mail problems, FTP break in attempt, etc., All that being said, over the pst 5 years, we've taken pains to simplify the roles of the server itself so that it is not doing 100 various things. DNS, a single mail account, a very few select number of FTP users, firewall and then web. That's it. No custom install stuff, very strict clean OS. And with that, the settings I have used for BD (CF) remain the best for my situation. 4 GB to MySQL, 2 GB to BD w/1GB heap. I say best because I sleep at night and don't have errors, excessive CPU or other crazy issues. Perhaps someone could tweak it more. But it's a proven set up
Re: [ACFUG Discuss] Examples of How NOT to Code in ColdFusion?
BS term never, ever, ever pays for itself in most apps. Again, there are cases where this is not true. And one example would be any shopping cart style app where the same queries (what's in my cart?) could be used in various views, in various places. So, those needs are different. The hottest thing today is LAMP. So, go take a look at some of those awesome PHP ini files. Fun, huh? You have to read the da*n thing. You have to take the time to understand the settings there. And people think it's the holy grail, the shizzle. So that's where we are. And yet I see CF people who want to take a simple app, divide it into 10 sections, all with their own app.cfm file settings, each sub section broken into it's own sub-directories with CFC's and modules and by the time you are done, you have an app used by maybe 20 users a day, with 75 directories and sub directories all in the name of proper coding or OO, or pick a topic. Care to come in behind that developer and troubleshoot that pesky session var that keeps breaking and creating problems because sales dude can't run a frickin' mouse without bringing down the network? That's fun, eh? My app 1. An application.cfm file that covers the app - yes, all of it. With code that is explained and commented. This also forces the developer to consider each and every da*n scoped variable they want to create. Do you really need it? 2. An index file in the root which is the site template. 3. A folder containing the pages/files that are used for the app. Each file is called and included in the index file when needed (only one at a time). Each screen is it's own file. And this is done without a 5000 line cfswitch/case structure. It's actually butt simple. User clicks a link, a specific page file is called and included in the index file. Done. Over. Nothing more to do. Files follow standard format: !--- start file --- !--- === START: QUERIES USED IN THIS PAGE/SCREEN/WHATEVER === --- !--- query one does ABC --- !--- query two does XYZ --- !--- set some scoped vars if it makes you feel good, but they better be in the application.cfm file and they better be used in other places for a darn good reason --- !--- === END: QUERIES USED IN THIS PAGE/SCREEN/WHATEVER === --- !--- === START: PAGE VIEW/OUTPUT === --- !--- some XHTML and content --- !--- if using a query output or any cf var, cf output, etc., isolate with space, comments and explain --- !--- see an application, client or session var?? Really? Well then, open the application.cfm file and learn what it does before you muck with it. If it's been designated worthy of being in the application.cfm file, then it's used in more than one place, it's important, and it's probably going to be explained in that file. --- !--- need a var on this page that is unique to this page, not sticky and will disappear as soon as the user leaves this screen? Well then, it doesn't need to be client, session or application now does it? --- !--- === END: PAGE VIEW/OUTPUT === --- !--- end file --- _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs _ On Jan 5, 2010, at 7:18 AM, axunderw...@ups.com axunderw...@ups.com wrote: My biggest pet peeve: CFQueries inline in a CF template. I'm not a stickler for complete object oriented or you have to do things exactly a particular way...that being said, I have two reasons why I like to see cfqueries or cfstoredproc calls in a cfc or a cfm template that can be called as a cfmodule: 1. You know where to look for the code - if you do it in a cfc, you can have all your data access calls in one place that is easy to find in various methods 2. If you're writing a query to be used on a page somewhere, chances are, you'll need that same query again somewhere else - this doesn't always stand true, but 9 times out of 10, you use the same general queries for multiple areas on a site. My second biggest pet peeve: Looping over a query just to query x number of times again. This is probably the thing that I see beginners do the most, probably because they just don't understand how to write a query to retrieve all the data at once. For instance, someone might want to see their top 100 customer's orders..a lot of times you'll see someone write a query to retrieve their customers, and then loop over that query and then query to get the orders (so basically 101 queries to the db)...in reality, all they had to do was a query from the customer table left joining the order table in one query, and then looping over the results with a group by. The last one I can think of this early: Using CF as your paging repository for large datasets...this is probably the fault
Re: [ACFUG Discuss] Examples of How NOT to Code in ColdFusion?
!--- MY FIRST PET PEEVE --- !--- people need to learn to comment their code --- !--- for example, when I have to throw in a hack, i like to remind myself to remove it --- !--- so I type: hey dumba** - remove this comment and code block as soon as you can figure out how someone is loading this page, four screens deep in an app without any client or session vars enabled in the client when it should be impossible and the page will not even load when tested by 20 different browsers in 7 countries --- !--- I have an important file in my app that is probably 50% comments. seriously. because it's an awesome file and elegantly simplistic and responsible for 50% of the data on the site, so it's nice to be able to go back when tweaking and know why something is done the way it's done. So, maybe 350 lines of code mixed with xhtml and another 350 of comments. overkill? yeah. But if I die, you won't have to guess! --- !--- just to check myself after your post, I looked over my app.cfm file, I have a total of four (4) client vars, two of those can be int(11), one can only be a single digit, and one can only be either Y or N --- !--- there are some application variables for things that never change and so they can persist across any client or time up to the max allotted time for app variables to expire --- !--- everything else is session with a reasonable time out setting --- !--- not unusual to have 100k page loads total considering all bots and spiders and users, and 7 or 8K user page loads in a 24 hour period with no cpu spike or lag time unless a background data process is scheduled --- !--- MY SECOND PET PEEVE --- !--- writing every gosh damned query as a fricking cfc --- !--- the beauty of CF is that you can actually just write a da*n query and just run it --- !--- which brings me to... --- !--- MY THIRD PET PEEVE --- !--- people who can't accept a database structure that gets the job done without 100 x-ref matching tables which require 42 queries to get a user name and email --- !--- stop it. just stop it already and learn how to make data simple and accept that you are not Aamazon and you will never, ever, ever, likely scale your app beyond a few hundred concurrent users accessing the minimal amount of data --- _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs _ On Jan 4, 2010, at 7:12 PM, Cameron Childress wrote: On Mon, Jan 4, 2010 at 5:18 PM, Derrick Peavy derr...@derrickpeavy.com wrote: So, five session vars, numeric in value, less than four digits (or single char values), along with multiple client vars of less than 4 digit numeric values or single chars - you're saying that's a huge eff'n no?? I ask because at even 10,000 page views a day, I see no performance hit at all. But then, maybe if I change it according to some rule, I would see average CPU loads of 0.004 instead of 0.04?? Well, considering the relatively low load, and low number of variables, I don't know that it would have a significant impact in your case. Like I said, there are always exceptions. Nine times out of ten, however, when I see both client vars and session vars both enabled in an application, it's for no good reason at all. What's on your list of no-no's? -Cameron -- Cameron Childress Sumo Consulting Inc http://www.sumoc.com --- cell: 678.637.5072 aim: cameroncf email: camer...@gmail.com - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
[ACFUG Discuss] Re: [ACFUG Discuss] RE: [ACFUG Discuss] Re: [ACFUG Dis cuss] Re: [ACFUG Discuss] Re: [ACFUG Discuss] WT Heck is this character? �
What I have to do is remove this from an incoming feed. The char is in the data feed, it's not created on a mac, in fact it comes from Amazon. So, I have to find a way to get it out of the incoming data feed. Have tried doing s/r before with no luck. But will try again. _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs _ On Dec 10, 2009, at 9:17 AM, Troy Jones wrote: I see this character sneak into code when I open something in Eclipse that was originally edited using some other editor or the file was originally created on a Mac. image001.jpg ___ Troy Jones | Director of Technical Services | Dynapp Inc | 1-800-830-5192 ext. 603 | dynapp.com | facebook.com/dynapp From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Jason Vanhoy Sent: Thursday, December 10, 2009 7:52 AM To: discussion@acfug.org Subject: [ACFUG Discuss] Re: [ACFUG Discuss] Re: [ACFUG Discuss] Re: [ACFUG Discuss] WT Heck is this character? � It's this: http://www.fileformat.info/info/unicode/char/fffd/index.htm Hex value is FFFD On Wed, Dec 9, 2009 at 10:25 PM, Derrick Peavy derr...@derrickpeavy.com wrote: Yes and yes. But let me refine the question - WHAT IS THE CHARACTER??? I cannot find a way to trap it and I don't know the ASCII or other chr() _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” - Steve Jobs _ On Dec 9, 2009, at 10:20 PM, Dean H. Saxe wrote: trap? Do you mean prevent it from getting in your app? Use a whitelist. -dhs -- Dean H. Saxe A true conservationist is a person who knows that the world is not given by his fathers, but borrowed from his children. -- John James Audubon On Dec 9, 2009, at 7:09 PM, Derrick Peavy wrote: Can you see this character? It's a diamond with a question mark � How in the hell does one trap that? _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” - Steve Jobs _ - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink -
[ACFUG Discuss] WT Heck is this character? �
Can you see this character? It's a diamond with a question mark � How in the hell does one trap that? _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs _
[ACFUG Discuss] Re: [ACFUG Discuss] Re: [ACFUG Discuss] WT Heck is thi s character? �
Yes and yes. But let me refine the question - WHAT IS THE CHARACTER??? I cannot find a way to trap it and I don't know the ASCII or other chr() _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs _ On Dec 9, 2009, at 10:20 PM, Dean H. Saxe wrote: trap? Do you mean prevent it from getting in your app? Use a whitelist. -dhs -- Dean H. Saxe A true conservationist is a person who knows that the world is not given by his fathers, but borrowed from his children. -- John James Audubon On Dec 9, 2009, at 7:09 PM, Derrick Peavy wrote: Can you see this character? It's a diamond with a question mark � How in the hell does one trap that? _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” - Steve Jobs _
[ACFUG Discuss] javacast to convert string to int?
Trying to get a numerical value for a string, store into an int(10) signed MySQL 4.1.13 MyISAM table. cfset myInt = JavaCast(int, cnn.com) Simply returns cnn.com Obviously, this is out of my range. And obviously, this is not this simple. Can anyone point me in the right direction? _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs _ On Nov 25, 2009, at 12:53 PM, Teddy R. Payne wrote: Derrick, What I found related has to do deal with storage sizes. In this manual note: http://dev.mysql.com/doc/refman/4.1/en/storage-requirements.html I am not sure your storage configuration, but it has a caveat with NDB and number storage. BigInt works because it is twice the size of integers by default. Integer being 4 byte storage versus 8 byte storage of bigint. Does this apply? Data truncation is when storage sizes are mismatched, which is an obvious statement. The data engine is telling you data size is greater than storage availability in the column. Beyond that, I would have to defer to the rest of the community. Teddy R. Payne, ACCFD Google Talk - teddyrpa...@gmail.com On Wed, Nov 25, 2009 at 12:04 PM, Derrick Peavy derr...@derrickpeavy.com wrote: Teddy: Banging my head here. Can't get CAST to work in any form, even with the database itself (using phpmyadmin). Here is the actual data and info. QUERY 1 (does not have to be two queries, but this allows me to show you the exact values I am trying to insert) SELECT crc32('') AS referer_checksum, crc32('ccstageread') AS domain_checksum, crc32('127.0.0.1') AS resource_checksum Those values are then supplied to the next query... QUERY 2 INSERT INTO my_table (dt, readableDT, referer, referer_checksum, domain_checksum, referer_is_local, resource, resource_checksum, resource_title, search_terms, img_search_found) VALUES (UNIX_TIMESTAMP(), {ts '2009-11-25 11:51:12'}, '', 0, 2846130217, -1, '127.0.0.1', 3619153832, 'CollegeClassifieds.com - Allegheny College', '', 0) The fields referer_checksum, domain_checksum, and resource_checksum are MySQL 4.1.13 data type int(10) The length of the crc32 value is 10 as seen in the second query above. If I change the field type to BIGINT and leave it as length 10, it works just fine. No error. But as an INT(10) I get the following error, which is caused by the second crc32 value of 2846130217 (the domain_checksum), not the first crc32 value, which in this case is 0. But if that first value is not 0, then the error is on that value, ergo each/any first crc32 value. The problem with changing the data type to BIGINT is, apparently, the PHP stuff that is reading this data and generating reports doesn't seem to work correctly if the data type is changed. Type Database Query Error Data truncation: Out of range value adjusted for column 'domain_checksum' at row 1 Native Error Code 0 SQL State 01004 SQL INSERT INTO my_table (dt, readableDT, referer, referer_checksum, domain_checksum, referer_is_local, resource, resource_checksum, resource_title, search_terms, img_search_found) VALUES (UNIX_TIMESTAMP(), {ts '2009-11-25 11:51:12'}, '', 0, 2846130217, -1, '127.0.0.1', 3619153832, 'CollegeClassifieds.com - Allegheny College College', '', 0) _ Derrick Peavy derr...@derrickpeavy.com “Innovation distinguishes between a leader and a follower.” -Steve Jobs _ On Nov 25, 2009, at 9:19 AM, Teddy R. Payne wrote: Derrick, Data truncation usually brings to mind java data conversion. Have you tried casting the results of the crc32 function?: CAST(crc32('127.0.0.1') AS int) Alternatively, what version of ColdFusion are you using? I have looked at the MySQL driver in CF8 recently. In the past, I had good success using JConnector to replace the JDBC MySQL default driver that came with CF. Here is the 4.1 manual referene to JConnector: http://dev.mysql.com/doc/refman/4.1/en/connector-j.html And here is the JDBC driver configurations instructions: http://kb2.adobe.com/cps/025/6ef0253.html If you are already using JConnector, ignore the recommendation. =) Teddy R. Payne, ACCFD Google Talk - teddyrpa...@gmail.com On Tue, Nov 24, 2009 at 5:15 PM, Derrick Peavy derr...@derrickpeavy.com wrote: Trying to remove a PHP script from a cold fusion site by replacing it with a simple CF query. Current PHP file puts a crc32 value into an int(10) field in MySQL 4.1.13 Trying to do this with CF, nothing fancy. Basic SQL statement. Example: INSERT INTO exampleTable (domain_checksum) VALUES (crc32('127.0.0.1')) I then get this error: Data truncation: Out of range value adjusted for column 'domain_checksum' at row 1 But the data looks correct. For example, the value for 127.0.0.1 is generated
Re: [ACFUG Discuss] javacast to convert string to int?
John, Teddy, I can store it as a string. I would prefer. I think it's silly! The problem is in replacing a PHP script that does this so that the data is the same in the DB. The PHP app is taking a referer (for example) such as CNN and storing that as int(10) using crc32(). Then, the PHP app uses the int as a way to do fast search/compare. Since the app is not going to be replaced, merely the recording of the data, I am trying to replicate the recording of the data. So, I've tried using crc32() as Teddy knows from last week but that only works if I change the DB field to bigint, which again, I have no problem with, but apparently, that still harms the f'n PHP app. At this point, I've decided to not spend any more time on this and just replicate the reporting features in CF. Faster, easier, better. Done. _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs _ On Dec 1, 2009, at 12:12 PM, John Mason wrote: Why can't you simply store this as a string? John ma...@fusionlink.com Derrick Peavy wrote: Trying to get a numerical value for a string, store into an int(10) signed MySQL 4.1.13 MyISAM table. cfset myInt = JavaCast(int, cnn.com) Simply returns cnn.com Obviously, this is out of my range. And obviously, this is not this simple. Can anyone point me in the right direction? _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs _ On Nov 25, 2009, at 12:53 PM, Teddy R. Payne wrote: Derrick, What I found related has to do deal with storage sizes. In this manual note: http://dev.mysql.com/doc/refman/4.1/en/storage-requirements.html I am not sure your storage configuration, but it has a caveat with NDB and number storage. BigInt works because it is twice the size of integers by default. Integer being 4 byte storage versus 8 byte storage of bigint. Does this apply? Data truncation is when storage sizes are mismatched, which is an obvious statement. The data engine is telling you data size is greater than storage availability in the column. Beyond that, I would have to defer to the rest of the community. Teddy R. Payne, ACCFD Google Talk - teddyrpa...@gmail.com On Wed, Nov 25, 2009 at 12:04 PM, Derrick Peavy derr...@derrickpeavy.com wrote: Teddy: Banging my head here. Can't get CAST to work in any form, even with the database itself (using phpmyadmin). Here is the actual data and info. QUERY 1 (does not have to be two queries, but this allows me to show you the exact values I am trying to insert) SELECT crc32('') AS referer_checksum, crc32('ccstageread') AS domain_checksum, crc32('127.0.0.1') AS resource_checksum Those values are then supplied to the next query... QUERY 2 INSERT INTO my_table (dt, readableDT, referer, referer_checksum, domain_checksum, referer_is_local, resource, resource_checksum, resource_title, search_terms, img_search_found) VALUES (UNIX_TIMESTAMP(), {ts '2009-11-25 11:51:12'}, '', 0, 2846130217, -1, '127.0.0.1', 3619153832, 'CollegeClassifieds.com - Allegheny College', '', 0) The fields referer_checksum, domain_checksum, and resource_checksum are MySQL 4.1.13 data type int(10) The length of the crc32 value is 10 as seen in the second query above. If I change the field type to BIGINT and leave it as length 10, it works just fine. No error. But as an INT(10) I get the following error, which is caused by the second crc32 value of 2846130217 (the domain_checksum), not the first crc32 value, which in this case is 0. But if that first value is not 0, then the error is on that value, ergo each/any first crc32 value. The problem with changing the data type to BIGINT is, apparently, the PHP stuff that is reading this data and generating reports doesn't seem to work correctly if the data type is changed. Type Database Query Error Data truncation: Out of range value adjusted for column 'domain_checksum' at row 1 Native Error Code0 SQL State01004 SQLINSERT INTO my_table (dt, readableDT, referer, referer_checksum, domain_checksum, referer_is_local, resource, resource_checksum, resource_title, search_terms, img_search_found) VALUES (UNIX_TIMESTAMP(), {ts '2009-11-25 11:51:12'}, '', 0, 2846130217, -1, '127.0.0.1', 3619153832, 'CollegeClassifieds.com - Allegheny College College', '', 0) _ Derrick Peavy derr...@derrickpeavy.com “Innovation distinguishes between a leader and a follower.” -Steve Jobs _ On Nov 25, 2009, at 9:19 AM, Teddy R. Payne wrote: Derrick, Data truncation usually brings to mind java data conversion. Have you tried casting the results of the crc32 function?: CAST(crc32('127.0.0.1') AS int) Alternatively, what version of ColdFusion
Re: [ACFUG Discuss] problem inserting crc32 values
Ahhh. That's why I will always be on this list. I just needed to see that. I will try and let you know. Thank you, Mr. Payne Teddy R. of USA. Most wonderful blessings. Sincerely, the King of Nigerian. _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs _ On Nov 25, 2009, at 9:19 AM, Teddy R. Payne wrote: Derrick, Data truncation usually brings to mind java data conversion. Have you tried casting the results of the crc32 function?: CAST(crc32('127.0.0.1') AS int) Alternatively, what version of ColdFusion are you using? I have looked at the MySQL driver in CF8 recently. In the past, I had good success using JConnector to replace the JDBC MySQL default driver that came with CF. Here is the 4.1 manual referene to JConnector: http://dev.mysql.com/doc/refman/4.1/en/connector-j.html And here is the JDBC driver configurations instructions: http://kb2.adobe.com/cps/025/6ef0253.html If you are already using JConnector, ignore the recommendation. =) Teddy R. Payne, ACCFD Google Talk - teddyrpa...@gmail.com On Tue, Nov 24, 2009 at 5:15 PM, Derrick Peavy derr...@derrickpeavy.com wrote: Trying to remove a PHP script from a cold fusion site by replacing it with a simple CF query. Current PHP file puts a crc32 value into an int(10) field in MySQL 4.1.13 Trying to do this with CF, nothing fancy. Basic SQL statement. Example: INSERT INTO exampleTable (domain_checksum) VALUES (crc32('127.0.0.1')) I then get this error: Data truncation: Out of range value adjusted for column 'domain_checksum' at row 1 But the data looks correct. For example, the value for 127.0.0.1 is generated as 3619153832 If I try to insert the values directly into MySQL, no problem. But using a standard CFQUERY produces an error. _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs _
Re: [ACFUG Discuss] problem inserting crc32 values
Teddy: Banging my head here. Can't get CAST to work in any form, even with the database itself (using phpmyadmin). Here is the actual data and info. QUERY 1 (does not have to be two queries, but this allows me to show you the exact values I am trying to insert) SELECT crc32('') AS referer_checksum, crc32('ccstageread') AS domain_checksum, crc32('127.0.0.1') AS resource_checksum Those values are then supplied to the next query... QUERY 2 INSERT INTO my_table (dt, readableDT, referer, referer_checksum, domain_checksum, referer_is_local, resource, resource_checksum, resource_title, search_terms, img_search_found) VALUES (UNIX_TIMESTAMP(), {ts '2009-11-25 11:51:12'}, '', 0, 2846130217, -1, '127.0.0.1', 3619153832, 'CollegeClassifieds.com - Allegheny College', '', 0) The fields referer_checksum, domain_checksum, and resource_checksum are MySQL 4.1.13 data type int(10) The length of the crc32 value is 10 as seen in the second query above. If I change the field type to BIGINT and leave it as length 10, it works just fine. No error. But as an INT(10) I get the following error, which is caused by the second crc32 value of 2846130217 (the domain_checksum), not the first crc32 value, which in this case is 0. But if that first value is not 0, then the error is on that value, ergo each/any first crc32 value. The problem with changing the data type to BIGINT is, apparently, the PHP stuff that is reading this data and generating reports doesn't seem to work correctly if the data type is changed. TypeDatabase Query Error Data truncation: Out of range value adjusted for column 'domain_checksum' at row 1 Native Error Code 0 SQL State 01004 SQL INSERT INTO my_table (dt, readableDT, referer, referer_checksum, domain_checksum, referer_is_local, resource, resource_checksum, resource_title, search_terms, img_search_found) VALUES (UNIX_TIMESTAMP(), {ts '2009-11-25 11:51:12'}, '', 0, 2846130217, -1, '127.0.0.1', 3619153832, 'CollegeClassifieds.com - Allegheny College College', '', 0) _ Derrick Peavy derr...@derrickpeavy.com “Innovation distinguishes between a leader and a follower.” -Steve Jobs _ On Nov 25, 2009, at 9:19 AM, Teddy R. Payne wrote: Derrick, Data truncation usually brings to mind java data conversion. Have you tried casting the results of the crc32 function?: CAST(crc32('127.0.0.1') AS int) Alternatively, what version of ColdFusion are you using? I have looked at the MySQL driver in CF8 recently. In the past, I had good success using JConnector to replace the JDBC MySQL default driver that came with CF. Here is the 4.1 manual referene to JConnector: http://dev.mysql.com/doc/refman/4.1/en/connector-j.html And here is the JDBC driver configurations instructions: http://kb2.adobe.com/cps/025/6ef0253.html If you are already using JConnector, ignore the recommendation. =) Teddy R. Payne, ACCFD Google Talk - teddyrpa...@gmail.com On Tue, Nov 24, 2009 at 5:15 PM, Derrick Peavy derr...@derrickpeavy.com wrote: Trying to remove a PHP script from a cold fusion site by replacing it with a simple CF query. Current PHP file puts a crc32 value into an int(10) field in MySQL 4.1.13 Trying to do this with CF, nothing fancy. Basic SQL statement. Example: INSERT INTO exampleTable (domain_checksum) VALUES (crc32('127.0.0.1')) I then get this error: Data truncation: Out of range value adjusted for column 'domain_checksum' at row 1 But the data looks correct. For example, the value for 127.0.0.1 is generated as 3619153832 If I try to insert the values directly into MySQL, no problem. But using a standard CFQUERY produces an error. _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs _
Re: [ACFUG Discuss] problem inserting crc32 values
Teddy: Thanks for helping with this! I really appreciate the help. The storage type is MyISAM. What's confounding me is that the PHP files are inserting this data and doing it using the crc32 function, as int(10). Looks like I may have to dig deeper into the php files or find a php person. Honestly, this is a bit over my head. _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs _ On Nov 25, 2009, at 12:53 PM, Teddy R. Payne wrote: Derrick, What I found related has to do deal with storage sizes. In this manual note: http://dev.mysql.com/doc/refman/4.1/en/storage-requirements.html I am not sure your storage configuration, but it has a caveat with NDB and number storage. BigInt works because it is twice the size of integers by default. Integer being 4 byte storage versus 8 byte storage of bigint. Does this apply? Data truncation is when storage sizes are mismatched, which is an obvious statement. The data engine is telling you data size is greater than storage availability in the column. Beyond that, I would have to defer to the rest of the community. Teddy R. Payne, ACCFD Google Talk - teddyrpa...@gmail.com On Wed, Nov 25, 2009 at 12:04 PM, Derrick Peavy derr...@derrickpeavy.com wrote: Teddy: Banging my head here. Can't get CAST to work in any form, even with the database itself (using phpmyadmin). Here is the actual data and info. QUERY 1 (does not have to be two queries, but this allows me to show you the exact values I am trying to insert) SELECT crc32('') AS referer_checksum, crc32('ccstageread') AS domain_checksum, crc32('127.0.0.1') AS resource_checksum Those values are then supplied to the next query... QUERY 2 INSERT INTO my_table (dt, readableDT, referer, referer_checksum, domain_checksum, referer_is_local, resource, resource_checksum, resource_title, search_terms, img_search_found) VALUES (UNIX_TIMESTAMP(), {ts '2009-11-25 11:51:12'}, '', 0, 2846130217, -1, '127.0.0.1', 3619153832, 'CollegeClassifieds.com - Allegheny College', '', 0) The fields referer_checksum, domain_checksum, and resource_checksum are MySQL 4.1.13 data type int(10) The length of the crc32 value is 10 as seen in the second query above. If I change the field type to BIGINT and leave it as length 10, it works just fine. No error. But as an INT(10) I get the following error, which is caused by the second crc32 value of 2846130217 (the domain_checksum), not the first crc32 value, which in this case is 0. But if that first value is not 0, then the error is on that value, ergo each/any first crc32 value. The problem with changing the data type to BIGINT is, apparently, the PHP stuff that is reading this data and generating reports doesn't seem to work correctly if the data type is changed. Type Database Query Error Data truncation: Out of range value adjusted for column 'domain_checksum' at row 1 Native Error Code 0 SQL State 01004 SQL INSERT INTO my_table (dt, readableDT, referer, referer_checksum, domain_checksum, referer_is_local, resource, resource_checksum, resource_title, search_terms, img_search_found) VALUES (UNIX_TIMESTAMP(), {ts '2009-11-25 11:51:12'}, '', 0, 2846130217, -1, '127.0.0.1', 3619153832, 'CollegeClassifieds.com - Allegheny College College', '', 0) _ Derrick Peavy derr...@derrickpeavy.com “Innovation distinguishes between a leader and a follower.” -Steve Jobs _ On Nov 25, 2009, at 9:19 AM, Teddy R. Payne wrote: Derrick, Data truncation usually brings to mind java data conversion. Have you tried casting the results of the crc32 function?: CAST(crc32('127.0.0.1') AS int) Alternatively, what version of ColdFusion are you using? I have looked at the MySQL driver in CF8 recently. In the past, I had good success using JConnector to replace the JDBC MySQL default driver that came with CF. Here is the 4.1 manual referene to JConnector: http://dev.mysql.com/doc/refman/4.1/en/connector-j.html And here is the JDBC driver configurations instructions: http://kb2.adobe.com/cps/025/6ef0253.html If you are already using JConnector, ignore the recommendation. =) Teddy R. Payne, ACCFD Google Talk - teddyrpa...@gmail.com On Tue, Nov 24, 2009 at 5:15 PM, Derrick Peavy derr...@derrickpeavy.com wrote: Trying to remove a PHP script from a cold fusion site by replacing it with a simple CF query. Current PHP file puts a crc32 value into an int(10) field in MySQL 4.1.13 Trying to do this with CF, nothing fancy. Basic SQL statement. Example: INSERT INTO exampleTable (domain_checksum) VALUES (crc32('127.0.0.1')) I then get this error: Data truncation: Out of range value adjusted for column 'domain_checksum' at row 1 But the data looks correct. For example
[ACFUG Discuss] problem inserting crc32 values
Trying to remove a PHP script from a cold fusion site by replacing it with a simple CF query. Current PHP file puts a crc32 value into an int(10) field in MySQL 4.1.13 Trying to do this with CF, nothing fancy. Basic SQL statement. Example: INSERT INTO exampleTable (domain_checksum) VALUES (crc32('127.0.0.1')) I then get this error: Data truncation: Out of range value adjusted for column 'domain_checksum' at row 1 But the data looks correct. For example, the value for 127.0.0.1 is generated as 3619153832 If I try to insert the values directly into MySQL, no problem. But using a standard CFQUERY produces an error. _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs _
Re: [ACFUG Discuss] SQL Injection
That being said I still block Afrinic and will continue to do so. Too many past issues with Nigeria. It may be whackamole, but it's effective enough that i no longer have to deal with brute force attacks nearly as often. I consider it low hanging fruit to knock off some of the subnets that are known to be nasty. Takes 10 minutes and then RONCO - Set it and Forget it! _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs _ On Nov 23, 2009, at 11:01 AM, shawn gorrell wrote: I was just getting ready to say that... When I first started administering servers I used to get really freaked out by all of the attack traffic and spent a bunch of time blocking IP's at the router. Over time I realized that it was just playing whack-a-mole and was mainly a waste of my time. If you knock them down on one subnet, another will popup, and your overall attack traffic will be undiminished. All you've done is waste your own time and mental energy. A better approach is to make sure your network, server and applications are as tight as they can be (and validate that regularly), and quit worrying about botnets and script kiddies. From: Dean H. Saxe d...@fullfrontalnerdity.com To: discussion@acfug.org Sent: Mon, November 23, 2009 10:55:25 AM Subject: Re: [ACFUG Discuss] SQL Injection You miss the point. Attackers don't just originate from their home countries, they bounce through proxies around the world, including where your intended audience sits. -dhs -- Dean H. Saxe A true conservationist is a person who knows that the world is not given by his fathers, but borrowed from his children. -- John James Audubon On Nov 23, 2009, at 7:49 AM, Troy Jones wrote: I think that would depend on the intended scope and audience of your site or server's sites. For example, does someone in Beijing need to browse for a product that isn't available over the web or sold in any store outside the contiguous U.S.? Or would someone in Ulan Bator need to set up a pick-up laundry service in St. Louis? Of course there would be exceptions but I think it would be worth the small number of legitmate denials to do this. image001.jpg ___ Troy Jones | Developer/Support Technician | Dynapp Inc | 1-800-830-5192 ext. 603 | dynapp.com | facebook.com/dynapp From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dean H. Saxe Sent: Friday, November 20, 2009 10:08 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] SQL Injection Yeah sure, you CAN, but its not the solution to the problem. On a recent incident response we had attacks originating from asia, south america and europe. Do you plan on blocking them all? -dhs -- Dean H. Saxe A true conservationist is a person who knows that the world is not given by his fathers, but borrowed from his children. -- John James Audubon On Nov 20, 2009, at 9:16 AM, Wes Byrd wrote: You can block subnets. On a couple of domestic sites, I have even blocked all requests from ALL OF ASIA (or close). While I know this is a drastic measure… all SQL Injection attack (and other hack attacks) attempts reduced by 98% with that done. Here is a link that describes how to do this and why: http://www.parkansky.com/china.htm From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dean H. Saxe Sent: Friday, November 20, 2009 11:59 AM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] SQL Injection Blocking IPs is useless, attackers will just use another proxy to change the apparently location of the originating attack. You can't stop the attempts, you must instead prevent the exploitation of vulnerable code. This means writing secure code using data validation on all input, data sanitization on output (in this case, parameterized queries using cfqueryparam) and following the principle of least privilege on the database access. -dhs -- Dean H. Saxe A true conservationist is a person who knows that the world is not given by his fathers, but borrowed from his children. -- John James Audubon On Nov 20, 2009, at 3:47 AM, Rudi Shumpert wrote: Hey folks, I saw John's tweet earlier this week about a new wave of SQL Injection ( and link to a great article on it http://www.codfusion.com/blog/post.cfm/portcullis-cfc-filter-to-protect-against-sql-injection-and-xss) , and sure enough I'm seeing a huge upswing in attempts. Over 100 failed attempts last night alone. We have taken the steps to prevent damage / harm, but I was wondering what folks are doing after they stop the attempt. What kind of message if any do you provide ? Are people checking the logs, and blocking IP's of the worst offenders? Or something else? -Rudi
Re: [ACFUG Discuss] SQL Injection
Dear Mr. Dean Saxe of USA, LMFAO! Kindly and with God, _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs _ On Nov 23, 2009, at 1:59 PM, Dean H. Saxe wrote: You mean like the one who rented my house when it was for sale? At least 2 people lost $1k in that scam. And one of them showed up at my door ready to take possession of the house the day before I moved out! -- Dean H. Saxe A true conservationist is a person who knows that the world is not given by his fathers, but borrowed from his children. -- John James Audubon On Nov 23, 2009, at 10:54 AM, shawn gorrell wrote: To each their own. The plus side of the Nigerian scammer types is they have many more lulz than APNIC or RIPE. From: Derrick Peavy derr...@derrickpeavy.com To: discussion@acfug.org Sent: Mon, November 23, 2009 1:50:40 PM Subject: Re: [ACFUG Discuss] SQL Injection That being said I still block Afrinic and will continue to do so. Too many past issues with Nigeria. It may be whackamole, but it's effective enough that i no longer have to deal with brute force attacks nearly as often. I consider it low hanging fruit to knock off some of the subnets that are known to be nasty. Takes 10 minutes and then RONCO - Set it and Forget it! _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs _ On Nov 23, 2009, at 11:01 AM, shawn gorrell wrote: I was just getting ready to say that... When I first started administering servers I used to get really freaked out by all of the attack traffic and spent a bunch of time blocking IP's at the router. Over time I realized that it was just playing whack-a-mole and was mainly a waste of my time. If you knock them down on one subnet, another will popup, and your overall attack traffic will be undiminished. All you've done is waste your own time and mental energy. A better approach is to make sure your network, server and applications are as tight as they can be (and validate that regularly), and quit worrying about botnets and script kiddies. From: Dean H. Saxe d...@fullfrontalnerdity.com To: discussion@acfug.org Sent: Mon, November 23, 2009 10:55:25 AM Subject: Re: [ACFUG Discuss] SQL Injection You miss the point. Attackers don't just originate from their home countries, they bounce through proxies around the world, including where your intended audience sits. -dhs -- Dean H. Saxe A true conservationist is a person who knows that the world is not given by his fathers, but borrowed from his children. -- John James Audubon On Nov 23, 2009, at 7:49 AM, Troy Jones wrote: I think that would depend on the intended scope and audience of your site or server's sites. For example, does someone in Beijing need to browse for a product that isn't available over the web or sold in any store outside the contiguous U.S.? Or would someone in Ulan Bator need to set up a pick-up laundry service in St. Louis? Of course there would be exceptions but I think it would be worth the small number of legitmate denials to do this. image001.jpg ___ Troy Jones | Developer/Support Technician | Dynapp Inc | 1-800-830-5192 ext. 603 | dynapp.com | facebook.com/dynapp From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dean H. Saxe Sent: Friday, November 20, 2009 10:08 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] SQL Injection Yeah sure, you CAN, but its not the solution to the problem. On a recent incident response we had attacks originating from asia, south america and europe. Do you plan on blocking them all? -dhs -- Dean H. Saxe A true conservationist is a person who knows that the world is not given by his fathers, but borrowed from his children. -- John James Audubon On Nov 20, 2009, at 9:16 AM, Wes Byrd wrote: You can block subnets. On a couple of domestic sites, I have even blocked all requests from ALL OF ASIA (or close). While I know this is a drastic measure… all SQL Injection attack (and other hack attacks) attempts reduced by 98% with that done. Here is a link that describes how to do this and why: http://www.parkansky.com/china.htm From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dean H. Saxe Sent: Friday, November 20, 2009 11:59 AM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] SQL Injection Blocking IPs is useless, attackers will just use another proxy to change the apparently location of the originating attack. You can't stop the attempts, you must instead prevent the exploitation of vulnerable code. This means writing secure code using data validation on all input, data sanitization on output
Re: [ACFUG Discuss] SQL Injection
DITTO!! _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs _ On Nov 20, 2009, at 12:16 PM, Wes Byrd wrote: You can block subnets. On a couple of domestic sites, I have even blocked all requests from ALL OF ASIA (or close). While I know this is a drastic measure… all SQL Injection attack (and other hack attacks) attempts reduced by 98% with that done. Here is a link that describes how to do this and why: http://www.parkansky.com/china.htm From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dean H. Saxe Sent: Friday, November 20, 2009 11:59 AM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] SQL Injection Blocking IPs is useless, attackers will just use another proxy to change the apparently location of the originating attack. You can't stop the attempts, you must instead prevent the exploitation of vulnerable code. This means writing secure code using data validation on all input, data sanitization on output (in this case, parameterized queries using cfqueryparam) and following the principle of least privilege on the database access. -dhs -- Dean H. Saxe A true conservationist is a person who knows that the world is not given by his fathers, but borrowed from his children. -- John James Audubon On Nov 20, 2009, at 3:47 AM, Rudi Shumpert wrote: Hey folks, I saw John's tweet earlier this week about a new wave of SQL Injection ( and link to a great article on it http://www.codfusion.com/blog/post.cfm/portcullis-cfc-filter-to-protect-against-sql-injection-and-xss) , and sure enough I'm seeing a huge upswing in attempts. Over 100 failed attempts last night alone. We have taken the steps to prevent damage / harm, but I was wondering what folks are doing after they stop the attempt. What kind of message if any do you provide ? Are people checking the logs, and blocking IP's of the worst offenders? Or something else? -Rudi - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink -
Re: [ACFUG Discuss] OT: MySQL Error
Yes to what has been said. Collation needs to be same. I use utf8_general_ci and make sure that all tables and columns use that as well as the DB itself. If you don't have alter permissions, you can't do anything about this. Maybe ask the admin to make the change? _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs _ On Oct 28, 2009, at 2:14 PM, Cody Wehunt wrote: Anyone have any information on the following error: General error: Illegal mix of collations (utf8_general_ci,IMPLICIT) and (latin1_swedish_ci,COERCIBLE) for operation 'UNION' I am working on finding out from the host what version of MySQL is currently running. - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink -
Re: [ACFUG Discuss] cfexecute, shared hosting, and security
S, I'd like to find out how insecure. Can you forward the code? _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 _ On Jul 10, 2009, at 1:43 PM, shawn gorrell wrote: Clarke, Welcome to the big leagues. I know that you might want to stay away from that stuff, but if you want to be an uber-developer, you really need to know that stuff inside and out. Network and server administrators are unlikely to learn CF config at any level of depth, so you need to be the resource to help them out and protect your customers. If your host is allowing CFEXECUTE to all customers, I'd find another host. There are times when it may be the only solution to a very specific usage scenario, but a good rule of thumb is to shut it off as a policy unless someone can make the specific case not to. If someone does make the case, you are better off to sandbox that specific piece of functionality on its own, and contain it tightly. As far as sandboxing, it is better to lock it down as hard as you can. Your default position should always be to be less permissive than more permissive. If you find out that you are blocking things that you need, it's easy enough to open it up a little more until you find exactly the settings you need. If you err in the other direction and you get exploited, you're just hosed. Let me give you a for-instance about sandboxing. One of the things you can sandbox is DSN's. In a shared environment, would you want anyone on that server to be able to find out about your DSN and access your data? Or would you prefer that each sandbox has only the DSN's that it is allowed to see and access? Seems pretty common- sense to me. If you want to find out exactly how insecure your shared host is, I've got some code that I could give you. You could have some great fun finding out all sorts of interesting and uninteresting things about the server and all of the applications and databases (including all of the data in their databases) it hosts, all in a completely non-threatening way;) Cheers, S From: Clarke Bishop cbis...@resultantsys.com To: discussion@acfug.org Sent: Friday, July 10, 2009 10:45:22 AM Subject: [ACFUG Discuss] cfexecute, shared hosting, and security I realize that all developers have a role in application security (cfqueryparam, etc.). So, there definitely are things I have to pay attention to in building an application. But for server-level administration and security issues, I would personally like to stay away as much as I can! While debugging my database connection problem the other day, I discovered that the host has cfexecute enabled. It is CF Enterprise, but I don't know if sandbox security really helps this problem. Please let me know your ideas for how serious a problem this is. I wish there was an independent group that evaluated and certified hosting providers -- It's really hard to know who's good and who's not! - I found this on the web at http://jochem.vandieten.net/2008/12/09/cf-shared-hosting-security-java-cfexe cute-com-net-and-java-again/ So the hoster is left with a hard choice: disable CFEXECUTE, CFOBJECT, CreateObject(.NET), CreateObject(COM) and CreateObject(JAVA) or accept that there is no security whatsoever in the shared hosting configuration. If you disable these tags a lot of applications and frameworks won't work anymore. For instance Transfer ORM needs Java access, so any application build on top of it will not work in a secured shared hosting environment. - My application is the front end to a shopping cart (like a product configurator). The actual transaction with credit card information happens on a totally different server. The data I'm actually keeping wouldn't be very interesting for a hacker. My philosophy on security is that it's all about striking the right balance. You can lock things down so tightly that using the system becomes difficult and expensive. Or, you can be too open. I'm having a hard time figuring out the right balance. Thanks for your comments! Clarke - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink -
[ACFUG Discuss] PayPal IPN and ColdFusion
I KNOW that someone here has cracked this nut before. I have integrated PayPal into a couple of CF sites recently, but I am having problems with the IPN portion. I am using OpenSSL and PayPal's public key to send the transaction (on the fly prices, so it's not a copy paste operation of PayPal's encrypted pay now buttons. Again, no problem SENDING the transaction and having the payment go through. The problem is that I can't seem to get the IPN response to work when the transaction comes back. I've tried multiple solutions and code snippets from around the web (yes, PayPal's solution failed). So, anyone have any luck with this? Here are two code examples, both return and INVALID response when trying to validate the payment in real time. !--- read post from PayPal system and add 'cmd' --- CFSET str=cmd=_notify-validate CFLOOP collection=#FORM# item=field CFIF FORM[field] NEQ FIELDNAMES AND FORM[field] NEQ CHARSET CFSET str = str #LCase(field)#=#URLEncodedFormat(FORM[field])# /CFIF /CFLOOP !--- post back to PayPal system to validate --- CFHTTP URL=https://www.paypal.com/cgi-bin/webscr?#str#; METHOD=GET RESOLVEURL=false/CFHTTP #CFHTTP.FileContent# HTTP content is INVALID cfset StructDelete(form, fieldnames, false) cfhttp url=https://www.paypal.com/cgi-bin/webscr?; method=post resolveurl=false throwonerror=yes timeout=5 cfhttpparam name=cmd type=formfield value=_notify-validate cfloop index=thefield list=#StructKeyList(form)# cfhttpparam name=#LCase(thefield)# type=formfield value=#form[thefield]# /cfloop /cfhttp #CFHTTP.FileContent# HTTP content is INVALID _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 _ On Jun 5, 2009, at 2:01 AM, Mike Staver wrote: Let's say I'd like to write code in ColdFusion, compile it to obfuscate the source, and build an installer with something like Install Shield so it could be installed onto any web server. I've never used cfcompile before, and according to Adobe, a web server path is required: http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=deploying_5.html I know that cfcompile turns CFML to java byte code in the form of classes - but what does the utility need the web server path for? Would there be a way to make it dynamic? - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] PayPal IPN and ColdFusion
Teddy: Thank you for the link! I'd love to look at that code. However, I appear to be a complete and total idiot, as I cannot find a download link on that page and the only link for the project (http://svn.riaforge.org/PayPalCFC/) is dead. And, I'm not trying to be a smart a** either - I seriously do not see a link in my browser. Maybe that's why the project as 3,954 views and 0 downloads? _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 _ On Jun 24, 2009, at 1:52 PM, Teddy R. Payne wrote: Have you looked into? http://paypalcfc.riaforge.org/ Teddy R. Payne, ACCFD Google Talk - teddyrpa...@gmail.com On Wed, Jun 24, 2009 at 12:15 PM, Derrick Peavy derr...@derrickpeavy.com wrote: I KNOW that someone here has cracked this nut before. I have integrated PayPal into a couple of CF sites recently, but I am having problems with the IPN portion. I am using OpenSSL and PayPal's public key to send the transaction (on the fly prices, so it's not a copy paste operation of PayPal's encrypted pay now buttons. Again, no problem SENDING the transaction and having the payment go through. The problem is that I can't seem to get the IPN response to work when the transaction comes back. I've tried multiple solutions and code snippets from around the web (yes, PayPal's solution failed). So, anyone have any luck with this? Here are two code examples, both return and INVALID response when trying to validate the payment in real time. !--- read post from PayPal system and add 'cmd' --- CFSET str=cmd=_notify-validate CFLOOP collection=#FORM# item=field CFIF FORM[field] NEQ FIELDNAMES AND FORM[field] NEQ CHARSET CFSET str = str #LCase(field)#=#URLEncodedFormat(FORM[field])# /CFIF /CFLOOP !--- post back to PayPal system to validate --- CFHTTP URL=https://www.paypal.com/cgi-bin/webscr?#str#; METHOD=GET RESOLVEURL=false/CFHTTP #CFHTTP.FileContent# HTTP content is INVALID cfset StructDelete(form, fieldnames, false) cfhttp url=https://www.paypal.com/cgi-bin/webscr?; method=post resolveurl=false throwonerror=yes timeout=5 cfhttpparam name=cmd type=formfield value=_notify- validate cfloop index=thefield list=#StructKeyList(form)# cfhttpparam name=#LCase(thefield)# type=formfield value=#form[thefield]# /cfloop /cfhttp #CFHTTP.FileContent# HTTP content is INVALID _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 _ On Jun 5, 2009, at 2:01 AM, Mike Staver wrote: Let's say I'd like to write code in ColdFusion, compile it to obfuscate the source, and build an installer with something like Install Shield so it could be installed onto any web server. I've never used cfcompile before, and according to Adobe, a web server path is required: http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=deploying_5.html I know that cfcompile turns CFML to java byte code in the form of classes - but what does the utility need the web server path for? Would there be a way to make it dynamic? - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] PayPal IPN and ColdFusion
No worries man. I just seriously thought I was the a**tard there because I didn't see it. _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 _ On Jun 24, 2009, at 3:26 PM, Teddy R. Payne wrote: It would be more apt for me be called the idiot for recommending a project link with so little detail. My apologies for that. Teddy R. Payne, ACCFD Google Talk - teddyrpa...@gmail.com
Re: [ACFUG Discuss] PayPal IPN and ColdFusion
OK, that's a new link. The one I had gave the code that I sent in the original post, which DID not work (gave the INVALID) response. So, I'll have to take a look at this. I will say that if anyone is interested in setting up payments for things like shopping carts, or dynamically priced items, using an open ssl cert (pem), I can help with that. It's just this darned IPN response part that seems to be a problem. Will look into - thank you!! _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 _ On Jun 24, 2009, at 3:36 PM, Wes Byrd wrote: Yes. Unfortunately, that project was last updated in April of 07. I tried using it on a project some time back and seem to remember that it was no longer compatible with the latest updates that PayPal had made with its system. I ended up using PayPal’s provided CF API code (that is a total mess). You can find that here: https://cms.paypal.com/us/cgi-bin/?cmd=_render-contentcontent_ID=developer/library_download_sdks Are you using the above or something else? Wes From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Derrick Peavy Sent: Wednesday, June 24, 2009 3:22 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] PayPal IPN and ColdFusion Teddy: Thank you for the link! I'd love to look at that code. However, I appear to be a complete and total idiot, as I cannot find a download link on that page and the only link for the project (http://svn.riaforge.org/PayPalCFC/) is dead. And, I'm not trying to be a smart a** either - I seriously do not see a link in my browser. Maybe that's why the project as 3,954 views and 0 downloads? _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 _ On Jun 24, 2009, at 1:52 PM, Teddy R. Payne wrote: Have you looked into? http://paypalcfc.riaforge.org/ Teddy R. Payne, ACCFD Google Talk - teddyrpa...@gmail.com On Wed, Jun 24, 2009 at 12:15 PM, Derrick Peavy derr...@derrickpeavy.com wrote: I KNOW that someone here has cracked this nut before. I have integrated PayPal into a couple of CF sites recently, but I am having problems with the IPN portion. I am using OpenSSL and PayPal's public key to send the transaction (on the fly prices, so it's not a copy paste operation of PayPal's encrypted pay now buttons. Again, no problem SENDING the transaction and having the payment go through. The problem is that I can't seem to get the IPN response to work when the transaction comes back. I've tried multiple solutions and code snippets from around the web (yes, PayPal's solution failed). So, anyone have any luck with this? Here are two code examples, both return and INVALID response when trying to validate the payment in real time. !--- read post from PayPal system and add 'cmd' --- CFSET str=cmd=_notify-validate CFLOOP collection=#FORM# item=field CFIF FORM[field] NEQ FIELDNAMES AND FORM[field] NEQ CHARSET CFSET str = str #LCase(field)#=#URLEncodedFormat(FORM[field])# /CFIF /CFLOOP !--- post back to PayPal system to validate --- CFHTTP URL=https://www.paypal.com/cgi-bin/webscr? #str# METHOD=GET RESOLVEURL=false/CFHTTP #CFHTTP.FileContent# HTTP content is INVALID cfset StructDelete(form, fieldnames, false) cfhttp url=https://www.paypal.com/cgi-bin/webscr? method=post resolveurl=false throwonerror=yes timeout=5 cfhttpparam name=cmd type=formfield value=_notify-validate cfloop index=thefield list=#StructKeyList(form)# cfhttpparam name=#LCase(thefield)# type=formfield value=#form[thefield]# /cfloop /cfhttp #CFHTTP.FileContent# HTTP content is INVALID _ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 _ On Jun 5, 2009, at 2:01 AM, Mike Staver wrote: Let's say I'd like to write code in ColdFusion, compile it to obfuscate the source, and build an installer with something like Install Shield so it could be installed onto
[ACFUG Discuss] How to trap bad character - diamond with question mark.
Does anyone have a quick fix for the black diamond with a question mark? Over the years, I've tried all kinds of things and nothing seems to work. Currently, this is in some data that I am importing from another system, so I can't avoid having to deal with it. _ Derrick Peavy derr...@derrickpeavy.com _
[ACFUG Discuss] How to trap bad character - diamond with question mark.
Does anyone have a quick fix for the black diamond with a question mark? Over the years, I've tried all kinds of things and nothing seems to work. Currently, this is in some data that I am importing from another system, so I can't avoid having to deal with it. _ Derrick Peavy derr...@derrickpeavy.com _
SOLVED: Re: [ACFUG Discuss] PayPal's Website Payments Standard service and CF
Mike (who tried to help), and anyone else. Solved the problem. Changes: Use cmd=_xclick in your name value pairs for your text file, which you will encrypt (not _s-xclick). But DO use input type=hidden name=cmd value=_s-xclick in your actual form. That mismatch of information was only found by purchasing an article written on Nov 8, 2008 by Arman Danesh ($4.00) from Communitymx.com (located here: http://www.communitymx.com/abstract.cfm?cid=202EF ) I also reissued the private key and cert on my end for good measure and re-uploaded it to Pay Pal. Downloaded theirs (again), for (again), good measure. However, I do not believe the certs were the issue. I reissued them before trying the new code changes. So, I will never know. Code follows in case someone else wants to use Pay Pal and CF and dynamically encrypt variable shopping cart and price data on the fly. (Step omitted - creating a signing key and cert via openssl. Search google for that, or hit me back when the time arrives that you need to do it. ) The code is for the Pay Pal issue only and is for a *nix system with openSSL installed (or windows with openSSL): !--- create temp file (empty) --- !--- (could use a UUID() here to randomize the file name, but since it is in a directory not made public, I prefer a clean makes sense approach). --- cfset buttonfile = /websites/tempfiles/ paypal_order_#session.orderID# !--- write temp file with a return after each name value pair --- cffile action=write file=#buttonfile# output=cert_id=28HGKDTN9SP1F cmd=_xclick business=paypaladdressforrecvpayme...@mydomain.com item_name=My Product or Service item_number=#session.orderID# amount=25.00 currency_code=USD tax=0 no_shipping=1 address1=my street address which matches my private cert city=my city which matches my private cert state=my state which matches my private cert zip=my zip which matches my private cert country=US no_note=1 cancel_return=where to take the user if they cancel their payment !--- create signed, binary version of file created above --- cfexecute name=/usr/bin/openssl arguments=smime -sign -in #buttonfile# -signer /etc/certificates/my-publiccert.pem -inkey /etc/ certificates/my-privatekey.pem -outform der -nodetach -binary -out #buttonfile#.binary timeout=3000 variable=encButtonOutput / !--- generate encrypted button --- cfexecute name=/usr/bin/openssl arguments=smime -encrypt -des3 - binary -in #buttonfile#.binary -outform pem /etc/certificates/ paypal_cert_pem.txt timeout=3000 variable=encButton#encButtonOutput#/cfexecute !--- actual form --- div id=paypalform style=text-align:center; form action=https://www.paypal.com/cgi-bin/webscr; method=post input type=hidden name=cmd value=_s-xclick / input type=hidden name=encrypted value=#encButton# / input type=submit value=Pay $25.00 via PayPal / /form /div !--- encryption temp file clean up --- cffile action=delete file=#buttonfile# cffile action=delete file=#buttonfile#.binary _ Derrick Peavy derr...@derrickpeavy.com _ On Feb 18, 2009, at 12:13 PM, Mike Staver wrote: So, you're posting that info back to PayPal - and they have to be able to read it to process it, right? Do you set up something with your account so they can unencrypt it when it gets posted to their server? I am trying to integrate PayPal with a CF solution. Pay Pal account is a business account, using Website Payments Standard I am not using the PayPal encrypted buttons, but am providing my own encryption on the fly with OpenSSL and CFEXECUTE due to specific situation. I am having one he** of a day trying to make this work. Keep getting new errors and nothing seems to work. Support from PayPal is extremely frustrating. MY QUESTION IS - Has anyone on the list done this before - specifically, encrypting your payment buttons on the fly? I have created the public cert and key and uploaded that to PayPal and downloaded their cert as well. Code is below, problems are below that. Here is the process/code I am using, based upon PayPal's documents and other CF examples I could find: !--- file name --- cfset buttonfile = /var/tmp/ cc_com_paypal_order_#session.bannerOrderID# !--- create temp file --- cffile action=write file=#buttonfile# output=cert_id=DFKJDF97ADFK cmd=_s-xclick business=payPalApprovedAccountEmail item_name=Service Being Sold item_number=#orderID# amount=50.00 currency_code=USD tax=0 no_shipping=1 address1=address as stated in public cert city=city as stated in public cert state=state as stated in public cert zip=zip as stated in public cert country=US no_note=1 cancel_return=returnFile.cfm !--- create signed, binary version of file created above --- cfexecute name=/usr/bin/openssl arguments=smime -sign -in #buttonfile# -signer /etc/certificates/mysite-publiccert.pem -inkey / etc/certificates/mysite-privatekey.pem -outform der
Re: [ACFUG Discuss] PayPal's Website Payments Standard service and CF
Yes. If you have been through the process then you would be familiar with the ecahange of certs and keys BOTH ends. So, I do believe that you would not be the one to answer this question sine you have have not done this. Thank you for the query. _ Derrick Peavy derr...@derrickpeavy.com _ On Feb 18, 2009, at 12:13 PM, Mike Staver wrote: So, you're posting that info back to PayPal - and they have to be able to read it to process it, right? Do you set up something with your account so they can unencrypt it when it gets posted to their server? I am trying to integrate PayPal with a CF solution. Pay Pal account is a business account, using Website Payments Standard I am not using the PayPal encrypted buttons, but am providing my own encryption on the fly with OpenSSL and CFEXECUTE due to specific situation. I am having one he** of a day trying to make this work. Keep getting new errors and nothing seems to work. Support from PayPal is extremely frustrating. MY QUESTION IS - Has anyone on the list done this before - specifically, encrypting your payment buttons on the fly? I have created the public cert and key and uploaded that to PayPal and downloaded their cert as well. Code is below, problems are below that. Here is the process/code I am using, based upon PayPal's documents and other CF examples I could find: !--- file name --- cfset buttonfile = /var/tmp/ cc_com_paypal_order_#session.bannerOrderID# !--- create temp file --- cffile action=write file=#buttonfile# output=cert_id=DFKJDF97ADFK cmd=_s-xclick business=payPalApprovedAccountEmail item_name=Service Being Sold item_number=#orderID# amount=50.00 currency_code=USD tax=0 no_shipping=1 address1=address as stated in public cert city=city as stated in public cert state=state as stated in public cert zip=zip as stated in public cert country=US no_note=1 cancel_return=returnFile.cfm !--- create signed, binary version of file created above --- cfexecute name=/usr/bin/openssl arguments=smime -sign -in #buttonfile# -signer /etc/certificates/mysite-publiccert.pem -inkey / etc/certificates/mysite-privatekey.pem -outform der -nodetach - binary - out #buttonfile#.binary timeout=30 variable=encButtonOutput / !--- generate encrypted button from binary --- cfexecute name=/usr/bin/openssl arguments=smime -encrypt -des3 - binary -in #buttonfile#.binary -outform pem /etc/certificates/ paypal_cert_pem.txt timeout=30 variable=encButton / !--- actual form --- div id=paypalform style=text-align:center; form action=https://www.paypal.com/cgi-bin/webscr; method=post input type=hidden name=cmd value=_s-xclick input type=hidden name=encrypted value=#encButton# input type=submit value=Pay #dollarFormat(paymentToMake)# via PayPal /form /div The problem is that when the transaction is submitted, PayPal gives different errors, ranging from problems with the email (which PayPal Customer Service confirmed is correct), to issues with decrypting the cert. It's nuts. No one error is the same and PayPal will only say Gee, we don't know. _ Derrick Peavy derr...@derrickpeavy.com _ - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
[ACFUG Discuss] PayPal's Website Payments Standard service and CF
I am trying to integrate PayPal with a CF solution. Pay Pal account is a business account, using Website Payments Standard I am not using the PayPal encrypted buttons, but am providing my own encryption on the fly with OpenSSL and CFEXECUTE due to specific situation. I am having one he** of a day trying to make this work. Keep getting new errors and nothing seems to work. Support from PayPal is extremely frustrating. MY QUESTION IS - Has anyone on the list done this before - specifically, encrypting your payment buttons on the fly? I have created the public cert and key and uploaded that to PayPal and downloaded their cert as well. Code is below, problems are below that. Here is the process/code I am using, based upon PayPal's documents and other CF examples I could find: !--- file name --- cfset buttonfile = /var/tmp/ cc_com_paypal_order_#session.bannerOrderID# !--- create temp file --- cffile action=write file=#buttonfile# output=cert_id=DFKJDF97ADFK cmd=_s-xclick business=payPalApprovedAccountEmail item_name=Service Being Sold item_number=#orderID# amount=50.00 currency_code=USD tax=0 no_shipping=1 address1=address as stated in public cert city=city as stated in public cert state=state as stated in public cert zip=zip as stated in public cert country=US no_note=1 cancel_return=returnFile.cfm !--- create signed, binary version of file created above --- cfexecute name=/usr/bin/openssl arguments=smime -sign -in #buttonfile# -signer /etc/certificates/mysite-publiccert.pem -inkey / etc/certificates/mysite-privatekey.pem -outform der -nodetach -binary - out #buttonfile#.binary timeout=30 variable=encButtonOutput / !--- generate encrypted button from binary --- cfexecute name=/usr/bin/openssl arguments=smime -encrypt -des3 - binary -in #buttonfile#.binary -outform pem /etc/certificates/ paypal_cert_pem.txt timeout=30 variable=encButton / !--- actual form --- div id=paypalform style=text-align:center; form action=https://www.paypal.com/cgi-bin/webscr; method=post input type=hidden name=cmd value=_s-xclick input type=hidden name=encrypted value=#encButton# input type=submit value=Pay #dollarFormat(paymentToMake)# via PayPal /form /div The problem is that when the transaction is submitted, PayPal gives different errors, ranging from problems with the email (which PayPal Customer Service confirmed is correct), to issues with decrypting the cert. It's nuts. No one error is the same and PayPal will only say Gee, we don't know. _ Derrick Peavy derr...@derrickpeavy.com _
Re: [ACFUG Discuss] XML Import/parse help - 3 questions about sample data
Steven thank you for the reply. Mixed results. One worked, one did not, haven't tried accessing the multiple children (yet). Accessing the struct item (link/href) works fine. In fact, I gave that a whirl later in the night after sending this message ... for (i = 1; i LTE ArrayLen(selectedElements); i = i + 1) arrayImportRentMktCom[i][2] = selectedElements [i].link.XmlAttributes.href; Handling the fn:image is still a problem however ... for (i = 1; i LTE ArrayLen(selectedElements); i = i + 1) arrayImportRentMktCom[i][3] = selectedElements[i]. [fn:image].XmlText; The above gives an error === Problem occurred while parsing, Encountered [ at line: 10, column: 70 Tried with and without square brackets, and with quotes only. No luck. What am I missing here? _ Derrick Peavy 404-786-5036 Sales and Web Services CollegeClassifieds.com http://www.collegeclassifieds.com A Service of Universal Advertising, inc. ___ On Jun 11, 2008, at 8:26 AM, Steven Ross wrote: to reference fn:image I believe you would do the same as when you want to preserve the case of a struct and use brackets and the name ie: XMLDoc[fn:image].XMLText multiple child elements of the same name... thats kinda tricky but, it would be easy enough to select only the child nodes of a specific node with XMLSearch and specifying the relative path to the node ie: XMLSearch(thexml, //parentnode/duplicatenodename) XMLAttributes property will give you the attributes of a node... syntax is NodeName.XMLAttributes.attributeName -Steven On Tue, Jun 10, 2008 at 11:30 PM, Derrick Peavy [EMAIL PROTECTED] wrote: I've been working with various XML documents, importing them and then putting select data into a database. I am having problems with new types of files and cannot seem to find an answer (Google). Maybe I am not using the right terms when searching. But I hope someone here can help. For the most part, it's all straight forward. I have been using this kind of code cfscript selectedElements = XmlSearch(XmlParse(trim(cfhttp.fileContent)), / feed/feed_item/); for (i = 1; i LTE ArrayLen(selectedElements); i = i + 1) arrayImportRentMktCom[i][1] = selectedElements[i].summary.XmlText; for (i = 1; i LTE ArrayLen(selectedElements); i = i + 1) arrayImportRentMktCom[i][2] = selectedElements[i].link.XmlText; for (i = 1; i LTE ArrayLen(selectedElements); i = i + 1) arrayImportRentMktCom[i][3] = selectedElements[i].image.XmlText; /cfscript However, I am pretty green with this type of data handling when it's not a simple structure. The problem I am having is when I encounter feeds with structures such as: feed feed_item item_id1234/id link href=somelink.html/ summarySummary of the item within the XML data structure that is being read./summary fn:imagehttp://www.someurl.com/img/pretty_pic_01.jpg/fn:image fn:imagehttp://www.someurl.com/img/pretty_pic_02.jpg/fn:image fn:imagehttp://www.someurl.com/img/pretty_pic_03.jpg/fn:image fn:imagehttp://www.someurl.com/img/pretty_pic_04.jpg/fn:image /feed_item 1. When viewing the remote XML file using --- XmlParse(trim (cfhttp.fileContent)) --- I see that the link is a structure with an href element. How do you grab that data? 2. How do you deal with multiple child elements with the same name? 3. How do you deal with a colon in the element name? _ Derrick Peavy Sales and Web Services CollegeClassifieds.com http://www.collegeclassifieds.com A Service of Universal Advertising, inc. ___ -- Steven Ross web application interface developer http://blog.stevensross.com [mobile] 404-488-4364 [fax] (404) 592-6885 [ AIM / Yahoo! : zeriumsteven ] [googleTalk : nowhiding ] - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink -
Re: [ACFUG Discuss] Need example - XML Import/parse help - 3 questions about sample data
Steven, thank you. I did go through the W3School article after you sent it as well as skimming the doc that Charlie sent. I actually use that site a lot. With your help, I solved the two small problems, but the problem with duplicate children still plagues me. At this point, i am back to my original question with perhaps a more direct approach--- Can someone provide an example of accessing the data within an XML file wherein a parent element has several exactly named children. I still have not found the answer within the documents or on line. I appreciate the documentation that folks are sending - but I also learn about, oh I don't know, maybe 1000X faster by seeing actual code. But, that's just me. Example code, demonstrating my problem feed entry titleA sample XML Child of entry element/title link href=http://www.someplace.com;/link summaryLooks like greek to me. Looks like greek to me. Looks like greek to me. Looks like greek to me. Looks like greek to me. Looks like greek to me. Looks like greek to me. /summary rm:id852/rm:Id rm:imagehttp://www.someplace.com/img/user/442/852/4551594.jpg/ rm:image rm:imagehttp://www.someplace.com/img/user/442/852/4551594a.jpg/ rm:image rm:imagehttp://www.someplace.com/img/user/442/852/4551594b.jpg/ rm:image rm:imagehttp://www.someplace.com/img/user/442/852/4551594c.jpg/ rm:image rm:imagehttp://www.someplace.com/img/user/442/852/4551594d.jpg/ rm:image /entry /feed And parsing that type of structure into an array is no problem EXPECT where the image is concerned. The following example works except for the last array element [4]. If it worked, it would at least insert the first instance of the rm:image child element. But nothing seems to work. cfscript selectedElements = XmlSearch(XmlParse(trim(cfhttp.fileContent)), / feed/entry/); for (i = 1; i LTE ArrayLen(selectedElements); i = i + 1) arrayImport[i][1] = selectedElements[i].summary.XmlText; for (i = 1; i LTE ArrayLen(selectedElements); i = i + 1) arrayImport[i][2] = selectedElements[i].link.XmlAttributes.href; for (i = 1; i LTE ArrayLen(selectedElements); i = i + 1) arrayImport[i][3] = selectedElements[i][rm:id].XmlText; for (i = 1; i LTE ArrayLen(selectedElements); i = i + 1) arrayImport[i][4] = selectedElements[i][rm:image].XmlText; /cfscript So, documents and tutorials are always useful and appreciated, but after 6 hours on this today, I think I would understand the problem and solution much, much faster if someone out there had an actual example to point to. Thanks! _ Derrick Peavy 404-786-5036 Sales and Web Services CollegeClassifieds.com http://www.collegeclassifieds.com A Service of Universal Advertising, inc. ___ On Jun 11, 2008, at 1:32 PM, Steven Ross wrote: I also recommend using the w3c xpath tutorial when i forget syntax I always look there first... http://www.w3schools.com/XPath/default.asp On Wed, Jun 11, 2008 at 11:53 AM, Charlie Arehart [EMAIL PROTECTED] wrote: Derrick, besides Steven's useful replies to you so far, since you said you were green with CF/XML processing, I can't recommend highly enough that you spend 30 minutes reading this wonderful guide: Utilizing XML and XSLT in ColdFusion MX http://www.adobe.com/devnet/coldfusion/articles/xmlxslt.pdf Sure, it's 6 years old, and written for CF 6, but it's a classic and all the info still applies. Just the best intro to the whole subject I ever saw. Lots of examples, no presumption of your knowing anything about XML, XSLT, XPATH, yet by the end of it's 30 pages you'll understand it all well enough to do nearly anything you'd need. And, yes, it explains all those CFML variables, structures, and functions you need to understand in order to process XML with CFML. I honestly wouldn't propose to try to help someone with a question on the subject without strongly urging them to read it first. It's that good, and thorough, and does a better job explaining things than I ever could. :-) /charlie From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Derrick Peavy Sent: Tuesday, June 10, 2008 11:31 PM To: discussion@acfug.org Subject: [ACFUG Discuss] XML Import/parse help - 3 questions about sample data I've been working with various XML documents, importing them and then putting select data into a database. I am having problems with new types of files and cannot seem to find an answer (Google). Maybe I am not using the right terms when searching. But I hope someone here can help. For the most part, it's all straight forward. I have been using this kind of code cfscript selectedElements = XmlSearch(XmlParse(trim (cfhttp.fileContent)), /feed/feed_item/); for (i = 1; i LTE
Re: [ACFUG Discuss] Need example - XML Import/parse help - 3 questions about sample data
Mark: Thank you! Yes, to all of that, I can do that, have done it. May resort to that. But it's not the right way and I am trying hard to learn the finer points of this. The problem is simply that I can't find an example and even thinking outside the box seems to be of no use in solving the problem. It makes me wonder, either the developers who do this in any language keep the finer points to themselves, or there is a whole lot of unnecessary re-writing and parsing of XML files going on across the web - which defeats the whole point. Just my thoughts. _ Derrick Peavy 404-786-5036 Sales and Web Services CollegeClassifieds.com http://www.collegeclassifieds.com A Service of Universal Advertising, inc. ___ On Jun 11, 2008, at 4:21 PM, Fennell, Mark P. wrote: Is there no way to normalize (if that's the right term) the XML? Granted, you'd have to be the one generating the XML, but it would sure be nice to have rm:image1, rm:image2, etc. That would also give you the ability to have descriptions for each of the images. Barring that, and this isn't what you asked for, but I wonder if you could read the file and write a new file and for each rm:image change the name to rm:image#x# where x is some loop index value? Just random thoughts. I'll see if I can spawn an example for you. :) mf From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Derrick Peavy Sent: Wednesday, June 11, 2008 4:11 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Need example - XML Import/parse help - 3 questions about sample data Steven, thank you. I did go through the W3School article after you sent it as well as skimming the doc that Charlie sent. I actually use that site a lot. With your help, I solved the two small problems, but the problem with duplicate children still plagues me. At this point, i am back to my original question with perhaps a more direct approach--- Can someone provide an example of accessing the data within an XML file wherein a parent element has several exactly named children. I still have not found the answer within the documents or on line. I appreciate the documentation that folks are sending - but I also learn about, oh I don't know, maybe 1000X faster by seeing actual code. But, that's just me. Example code, demonstrating my problem feed entry titleA sample XML Child of entry element/title link href=http://www.someplace.com;/link summaryLooks like greek to me. Looks like greek to me. Looks like greek to me. Looks like greek to me. Looks like greek to me. Looks like greek to me. Looks like greek to me. /summary rm:id852/rm:Id rm:imagehttp://www.someplace.com/img/user/442/852/4551594.jpg/ rm:image rm:imagehttp://www.someplace.com/img/user/442/852/4551594a.jpg/ rm:image rm:imagehttp://www.someplace.com/img/user/442/852/4551594b.jpg/ rm:image rm:imagehttp://www.someplace.com/img/user/442/852/4551594c.jpg/ rm:image rm:imagehttp://www.someplace.com/img/user/442/852/4551594d.jpg/ rm:image /entry /feed And parsing that type of structure into an array is no problem EXPECT where the image is concerned. The following example works except for the last array element [4]. If it worked, it would at least insert the first instance of the rm:image child element. But nothing seems to work. cfscript selectedElements = XmlSearch(XmlParse(trim(cfhttp.fileContent)), / feed/entry/); for (i = 1; i LTE ArrayLen(selectedElements); i = i + 1) arrayImport[i][1] = selectedElements[i].summary.XmlText; for (i = 1; i LTE ArrayLen(selectedElements); i = i + 1) arrayImport[i][2] = selectedElements[i].link.XmlAttributes.href; for (i = 1; i LTE ArrayLen(selectedElements); i = i + 1) arrayImport[i][3] = selectedElements[i][rm:id].XmlText; for (i = 1; i LTE ArrayLen(selectedElements); i = i + 1) arrayImport[i][4] = selectedElements[i][rm:image].XmlText; /cfscript So, documents and tutorials are always useful and appreciated, but after 6 hours on this today, I think I would understand the problem and solution much, much faster if someone out there had an actual example to point to. Thanks! _ Derrick Peavy 404-786-5036 Sales and Web Services CollegeClassifieds.com http://www.collegeclassifieds.com A Service of Universal Advertising, inc. ___ On Jun 11, 2008, at 1:32 PM, Steven Ross wrote: I also recommend using the w3c xpath tutorial when i forget syntax I always look there first... http://www.w3schools.com/XPath/default.asp On Wed, Jun 11, 2008 at 11:53 AM, Charlie Arehart [EMAIL PROTECTED] wrote: Derrick, besides Steven's useful replies to you so far, since you said you were green with CF/XML processing, I can't recommend highly enough that you spend 30 minutes reading this wonderful guide: Utilizing XML and XSLT in ColdFusion MX http://www.adobe.com/devnet/coldfusion/articles/xmlxslt.pdf Sure, it's 6 years old
[ACFUG Discuss] XML Import/parse help - 3 questions about sample data
I've been working with various XML documents, importing them and then putting select data into a database. I am having problems with new types of files and cannot seem to find an answer (Google). Maybe I am not using the right terms when searching. But I hope someone here can help. For the most part, it's all straight forward. I have been using this kind of code cfscript selectedElements = XmlSearch(XmlParse(trim(cfhttp.fileContent)), / feed/feed_item/); for (i = 1; i LTE ArrayLen(selectedElements); i = i + 1) arrayImportRentMktCom[i][1] = selectedElements[i].summary.XmlText; for (i = 1; i LTE ArrayLen(selectedElements); i = i + 1) arrayImportRentMktCom[i][2] = selectedElements[i].link.XmlText; for (i = 1; i LTE ArrayLen(selectedElements); i = i + 1) arrayImportRentMktCom[i][3] = selectedElements[i].image.XmlText; /cfscript However, I am pretty green with this type of data handling when it's not a simple structure. The problem I am having is when I encounter feeds with structures such as: feed feed_item item_id1234/id link href=somelink.html/ summarySummary of the item within the XML data structure that is being read./summary fn:imagehttp://www.someurl.com/img/pretty_pic_01.jpg/fn:image fn:imagehttp://www.someurl.com/img/pretty_pic_02.jpg/fn:image fn:imagehttp://www.someurl.com/img/pretty_pic_03.jpg/fn:image fn:imagehttp://www.someurl.com/img/pretty_pic_04.jpg/fn:image /feed_item 1. When viewing the remote XML file using --- XmlParse(trim (cfhttp.fileContent)) --- I see that the link is a structure with an href element. How do you grab that data? 2. How do you deal with multiple child elements with the same name? 3. How do you deal with a colon in the element name? _ Derrick Peavy Sales and Web Services CollegeClassifieds.com http://www.collegeclassifieds.com A Service of Universal Advertising, inc. ___
[ACFUG Discuss] Speed and resources: better to do client or session var?
Probably discussed to death 10 years ago, 5 years ago, one day ago. I don't know. Can't find definitive answers. Wondering... Does anyone think or dare I ask does anyone know if one type of variable structure is faster or less resource intensive than another? In particular, I have an app where I am using client variables for a lot of very simple integer values. I could just as easily use session. The client storage option is a database and so, the larger the number of client variables in the app, and the larger the number of users (visitors), then the larger that database becomes. Again, these are simple values such as one char text values, 1-8 digit integers, etc., Nothing complex. So, does anyone have strong feelings as to which structure would be better for purposes of speed (overall page load), and system resources - larger database for client variables versus more memory used for session? _ Derrick Peavy Sales and Web Services CollegeClassifieds.com http://www.collegeclassifieds.com A Service of Universal Advertising, inc. ___
Re: [ACFUG Discuss] Doing CF development on a MAC
Hm. Ok, I see. Wasn't thinking that way. Yes, the laptops can mirror to any size display, but there is only one video out port, so you would have to split. Isn't that the case with --most-- laptops? Looks like the thread has some good info about how the hardware works and what is does/does not do. My bad. Matrox's Dual Head 2 Go product will work on a MacBook Pro just fine. You need to use the included DVI to VGA adaptor, then plug the Matrox box into that, then plug your monitors into the Matrox box. With their digital (DVI) version, you can even run two Apple 23 displays off it. (Or any pair of DVI monitors with a resolution up to 1920x1200 each.) With the analog version, it can run two monitors of up to 1280x1024 each. (A 17-19 LCD, or a 17 CRT.) _ Derrick Peavy 404-786-5036 Sales and Web Services CollegeClassifieds.com http://www.collegeclassifieds.com A Service of Universal Advertising, inc. ___ On Apr 12, 2008, at 12:06 AM, Douglas Knudsen wrote: ha! a non-mac d00d clearly. been a C64, Amiga, to PC guy. I know the mac desktops do dualies and far more certainly! But I am speaking to the lappies. Sure, a external monitor and the internal one is cool and all, but I'm talking of two equal sized external ones. http://forums.macrumors.com/showthread.php?t=269658 thread discussing this...speaks of the HW Howard mentioned . DK On Fri, Apr 11, 2008 at 11:35 PM, Derrick Peavy [EMAIL PROTECTED] wrote: OMfG! Who wrote this? mac have been doing dual monitors since the early 90's. Since the late 90's without external hardware. _ Derrick Peavy 404-786-5036 Sales and Web Services CollegeClassifieds.com http://www.collegeclassifieds.com A Service of Universal Advertising, inc. ___ On Apr 11, 2008, at 10:36 PM, Douglas Knudsen wrote: Thing I'd miss is dual monitor support. The dell I have has a dock with dual outs for actual dual monitors. Mac? Though I suppose with the dropping LCD prices this maybe moot soon. On 4/11/08, Howard Fore [EMAIL PROTECTED] wrote: Dusty, The only thing you'll really miss is SQL Server. Everything else that you will use will either have a Mac install or there will be a Mac program that does the same thing. I use Windows for CF development at work and at home I use Macs for my freelance development. I use Eclipse as my IDE so that's the same on both sides. Database work is the only fly in the ointment. I do miss Beyond Compare on the Mac but there are some Mac programs (DeltaWalker and Araxis Merge) that are supposed to as good though I haven't tried an extensive review. Howard On Fri, Apr 11, 2008 at 12:26 PM, Dusty Hale [EMAIL PROTECTED] wrote: OK this is probably a good question for Dean! I am now highly considering getting a mac to further develop the creative aspects of what I do. I understand that some developers have moved to Mac and use the VMWare to run windows applications. My questions are: If developing on a Mac would I install things like Photoshop and Illustrator on the Mac OS or would I be doing it through the VMWare on Windows. I currently have the Adobe CS2 Web Bundle suite running on my pc under Win XP so I am not even sure yet that the software I have will run on the Mac OS (I have to check on that). I plan to upgrade to the full Adobe Master Collection with all the great new CS3 tools so I wonder if I have to order it for Mac or Windows or if the software package will install on either. I am hoping either :-) ... I am researching now but would appreciate any quick answers if any one has time. Thanks, Dusty - Annual Sponsor - Figleaf Software http://www.figleaf.com To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink http://www.fusionlink.com - -- Howard Fore, [EMAIL PROTECTED] The universe tends toward maximum irony. Don't push it. - Jeff Atwood - Annual Sponsor FigLeaf Software - http://www.figleaf.com To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - -- Sent from Gmail for mobile | mobile.google.com Douglas Knudsen http://www.cubicleman.com this is my signature, like it? - Annual Sponsor FigLeaf Software - http://www.figleaf.com To unsubscribe from this list
Re: [ACFUG Discuss] Doing CF development on a MAC
Dusty: The software will NOT install on both. You can run it all under Windows through VMWare, but it sounds like what you will end up doing is running everything on the PC and nothing on the mac. I develop on a mac. I use BBEdit (text editor) for code, safari/ firefox for browser testing, and either 1) upload CFM files to stage server (mimic of production server) or 2) Run locally under CF or Blue Dragon. So, where is the need for the PC? (BTW - that's not flame bait, that's just my approach). _ Derrick Peavy Sales and Web Services CollegeClassifieds.com http://www.collegeclassifieds.com A Service of Universal Advertising, inc. ___ On Apr 11, 2008, at 12:26 PM, Dusty Hale wrote: OK this is probably a good question for Dean! I am now highly considering getting a mac to further develop the creative aspects of what I do. I understand that some developers have moved to Mac and use the VMWare to run windows applications. My questions are: If developing on a Mac would I install things like Photoshop and Illustrator on the Mac OS or would I be doing it through the VMWare on Windows. I currently have the Adobe CS2 Web Bundle suite running on my pc under Win XP so I am not even sure yet that the software I have will run on the Mac OS (I have to check on that). I plan to upgrade to the full Adobe Master Collection with all the great new CS3 tools so I wonder if I have to order it for Mac or Windows or if the software package will install on either. I am hoping either :-) ... I am researching now but would appreciate any quick answers if any one has time. Thanks, Dusty - Annual Sponsor - Figleaf Software To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink -
Re: [ACFUG Discuss] Doing CF development on a MAC
OMfG! Who wrote this? mac have been doing dual monitors since the early 90's. Since the late 90's without external hardware. _ Derrick Peavy 404-786-5036 Sales and Web Services CollegeClassifieds.com http://www.collegeclassifieds.com A Service of Universal Advertising, inc. ___ On Apr 11, 2008, at 10:36 PM, Douglas Knudsen wrote: Thing I'd miss is dual monitor support. The dell I have has a dock with dual outs for actual dual monitors. Mac? Though I suppose with the dropping LCD prices this maybe moot soon. On 4/11/08, Howard Fore [EMAIL PROTECTED] wrote: Dusty, The only thing you'll really miss is SQL Server. Everything else that you will use will either have a Mac install or there will be a Mac program that does the same thing. I use Windows for CF development at work and at home I use Macs for my freelance development. I use Eclipse as my IDE so that's the same on both sides. Database work is the only fly in the ointment. I do miss Beyond Compare on the Mac but there are some Mac programs (DeltaWalker and Araxis Merge) that are supposed to as good though I haven't tried an extensive review. Howard On Fri, Apr 11, 2008 at 12:26 PM, Dusty Hale [EMAIL PROTECTED] wrote: OK this is probably a good question for Dean! I am now highly considering getting a mac to further develop the creative aspects of what I do. I understand that some developers have moved to Mac and use the VMWare to run windows applications. My questions are: If developing on a Mac would I install things like Photoshop and Illustrator on the Mac OS or would I be doing it through the VMWare on Windows. I currently have the Adobe CS2 Web Bundle suite running on my pc under Win XP so I am not even sure yet that the software I have will run on the Mac OS (I have to check on that). I plan to upgrade to the full Adobe Master Collection with all the great new CS3 tools so I wonder if I have to order it for Mac or Windows or if the software package will install on either. I am hoping either :-) ... I am researching now but would appreciate any quick answers if any one has time. Thanks, Dusty - Annual Sponsor - Figleaf Software http://www.figleaf.com To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink http://www.fusionlink.com - -- Howard Fore, [EMAIL PROTECTED] The universe tends toward maximum irony. Don't push it. - Jeff Atwood - Annual Sponsor FigLeaf Software - http://www.figleaf.com To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - -- Sent from Gmail for mobile | mobile.google.com Douglas Knudsen http://www.cubicleman.com this is my signature, like it? - Annual Sponsor FigLeaf Software - http://www.figleaf.com To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] CF Flash Upload - Client OS X Safari-Fireworks
There is no problem on the mac. There is a possible problem on the mac. This coming from a 100% of the time mac user, and someone running OS X as server with Cold Fusion. The issue is related to Safari and caching. Safari achieves a lot of its speed by doing some extensive caching. Some of us have disabled that cache. Further, there have been some bugs reported in some versions of Safari. But by and large, it's not a major issue. Unless the user has disabled the cache (Safari Enhancer for instance, which also enables a debug menu), then this code will work perfectly. This is not an issue with Firefox. form action= method=post name=upload_pics enctype=multipart/form-data input type=file name=prettypicture value= size=30 / input type=submit name=action value=Save File / /form Further, every browser deals with the type=file in different ways. See: http://www.quirksmode.org/dom/inputfile.html On the caching issue: http://forums.macosxhints.com/archive/index.php/ t-67825.html _ Derrick Peavy 404-786-5036 Sales and Web Services CollegeClassifieds.com http://www.collegeclassifieds.com A Service of Universal Advertising, inc. ___ On Feb 6, 2008, at 12:53 PM, Dusty Hale wrote: I'm not sure if the problem was ever fixed but back when I using CF5 (I think) there was an issue with cffile not working when doing it from a Mac and the team I worked on had come up with a work around for this. I have that code in my older archives which I don't have with me at the moment but if you don't get a fix for it from someone else in the list, hit me back later and I will dig it up for you. Dusty -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anthony Mathis Sent: 02/06/2008 12:08 PM To: discussion@acfug.org Subject: [ACFUG Discuss] CF Flash Upload - Client OS X Safari- Fireworks I'm having a very strange issue with a CF file upload issue in CF8 Ent. On a windows workstation using IE or FF I can upload fine, but on my Intel OS X the file looks like it uploaded but never does - Safari or FF on OS X. No errors - nothing in the logs. Anyone had similar issue? Doesn't make since. Thanks, Anthony - Annual Sponsor FigLeaf Software - http://www.figleaf.com To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - Annual Sponsor FigLeaf Software - http://www.figleaf.com To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] CF on a Mac--anyone have a system they want to sell?
Charlie: I could do some hosting for you as a favor if the load is low. As you know, running BD on an X Serve, very good results, very happy - thanks to your help over the years too!!! Otherwise, if you want a hand, happy to pick up a used one for you and configure as a favor (the configuration that is). _ Derrick Peavy 404-786-5036 Sales and Web Services CollegeClassifieds.com http://www.collegeclassifieds.com A Service of Universal Advertising, inc. ___ On Feb 5, 2008, at 6:31 PM, Charlie Arehart wrote: Hey folks, I have a client asking me to help them with moving from running CF on Windows to running it on a Mac, and I've toyed with getting one to help with some software we also use at church. So while I've used a Mac I've not yet run CF on it and want to get some experience with it over the next couple of weeks. So does anyone here have one (whether a mini, a laptop, a desktop, or a server) that they may want to sell at a reasonable price? I'm not looking to run it in production, so no need for it to be especially powerful, or even perfectly functioning. I've got one offer for a mini that I could pick up prior to tomorrow night's meeting (which if you haven't seen the announcements, will include both prizes and an important Adobe announcement). I'm assuming I can run CF on any Mac (any of the models, and whether Intel or not), as long as it's a G4 or above and OS 10 or above. If anyone has thoughts that I might want to consider as I contemplate running it on something like a mini, feel free to chime in. Most important, if anyone has a system they'd like to have me consider, feel free to drop me a note at [EMAIL PROTECTED], or feel free to call me at 678 358 3046, before tomorrow afternoon. Thanks. /charlie - Annual Sponsor FigLeaf Software - http://www.figleaf.com To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
javaScript in the Browser string!! [Re: [ACFUG Discuss] URL hackers]
That's not so bad. A few months ago, a ran my daily report showing user sessions, locale, broswers, etc. Every time I ran the report, the page was hijacked and I was taken off site to another site. And I kept asking WTF? Code was fine, hadn't touched the code in weeks. Well, I store basic data on my users, such as browser name so that I know when a particular piece of code is going to go over with 90/95% of users. Doesn't everyone? Finally found that the visitor had a browser name of SCRIPT window.location='http://txt2pic.com' /script (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) People will try anything. _ Derrick Peavy 404-786-5036 Sales and Web Services CollegeClassifieds.com http://www.collegeclassifieds.com A Service of Universal Advertising, inc. ___ On Aug 2, 2007, at 6:45 PM, Cheyenne Throckmorton wrote: Over the past few days I've noticed some rudimentary attempts to do some SQL injection type attacks over the URL string on a few of our sites. The stuff I'm getting is your typical '1=1 and user0' type stuff added to the end of URLs. Looks almost like they may be using Google to hack for possible vulnerable strings in CFML sites. I know this has been very popular with .asp pages, maybe they are moving onto .cfm now as well. In any case, I am double checking our security and think we are fine, still, not having encountered this, I was wondering what some of you all might do in similar instances. I am noticing the attacks are coming to several of our sites from the same group of IP addresses. Is there a place to report this type of activity? Should you just shut off access entirely for these IPs? I know the worst problems with hackers is that once they are in, they are really tough to get rid of, but at the same time I'd hate to cut off access to a group of IPs if say it was like Comcast customers and not the RowandanNationalGreatDeals.com or something. Thanks, Cheyenne - Annual Sponsor - Figleaf Software To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink -
Re: [ACFUG Discuss] preferred method for coding logins
Can someone provide a real world example of what it would take to have a race condition? And is this possible with very low traffic if a user loads a shopping cart (for example) in two browser tabs and somehow, by sheer act of the universe, manages to submit both in the same millisecond? From Adobe: If two requests to the page that includes this code are made at the same time, it is possible that in the time between the right-hand side read of the session.cartTotal, and the left-hand-side write for the second page request to execute and modify session.cartTotal. The result is corrupt data. Developers should always ensure that they mitigate or prevent corrupt data when writing application code. Using the cflock tag in this case will prevent the race condition: _ Derrick Peavy Sales and Web Services CollegeClassifieds.com http://www.collegeclassifieds.com A Service of Universal Advertising, inc. ___ On May 10, 2007, at 3:00 PM, Douglas Knudsen wrote: On 5/10/07, Dusty Hale [EMAIL PROTECTED] wrote: I was always under the impression that it was better to use client variable with the storage mechanism set to a database server with the thought being too much overhead session variables due to having to clock the session variables. RAM access has to be faster than a trip to DB land I'd think. In the past maybe, but unless you are expecting a race condition, no need to lock them anymore. Dean the 3X3 approach seems good. I'm a little confused how to check on the object level but I think I understand were to go on the user and requested action. Thanks for your thoughts. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] On Behalf Of Dean H. Saxe Sent: Wednesday, May 09, 2007 5:07 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] preferred method for coding logins Whoa, I could talk for days on this alone. A few thoughts: Authentication must take place on the server. All authorization information must also remain on the server, therefore it is always held in the SESSION scope. While I have immense respect for Hal, I find that method to be a PITA. Besides, it only addresses authorization to a specific function and not data. For good, strong authorization you must check 3 things, 3 times (3X3): Check: The User The object The requested action The user should have permission to take the action upon the object. You do this in three places: 1) Before allowing the user to see the option to perform action on object in the UI 2) When the user requests to perform action (e.g. view) the object (e.g. view acctID 1000) 3) When the user attempts to modify the object (e.g. delete acctID 1000). So, you have 2 levels of AuthZ: The first is large grained, does the user have permission to a URL or a set of functionality. This prevents privilege escalation vertically, e.g. a user becomes an admin. The second is fine grained, does the user have permission to a specific piece of information. This prevents horizontal privilege escalation, e.g. can user Dean see user Dusty's personal data. This is where most developers screw up and forget to check for permissions. AuthZ systems are easy to implement... incorrectly. Make sure yours is designed well up front to prevent problems down the road. And make sure it is USED in the code each and every time permission to perform some action on some object is requested. FWIW, this is an authorization (authZ) issue and not one specific to authentication (authN). If you want thoughts on authN, just ask. -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] If liberty means anything at all, it means the right to tell people what they do not want to hear. -- George Orwell, 1945 On May 9, 2007, at 5:00 PM, Dusty Hale wrote: As a part of the app I'm working on I have to code a permission based login system. I've written a lot of this kind of code in the past to pull from but I thought it would be interesting to ask if anyone has thought on current preferred ways to code logins. My thoughts are: What is the current preferred method of holding login information (variable scopes)? Client, Session, or Cookie scope.? In the past I've always used numeric values to assign specific permissions and the BitAnd() function to determine if a user has access to a specific permission. This was an approach that I learned from Hal Helms years ago. I wonder if there are newer more preferred ways of coding logins before I dive into this one or if I should stick to what I already know. I welcome any thoughts or opinions on the subject. Dusty - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink
[ACFUG Discuss] catch/try for cfhttp
Can anyone offer a better solution, possibly email back some code for this problem? cftry cfhttp method=post url=someurl throwOnError=yes charset=utf-8 timeout=3 cfcatch type=any cfset errorCheck=X /cfcatch /cftry Then, cfif (errorCheck IS X) don't do blah cfelse do blah /cfif The problem I am having is that there are various errors that can come back from this particular HTTP request. So, this works sometimes, not others. _ Derrick Peavy Sales and Web Services CollegeClassifieds.com http://www.collegeclassifieds.com A Service of Universal Advertising, inc. ___
Re: [ACFUG Discuss] (new topic) You CAN use CFINCLUDE to deliver css file, fewer http requests
H No. You're wrong. Seriously, not trying to tick you off, but you should read this: http://yuiblog.com/blog/2006/11/28/performance-research-part-1/ I fully understand and am aware of the separation of content and style, it's pro's and con's. How the browsers save things is not the issue, that's a minor point. The issue is with the http requests. It is not a direct 1 to 1 trade off of bandwidth vs. requests. To say that it is, is misleading. A 9k style sheet via an http request versus an additional 9k in your index file is not the same comparison. And since 50% or more of the US is on broadband anyway... it's a no brainer. The conclusion is the same: Reducing the number of HTTP requests has the biggest impact on reducing response time and is often the easiest performance improvement to make. In the next article we’ll look at the impact of caching, and some surprising real-world findings. _ Derrick Peavy Sales and Web Services CollegeClassifieds.com http://www.collegeclassifieds.com A Service of Universal Advertising, inc. ___ On Mar 17, 2007, at 8:07 AM, Howard Fore wrote: One of the nice things about using style sheets that are external to your HTML is that modern browsers won't download the CSS file again if the file hasn't changed. So you save n KB per HTTP request. Small, but it does add up, especially for a site with a lot of pages, like a shopping site. As far as solving the user's problem of the style sheet not coming along with a save, all the big broswer players have a save complete option that will grab the style sheet. On 3/16/07, Universal Advertising Derrick Peavy [EMAIL PROTECTED] wrote: Honestly, I didn't follow the cfinclude/css thread after the first post because it was not what I thought it was. However, if it is even remotely related, I thought the OP might want to know, you can use CFINCLUDE to deliver your CSS files in the head of your pages. I do this to reduce the number of http requests and also because it solves the problem of a user saving the page locally just as well as using a full qualified path in the head of the page would. -- Howard Fore, [EMAIL PROTECTED] In any moment of decision, the best thing you can do is the right thing, the next best thing is the wrong thing, and the worst thing you can do is nothing. - Theodore Roosevelt - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink -
[repost] [ACFUG Discuss] Monitoring CF app / monitoring service
Folks, maybe I was not clear. What I am asking about is a third party that can monitor an app/URL in real time and report to me if the site is down, for instance, if I am having dinner and the site goes down. Make sense? Looking at logs is not the issue. Thanks! _ Derrick Peavy Sales and Web Services CollegeClassifieds.com http://www.collegeclassifieds.com A Service of Universal Advertising, inc. ___ On Feb 2, 2007, at 6:13 PM, Derrick Peavy wrote: Does anyone have or know of a service that can monitor a CF app for up time? I don't mean just pinging the domain to get a reply, but making sure that your app is working and that Java, and thus, CF has not died in the middle of the night? _ Derrick Peavy Sales and Web Services CollegeClassifieds.com http://www.collegeclassifieds.com A Service of Universal Advertising, inc. ___
[ACFUG Discuss] Monitoring CF app / monitoring service
Does anyone have or know of a service that can monitor a CF app for up time? I don't mean just pinging the domain to get a reply, but making sure that your app is working and that Java, and thus, CF has not died in the middle of the night? _ Derrick Peavy Sales and Web Services CollegeClassifieds.com http://www.collegeclassifieds.com A Service of Universal Advertising, inc. ___
[ACFUG Discuss] Image from DB
Probably an easy problem for someone... I want to put two small images in my database and then output them in my app, so that they do not constitute additional http requests. Consider it an experiment - I know that it may seem a bit silly. The goal is for the entire page to be delivered to the browser in one http request, instead of 3 (two images and one cf page) without doing any Apache tinkering. I have looked around the net for answers and cannot seem to make this work. Database field is imageFile of type BLOB in MySQL 4.1.13. What is the proper way to insert the image? Example: INSERT into Images (imageFile) values ('#base64(image)#') -Or- Example: INSERT into Images (imageFile) values ('#image#') And then of course, how do you retrieve it? Example: SELECT imageFile FROM Images WHERE imageID=1 cfoutput #toString(imageFile)# /cfoutput -OR- cfoutput #toBinary(imageFile)# /cfoutput As I say, I've not been able to make this work. If I use toString(), I simply get the raw data. If I use toBinary(), I get an error that the data cannot be converted to a string. Also, using CFCONTENT is fine to output the image, but then any code after that is ignored. So, short of saving the entire page and then outputting, it, I don't see a way to use CFCONTENT. _ Derrick Peavy Sales and Web Services Universal Advertising Phone: 404-786-5036 Fax: 404-370-0470 http://www.universaladvertising.com http://www.collegeadvertising.com http://www.collegeclassifieds.com ___
Re: [ACFUG Discuss] Image from DB
Thank you again - everyone! I think (by virtue of forcing the question), that the answer is that what I want to do is not really worth it or might best be done with the keep-alive option. The goal, again a theoretical one, is to reduce the number of http requests as that really is the biggest bottleneck on line these days (files needed to construct one page, images, external Jscript, Google ads, and scripts, etc.). An interesting article: http://ajaxian.com/archives/yahoo-performance- engineers-discuss-what-the-8020-rule-tells-us-about-reducing-http- requests As I have reduced my https request I have seen faster page loads via third party testing. But at this point, I think I am as far as can be reasonably done. The reason I don't like the CFCONTENT option is that in fact the entire page output does have to be sent. I cannot simply include a CFM file which retrieves the image and puts it in the page as the rest of the page does not process after the CFCONTENT. As for putting the entire page in the DB, no, I think that's not appropriate. Just thought, maybe someone had done this and that you could spit out 1.5 or 4.4 k images just like data and speed things up. _ Derrick Peavy Sales and Web Services Universal Advertising Phone: 404-786-5036 Fax: 404-370-0470 http://www.universaladvertising.com http://www.collegeadvertising.com http://www.collegeclassifieds.com ___ On Jan 18, 2007, at 12:45 PM, John Mason wrote: Yes, you only need the server to run http 1.1 which most do. Also the browser should be able to accept that (which most do) and the browser has to not send a close command which at times they do. A lot of things are controlled by the user in this situation. Whether accepting a open keep-alive http connection or http compression. Lucky a lot of this is already taken care of from the server end. Storing the images in the db or on the file system isn't going to change anything there and the end client browser really for the most part doesn't care. John From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fennell, Mark P. Sent: Thursday, January 18, 2007 12:07 PM To: discussion@acfug.org Subject: RE: [ACFUG Discuss] Image from DB Additionally, I think HTTP 1.1 allows connection keep-alives so that you only make one http call for the entire page. Right? mf -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Mason Sent: Thursday, January 18, 2007 12:03 PM To: discussion@acfug.org Subject: RE: [ACFUG Discuss] Image from DB Don't get me wrong, I understand it's an experiement and it's fun to try. 1. You're not actually reducing your http requests. -- My main point with this. 3. You can save the image data in the database as a BLOB and output it onto a page. You'll need to use cfcontent to set the precise MIME type. If you're using IIS 6, the MIME types are much more strict than they use to be. John [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Derrick Peavy Sent: Thursday, January 18, 2007 11:56 AM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Image from DB Kindly, and with respect to everyone that replied: 1. As I stated, the goal is to reduce http requests, not file sizes. And this is an experiment, please forgive, but the Why of why I want to do this is not part of the answer. 2. Don't really need a discussion about the database design or benefits of A or B 3. Looking for an answer to the question - How to get image in DB, image out of DB, using CF and MySQL? Any takers for that? _ Derrick Peavy Sales and Web Services Universal Advertising Phone: 404-786-5036 Fax: 404-370-0470 http://www.universaladvertising.com http://www.collegeadvertising.com http://www.collegeclassifieds.com ___ On Jan 18, 2007, at 10:32 AM, Teddy Payne wrote: This seems to be asked often about images and BLOBs. I know you are testing an idea out and maybe you can get it to work somehow, but from a data perspective you just don't want to use a BLOB. There is only one technique to reduce up front cost of a BLOB and that is to have a BLOB table. The table would not be a part of the primary table, so you would not intefere with indexing and collation. You would have a normalized table with a foreign key that you would only use for that web service. Now for the webservice, wouldn't you want to return the lowest common denomenator of data? If you are returning HTML or something that needs to reference the image, it is acceptable to have a reference with an absolute URL back to your server. The benefit here is that the web service is consumed quicker, but the page load would be based on the network retrieving the data. In addition, you would want inside of your web service a way not to return the image that would even speed up
Re: [ACFUG Discuss] Image from DB
Douglas, yep. You nailed it. _ Derrick Peavy Sales and Web Services Universal Advertising Phone: 404-786-5036 Fax: 404-370-0470 http://www.universaladvertising.com http://www.collegeadvertising.com http://www.collegeclassifieds.com ___ On Jan 18, 2007, at 1:38 PM, Douglas Knudsen wrote: On 1/18/07, Derrick Peavy [EMAIL PROTECTED] wrote: Thank you again - everyone! I think (by virtue of forcing the question), that the answer is that what I want to do is not really worth it or might best be done with the keep-alive option. The goal, again a theoretical one, is to reduce the number of http requests as that really is the biggest bottleneck on line these days (files needed to construct one page, images, external Jscript, Google ads, and scripts, etc.). An interesting article: http://ajaxian.com/archives/yahoo- performance-engineers-discuss-what-the-8020-rule-tells-us-about- reducing-http-requests As I have reduced my https request I have seen faster page loads via third party testing. But at this point, I think I am as far as can be reasonably done. The reason I don't like the CFCONTENT option is that in fact the entire page output does have to be sent. I cannot simply include a CFM file which retrieves the image and puts it in the page as the rest of the page does not process after the CFCONTENT. As for putting the entire page in the DB, no, I think that's not appropriate. Just thought, maybe someone had done this and that you could spit out 1.5 or 4.4 k images just like data and speed things up. I'm no reader of RPCs on HTTP or anything, but this does not sound possible. What it sounds like you are trying to do is deliver the binary data for a image inline with the HTML. To the best of my knowledge that isn't a reality. For emails maybe, but not a web browser. _ Derrick Peavy Sales and Web Services Universal Advertising Phone: 404-786-5036 Fax: 404-370-0470 http://www.universaladvertising.com http://www.collegeadvertising.com http://www.collegeclassifieds.com ___ On Jan 18, 2007, at 12:45 PM, John Mason wrote: Yes, you only need the server to run http 1.1 which most do. Also the browser should be able to accept that (which most do) and the browser has to not send a close command which at times they do. A lot of things are controlled by the user in this situation. Whether accepting a open keep-alive http connection or http compression. Lucky a lot of this is already taken care of from the server end. Storing the images in the db or on the file system isn't going to change anything there and the end client browser really for the most part doesn't care. John From: [EMAIL PROTECTED] [ mailto:[EMAIL PROTECTED] On Behalf Of Fennell, Mark P. Sent: Thursday, January 18, 2007 12:07 PM To: discussion@acfug.org Subject: RE: [ACFUG Discuss] Image from DB Additionally, I think HTTP 1.1 allows connection keep-alives so that you only make one http call for the entire page. Right? mf -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Mason Sent: Thursday, January 18, 2007 12:03 PM To: discussion@acfug.org Subject: RE: [ACFUG Discuss] Image from DB Don't get me wrong, I understand it's an experiement and it's fun to try. 1. You're not actually reducing your http requests. -- My main point with this. 3. You can save the image data in the database as a BLOB and output it onto a page. You'll need to use cfcontent to set the precise MIME type. If you're using IIS 6, the MIME types are much more strict than they use to be. John [EMAIL PROTECTED] From: [EMAIL PROTECTED] [ mailto:[EMAIL PROTECTED] On Behalf Of Derrick Peavy Sent: Thursday, January 18, 2007 11:56 AM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Image from DB Kindly, and with respect to everyone that replied: 1. As I stated, the goal is to reduce http requests, not file sizes. And this is an experiment, please forgive, but the Why of why I want to do this is not part of the answer. 2. Don't really need a discussion about the database design or benefits of A or B 3. Looking for an answer to the question - How to get image in DB, image out of DB, using CF and MySQL? Any takers for that? _ Derrick Peavy Sales and Web Services Universal Advertising Phone: 404-786-5036 Fax: 404-370-0470 http://www.universaladvertising.com http://www.collegeadvertising.com http://www.collegeclassifieds.com ___ On Jan 18, 2007, at 10:32 AM, Teddy Payne wrote: This seems to be asked often about images and BLOBs. I know you are testing an idea out and maybe you can get it to work somehow, but from a data perspective you just don't want to use a BLOB. There is only one technique to reduce up front cost of a BLOB and that is to have a BLOB table. The table would not be a part
Re: [ACFUG Discuss] Image from DB
Just to be clear the security aspect is of no issue here. I am not interested in doing this for security. I agree with those who have posted about the con's of doing image management in a DB. I don't want to do that. What I specifically was trying to accomplish is the storage of a finite number of images, about 5 total. Each of which are under 5 kb. The goal was/is that CF could output the one or two images on the front page along with the CFML all in one http request. Again, I know it's trivial and I know that there is no performance gain per se. But, as mentioned in the article I referenced, if currently I have three HTTP connections to load a 90k page, and I can take that down to one HTTP connection for the same 90k, then 500,000 users per day would be 500,000 requests per day, not 1.5 million. Make sense? If one assumes that the other aspects of the app are tuned (DB queries, CFML, Apache or IIS, hardware, etc., - and that's a big assumption), then a final spot would be the HTTP requests. And, that would be more out of curiosity than necessity. Although, the end result would certainly be desirable, a fast loading, single request which gives the user the feeling of a very responsive site. Again, thank you to everyone - in fact, I went back and changed my httpd.conf file to enable http keep alives - not sure why that was off to begin with. So, there has been some positive feedback from all of this! _ Derrick Peavy Sales and Web Services Universal Advertising Phone: 404-786-5036 Fax: 404-370-0470 http://www.universaladvertising.com http://www.collegeadvertising.com http://www.collegeclassifieds.com ___ On Jan 18, 2007, at 3:29 PM, Josh Adams wrote: Sure it's data management. You could keep text data on the file system too but you typically don't--unless maybe it's a lot of text, right? Images are no different--if they're not that big, why complicate matters by storing them on the file system? You're already having to do a DB lookup to know what to retrieve--that's the crucial difference between page furniture and data. But whatever. Josh From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Mason Sent: Thursday, January 18, 2007 2:50 PM To: discussion@acfug.org Subject: RE: [ACFUG Discuss] Image from DB I agree that with strict image security it is an option. Give an image only to particular people, etc. But data management? I don't think so, but let's just my opinion. Image security is probably the only practical example I can think of for doing this, but there again Derrick isn't going for that. As far as having html text and the image binary on the same 'page'...I've never send that before. John [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Josh Adams Sent: Thursday, January 18, 2007 2:42 PM To: discussion@acfug.org Subject: RE: [ACFUG Discuss] Image from DB Not true--there can be a benefits: data management security. Derrick started this whole discussion on the BlueDragon Interest list. I guess he brought it here because no one could tell him a technique for doing what he wanted on that list. But over there just as here, people asked the why would you do that? question about storing images in the DB. An good rule of thumb was put forth: if it's page furniture, keep it in the file system; if it's data, keep it in the DB. If it's data, use your data management tool (a.k.a. your database) to manage it--why reinvent the wheel? On the security side of things, note that by using img src=.../myheaderimage.cfm, you can implement all the same security you would for any other resource your app serves up. Josh From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Mason Sent: Thursday, January 18, 2007 10:27 AM To: discussion@acfug.org Subject: RE: [ACFUG Discuss] Image from DB Honestly, there's not really a benefit per se. There might be a rare case now and then for doing this, but really you should probably just use the filesystem for what it's design for, storing files. John From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fennell, Mark P. Sent: Thursday, January 18, 2007 10:22 AM To: discussion@acfug.org Subject: RE: [ACFUG Discuss] Image from DB I'm just curious. What are the benefits of storing the image in the db rather than storing the file on the filesystem and the path in the db? I mean, for a web page, all you need is the img and the path. I can understand how it might be useful in some VB or C or Java app where the client doesn't display images with such ease, but for a web app...? Thanks. mf -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Mason Sent: Thursday, January 18, 2007 10:16 AM To: discussion@acfug.org Subject: RE: [ACFUG Discuss] Image from DB I believe there would still
[ACFUG Discuss] Frame bustin'
Anyone have a good, working method of frame busting? I ask because the JS i have been using does not work when someone uses a web proxy (annon.) to browse a site. Examples that do not work (among many): SCRIPT LANGUAGE=JavaScript if (top.frames.length!=0) top.location=self.document.location; /SCRIPT script if (parent.frames.length 0) { parent.location.href = self.document.location } /script When someone uses a service such as http:// www.anonymousproxyworld.com/ they can strip the javascript but even when they don't, it does not work. They frame the page and append the meta data with their URL. _ Derrick Peavy Sales and Web Services Universal Advertising Phone: 404-786-5036 Fax: 404-370-0470 http://www.universaladvertising.com http://www.collegeadvertising.com http://www.collegeclassifieds.com ___
[ACFUG Discuss] Mass upload using CF to Flickr
Ok, I know this is out in left field, but has anyone done something like this === I want to be able to offer picture upload to users on a site (URL 1). But as they are uploaded, I'd like the pic to actually go to Flickr.com not to the server which hosts URL 1. I'd like to then get the URL for the Flickr pic and store that with other info on the server of URL 1. Anyone? _ Derrick Peavy Sales and Web Services Universal Advertising ___
[ACFUG Discuss] Tagging example in CF
So... Is there an example that anyone knows of, of tagging in a CF site? Is this done by a search of the tag word? _ Derrick Peavy Sales and Web Services Universal Advertising Phone: 404-786-5036 Fax: 404-370-0470 http://www.universaladvertising.com http://www.collegeadvertising.com http://www.collegeclassifieds.com ___
Re: [ACFUG Discuss] Tagging example in CF
Good question. But for example:www.somepage.com/computer - would display content in site regarding computerswww.somepage.com/johndoe - would display content in site regarding candidate john doe.From what I can see, it looks like a simplified/glorified search technique, where instead of having a page for each topic, the user can type in whatever they want and the system/site responds. It is one of the "hot" things that some content/newspaper sites are latching onto.Just wondering if anyone is familiar and has done anything in CF. Is it a url variable sent a query? Or, a static page/directory with index page (contrary to what I stated above), where the search is cached and content pre-formatted. Is any of this making sense?Here is an example:http://www.newsvine.com/Then, type "apple" or "hp" after .com/ and the content reflects that topic. _ Derrick Peavy Sales and Web Services Universal Advertising Phone: 404-786-5036 Fax: 404-370-0470 http://www.universaladvertising.com http://www.collegeadvertising.com http://www.collegeclassifieds.com ___ On Sep 13, 2006, at 9:42 AM, Teddy Payne wrote:What is your definition of tagging? TeddyOn 9/13/06, Derrick Peavy [EMAIL PROTECTED] wrote:So... Is there an example that anyone knows of, of tagging in a CF site? Is this done by a search of the tag word? _ Derrick Peavy Sales and Web Services Universal Advertising Phone: 404-786-5036 Fax: 404-370-0470 http://www.universaladvertising.com http://www.collegeadvertising.com http://www.collegeclassifieds.com ___ -- cf_payne /Blog: http://cfpayne.wordpress.com/Atlanta CFUG: http://www.acfug.org - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink -
Re: *solved* Re: [ACFUG Discuss] Re: Speeding up execution time against 2.3 m records
Thanks. And um, just for the fun factor, let me tell you what that's running on::Apple Dual G5 X Serve with 8 GB RAM, Blue Dragon 6.2, Apache 1.3 and MySQL 4.1.13 _ Derrick Peavy Sales and Web Services Universal Advertising Phone: 404-786-5036 Fax: 404-370-0470 http://www.universaladvertising.com http://www.collegeadvertising.com http://www.collegeclassifieds.com ___ On Sep 8, 2006, at 5:00 PM, Cameron Childress wrote:On 9/8/06, Derrick Peavy [EMAIL PROTECTED] wrote: 0.5MS). You can see the CF page here: http://www.universaladvertising.com/atest.cfm That page indicates results for my query in 0009. ms the firsttime around and .0030 milliseconds for subsequent requests.prettyfreakin fast.-Cameron-To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserformFor more info, see http://www.acfug.org/mailinglistsArchive @ http://www.mail-archive.com/discussion%40acfug.org/List hosted by http://www.fusionlink.com-
*solved* Re: [ACFUG Discuss] Re: Speeding up execution time against 2.3 m records
The final solution was/is much simpler. However, there is still a query speed advantage with PHP. A colleague ran the same queries, on the same model machine, using the same MySQL DB, and MySQL version, only difference was PHP and the query times were much, much faster. How much? Well, after optimizing (as indicated below), my query times are down to 0.0003 (3 MS) on average. Not bad at all. But the same query on PHP (again, PHP being the ONLY change) was taking less than 1 MS on average, usually about 0.5 0.5MS). You can see the CF page here: http://www.universaladvertising.com/atest.cfmThe trick/key was to change the default index that came with the DB (data and schema). It was a PK index, clustered on ipTo and ipFrom, both INT (10) fields. That has been deleted and now, the index is simply on ipFrom. No other index, no PK. Then, instead of searching for a value on each side/end of the IPv4 number (a range), the query is now: SELCT * FROM table WHERE ipFrom = inet_aton('64.105.194.201') ORDER BY ipFrom DESC LIMIT 1The limit tells MySQL to stop looking essentially. The order by forces us to get the right record. So, problem solved. And, as a test, i did 35,000 of these look ups, along with 35,000 DB updates to a second table in just under 33 seconds. Not bad at all.And while the query was faster in PHP, the actual output, the display of the page via CF/Apache and in the users browser, is much faster in CF than in PHP (in this case). _ Derrick Peavy Sales and Web Services Universal Advertising Phone: 404-786-5036 Fax: 404-370-0470 http://www.universaladvertising.com http://www.collegeadvertising.com http://www.collegeclassifieds.com ___ On Sep 7, 2006, at 10:08 PM, Cameron Childress wrote:without seeing all the php and cf setup info and code I don't know.maybe, maybe notOn 9/7/06, Steven Ross [EMAIL PROTECTED] wrote: Would that still be the reason for the huge slowdown between php andCF? I would think there would be something else there causing that...just curious.On 9/7/06, Cameron Childress [EMAIL PROTECTED] wrote: On 9/7/06, Cameron Childress [EMAIL PROTECTED] wrote: Does this not accomplish the same thing? Heh - I accidentally deleted what I put here, but it was essentially a subselect. A self join as Dean suggested also might work. The key is just to minimise the data MySQL and CF have to shuttle back and forth and keep any larger datasets inside the MySQL machine. -Cameron - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com ---Steven Rossweb application interface developerhttp://www.zerium.com[mobile] 404-488-4364[fax] 928-484-4364-To unsubscribe from this list, manage your profile @http://www.acfug.org?fa=login.edituserformFor more info, see http://www.acfug.org/mailinglistsArchive @ http://www.mail-archive.com/discussion%40acfug.org/List hosted by http://www.fusionlink.com- -- Cameron ChildressSumo Consulting Inchttp://www.sumoc.com---cell: 678.637.5072aim: cameroncfemail: [EMAIL PROTECTED]-To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserformFor more info, see http://www.acfug.org/mailinglistsArchive @ http://www.mail-archive.com/discussion%40acfug.org/List hosted by http://www.fusionlink.com-
[ACFUG Discuss] Speeding up execution time against 2.3 m records
I have a database with 2.3 million records, one table, 9 fields, optimized as much as possible (enum is used where possible, and other tips, also no nulls). MySQL 4.1.13 is the DB with the JDBC 3.1.7 driver.My problem is that to get the record I need, I have to look up the record based on a value which falls between A and B, A and B being the two columns in the DB. I get execution times ranging from 50+ seconds (not ms), to as little as 2-3 seconds.You can see an example here: http://www.universaladvertising.com/atest.cfmIf anyone is familiar with PHPMyAdmin as a MySQL DB management tool, consider that the following executes in 0.0005 seconds:SELECT (@FROMSAV:= ipfrom) as ipfrom, (@TOSAV:= ipto) as iptoFROM ipcitylatlongWHERE 3626918649 = ipfrom AND 3626918649 = ipto;SELECT *FROM ipcitylatlongWHERE @FROMSAV = ipfromAND @TOSAV = iptoYes, I realize that's actually two queries. In fact, PHP (and I'm not comparing PHP/CF), breaks this out into 5 queries, but one connection, but also executes in 0.0005 seconds. Query of queries does not help. And transaction wrapping makes no difference. My question is, while I understand the danger of what I am asking here, how can you pass the two SQL queries above through one Cold Fusion CFQUERY call? I don't think it's actually possible. But, maybe somebody has an idea, or a way to look at this differently. Incidentally, the following SQL is actually a little faster than the above SQL, but still does not come close to touching the 0.0005 time via PHPMyAdmin:SELECT * FROM ipcitylatlong WHERE #ipnumber# = ipTo _ Derrick Peavy Sales and Web Services Universal Advertising http://www.universaladvertising.com ___
Re: [ACFUG Discuss] SOT: cross browser scrolling widget
An iFrame is the best option there, or use CSS to create a scrollable area. _ Derrick Peavy Sales and Web Services Universal Advertising Phone: 404-786-5036 Fax: 404-370-0470 http://www.universaladvertising.com http://www.collegeadvertising.com http://www.collegeclassifieds.com ___ On May 8, 2006, at 10:39 PM, Tom Chambers wrote:Can anyone recommend a cross-browser widget to scroll text in a small region of a webpage? I'd like to 'feed' this with a database read.Thanks* To unsubscribe from this list, manage your profile @ ** http://www.acfug.org?fa=login.edituserform ** ** For more info, see http://www.acfug.org/mailinglists *