Grant [mailto:mgr...@modus.bz]
Sent: Thursday, January 06, 2011 5:24 PM
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF (MVC) Framework
Know it to be true? Nobody knows it except the people at Google. Why risk
someone's hunch that's it isn't true? At best what do you gain if you're
And when it comes to SEO mojo why risk it?
That's a non-argument that I hear from so-called SEO experts all the time
with little or no data to back it up. It's a fear-based approach that
really has no validity in and of itself. Show me a controlled experiment.
Show me a definitive statement
I'm not trying to rob you Bilbo... I'm trying to help you.
-mk
-Original Message-
From: Michael Grant [mailto:mgr...@modus.bz]
Sent: Friday, January 07, 2011 5:25 AM
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF (MVC) Framework
I'm not going head to head with anyone. I just
So you're reacting to the word mojo?
Yeah, I am. Because, in every other area of computing, when you do
something you can measure and verify the effects. Once you lose that
ability to measure, you don't have anything worth buying.
You seem to have a personal axe to grind here. Did you get
I'm not going head to head with anyone. I just know I've come to my
conclusions about SEO based on personal experience and the opinions of
others in this community who I respect. The owner of this list being one of
them. I don't really care to argue about. If DW thinks I'm wrong that's the
Plus I think he's an Old Milwaukee guy (chi tea? Ouch!)
Fortunately, at this stage of my life I can do a bit better than Old
Milwaukee! I just went to Belgium recently - now that's some good
beer.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/
Fig Leaf
Well Dave, I would say in that instance, their Mojo would just be considered
their tried and true techniques to get results. Just as all of us
developers use tried and true functions, frameworks, etc... which give us
advantages, or Mojo, over other development companies. I do agree that it
is
Just as a point of note. I'm not an SEO expert. I don't call myself an SEO
expert. I don't even offer SEO services other than the routine methodology I
employ when building a site.
These aren't the droids you're looking for.
On Fri, Jan 7, 2011 at 9:51 AM, Justin Scott
On behalf of my friends in Wisconsin... what's wrong with Old Milwaukee?
-Original Message-
From: Dave Watts [mailto:dwa...@figleaf.com]
Sent: Friday, January 07, 2011 10:16 AM
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF (MVC) Framework
Plus I think he's an Old
It's like making love in a canoe.
On Fri, Jan 7, 2011 at 9:42 AM, Mark A. Kruger mkru...@cfwebtools.com wrote:
On behalf of my friends in Wisconsin... what's wrong with Old Milwaukee?
~|
Order the Adobe Coldfusion Anthology
On behalf of my friends in Wisconsin... what's wrong with Old Milwaukee?
If you get full before you get drunk, something's not right.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/
Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA
You mean not so fun when you do it but a great story to tell later??
-Original Message-
From: Judah McAuley [mailto:ju...@wiredotter.com]
Sent: Friday, January 07, 2011 11:48 AM
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF (MVC) Framework
It's like making love in a canoe
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF (MVC) Framework
It's like making love in a canoe.
On Fri, Jan 7, 2011 at 9:42 AM, Mark A. Kruger mkru...@cfwebtools.com
wrote:
On behalf of my friends in Wisconsin... what's wrong with Old Milwaukee
It's like making love in a canoe.
+1
That's not a beer. THIS is a beer: tp://
stickandballguy.com/blog/wp-content/uploads/2009/08/baltika9.jpg
You mean not so fun when you do it but a great story to tell later??
It is F-ing close to water.
G!
On Fri, Jan 7, 2011 at 12:48 PM, Judah McAuley
[mailto:ju...@wiredotter.com]
Sent: Friday, January 07, 2011 11:48 AM
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF (MVC) Framework
It's like making love in a canoe.
On Fri, Jan 7, 2011 at 9:42 AM, Mark A. Kruger mkru...@cfwebtools.com
wrote:
On behalf of my friends in Wisconsin
Well I know I asked for it... but I'm offended all the same (ha).
-Original Message-
From: Judah McAuley [mailto:ju...@wiredotter.com]
Sent: Friday, January 07, 2011 12:12 PM
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF (MVC) Framework
No, it's fucking close to water
Just as a point of note. I'm not an SEO expert.
Nor am I, and I didn't say that you were, just pointing out that your
argument is one that I hear people who claim to be.
-Justin
~|
Order the Adobe Coldfusion Anthology now!
I disagree
Russ
-Original Message-
From: Dave Watts [mailto:dwa...@figleaf.com]
Sent: 07 January 2011 16:14
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF (MVC) Framework
I'm not going head to head with anyone. I just know I've come to my
conclusions about SEO based
I don't think the SEO-unfriendliness of running everything through
index.cfm has been an issue for a very long time. They used to have an
issue with indexing query strings / dynamic URLs, but not any more. Maybe
some of the smaller ones still do, but the major ones definitely do not.
Really, if
It's not an issue in that Google can't crawl you. It's an issue in that
Google will rank this:
mysite.com/Cars/BMW/X3
Higher than this:
mysite.com?cat=carsmaker=bmwstyle=x3
On Thu, Jan 6, 2011 at 6:39 AM, Scott Brady dsbr...@gmail.com wrote:
I don't think the SEO-unfriendliness of
It's not an issue in that Google can't crawl you. It's
an issue in that Google will rank this:
mysite.com/Cars/BMW/X3
Higher than this:
mysite.com?cat=carsmaker=bmwstyle=x3
I realize that is a common belief, but I have never seen any compelling
evidence to back up the claim. If there's a
, January 06, 2011 8:24 AM
To: cf-talk
Subject: RE: Beta Tester Wanted for new CF (MVC) Framework
It's not an issue in that Google can't crawl you. It's
an issue in that Google will rank this:
mysite.com/Cars/BMW/X3
Higher than this:
mysite.com?cat=carsmaker=bmwstyle=x3
I realize
...@cfwebtools.com]
Sent: 06 January 2011 14:51
To: cf-talk
Subject: RE: Beta Tester Wanted for new CF (MVC) Framework
Justin,
I used to be in your camp but I've reversed course. I now believe that
having a semantic url actually does matter - as opposed to simply url
params. I'm basing this on working
I don't think the SEO-unfriendliness of running everything through
index.cfm has been an issue for a very long time. They used to have an
issue with indexing query strings / dynamic URLs, but not any more. Maybe
some of the smaller ones still do, but the major ones definitely do not.
It's not an issue in that Google can't crawl you. It's an issue in that
Google will rank this:
mysite.com/Cars/BMW/X3
Higher than this:
mysite.com?cat=carsmaker=bmwstyle=x3
I would be a bit surprised if that's true. Both URLs contain obvious,
easily-read data. Google is full of smart
Well it was an example case. Most url vars aren't as easy to read as my fake
example. It would probably be more like mysite.com?id=1345238
On Thu, Jan 6, 2011 at 12:09 PM, Dave Watts dwa...@figleaf.com wrote:
It's not an issue in that Google can't crawl you. It's an issue in that
Google
It's not an issue in that Google can't crawl you. It's an issue in that
Google will rank this:
mysite.com/Cars/BMW/X3
Higher than this:
mysite.com?cat=carsmaker=bmwstyle=x3
I would be a bit surprised if that's true. Both URLs contain obvious,
easily-read data. Google
On Thu, Jan 6, 2011 at 4:58 AM, Michael Grant mgr...@modus.bz wrote:
It's not an issue in that Google can't crawl you. It's an issue in that
Google will rank this:
mysite.com/Cars/BMW/X3
Higher than this:
mysite.com?cat=carsmaker=bmwstyle=x3
Very likely but most frameworks support basic
Yes they are. However I believe my original point (minus my supporting
argument) is still valid. Well structured urls are better than url vars. Or
at least that's what I've always known to be true. And when it comes to SEO
mojo why risk it?
On Thu, Jan 6, 2011 at 5:03 PM, Dave Watts
Yes they are. However I believe my original point (minus my supporting
argument) is still valid. Well structured urls are better than url vars. Or
at least that's what I've always known to be true. And when it comes to SEO
mojo why risk it?
URL parameters, by themselves, don't prevent a URL
Know it to be true? Nobody knows it except the people at Google. Why risk
someone's hunch that's it isn't true? At best what do you gain if you're
right? Save a few hours dev time? And at worst? You lose search engine rank
which can have disastrous effects on a company. To me it's not worth the
Know it to be true? Nobody knows it except the people at Google. Why risk
someone's hunch that's it isn't true? At best what do you gain if you're
right? Save a few hours dev time? And at worst? You lose search engine rank
which can have disastrous effects on a company. To me it's not worth
So you're reacting to the word mojo?
You seem to have a personal axe to grind here. Did you get taken by an SEO
guy selling snake oil?
On Thu, Jan 6, 2011 at 7:22 PM, Dave Watts dwa...@figleaf.com wrote:
Know it to be true? Nobody knows it except the people at Google. Why
risk
someone's
I really don't think Dave has any Axe to grind, they are after all just true
facts he has stated,perhaps he may have gone a bit OTT in calling SEO
experts snake oil salesmen though. Every field has its experts, so an SEO
expert is really no different than a CSS expert or a user interface expert,
Mike, you sure you want to go head to head with DW? Seems risky :) Plus I
think he's an Old Milwaukee guy (chi tea? Ouch!)
-Original Message-
From: Michael Grant [mailto:mgr...@modus.bz]
Sent: Thursday, January 06, 2011 5:24 PM
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF
Steve,
I'm personally not sure if yet another framework is needed, we have quite a
few now from simple (cfwheels or FW/1) for all singing all dancing OOP
behemoths (ColdBox) but kudos for trying and I hope it works out for you.
While I think all these security concerns are valid, and it would be
Russ,
Thanks for your comment and encouragement.
The scrutiny is certainly valid. I don't think the problem is as serious as it
first appeared, but it is with regard to all uploaded files handled by the
framework so it is a pretty significant area of concern and definitely
something I am
-Original Message-
From: Steve Bryant [mailto:st...@bryantwebconsulting.com]
Sent: 05 January 2011 17:39
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF (MVC) Framework
Russ,
Thanks for your comment and encouragement.
The scrutiny is certainly valid. I don't think the problem
Exactly! No need to set up URL rewriting and if you want to edit content for
the URL /my-folder/my-file.cfm then just open the file at that location and
edit it.
If you want to set up some URL rewriting so that the URL is
/my-folder/my-file/ (or anything else) instead, nothing in the
Hello fellow CFers,
I just released a beta of a new ColdFusion framework called Neptune and I would
love to get some beta testers to help me find bugs or make suggestions on how
it could be improved. We have been using it internally for a few years on
several projects, so I am curious to see
:28 AM
To: cf-talk
Subject: Beta Tester Wanted for new CF (MVC) Framework
Hello fellow CFers,
I just released a beta of a new ColdFusion framework called Neptune and I
would love to get some beta testers to help me find bugs or make suggestions
on how it could be improved. We have been using
:28 AM
To: cf-talk
Subject: Beta Tester Wanted for new CF (MVC) Framework
Hello fellow CFers,
I just released a beta of a new ColdFusion framework called Neptune and I
would love to get some beta testers to help me find bugs or make
suggestions on how it could be improved. We have been
this is configurable.
Regards,
Andrew Scott
http://www.andyscott.id.au/
-Original Message-
From: Steve Bryant [mailto:st...@bryantwebconsulting.com]
Sent: Wednesday, 5 January 2011 3:28 AM
To: cf-talk
Subject: Beta Tester Wanted for new CF (MVC) Framework
Hello fellow CFers,
I just released
Andrew,
The default folder for uploading files has a Application.cfm that just contains
cfabort to help mitigate that risk. Assuming the uploads themselves limit
file types allowed, how serious a risk do you think that is?
Also, yes, easy to configure. Just change the UploadPath setting in
://www.andyscott.id.au/
-Original Message-
From: Steve Bryant [mailto:st...@bryantwebconsulting.com]
Sent: Wednesday, 5 January 2011 7:01 AM
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF (MVC) Framework
Andrew,
The default folder for uploading files has
Andrew,
I'll have to ponder that.
Right now the following XML would create a table with two file fields, one of
which would accept only images and the other would accept only vcard files.
table entity=Contact
field name=ContactImage Label=Image type=image folder=images /
field
Wouldn't it be sufficient to make the folder write and read only leaving off
the public execute privilege?
-Original Message-
From: Steve Bryant [mailto:st...@bryantwebconsulting.com]
Sent: Tuesday, January 04, 2011 4:38 PM
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF (MVC
Duane,
Good question. I would think so, but I am not expert enough on the topic to be
confident of that.
I believe I have that set already in the folder in the zip as well as in the
download created from the generator. If not, I will correct.
Anyone know a reason why that would not be
/
-Original Message-
From: Steve Bryant [mailto:st...@bryantwebconsulting.com]
Sent: Wednesday, 5 January 2011 7:38 AM
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF (MVC) Framework
Andrew,
I'll have to ponder that.
Right now the following XML would create a table with two file
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF (MVC) Framework
Andrew,
I'll have to ponder that.
Right now the following XML would create a table with two file fields,
one
of
which would accept only images and the other would accept only vcard
files.
table entity
Andrew,
Correct me if I am mistaken, but I thought that was if the system was checking
*only* mime-type. The framework checks both mime-type AND file extension. I did
check on that at the time of that exploit and ensured that our framework was
protected from that exploit. If I have missed
David,
That is certainly another point altogether. As I said, the framework does allow
you to configure location and URL path for uploaded files which *should* allow
a URL path like /file.cfm?file=.
I have added testing that as a relatively high-priority task for my next round
of work on the
Yeah, I wasn't knocking it...
On Tue, Jan 4, 2011 at 5:15 PM, Steve Bryant
st...@bryantwebconsulting.comwrote:
David,
That is certainly another point altogether. As I said, the framework does
allow you to configure location and URL path for uploaded files which
*should* allow a URL path
...@bryantwebconsulting.com]
Sent: Wednesday, 5 January 2011 9:12 AM
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF (MVC) Framework
Andrew,
Correct me if I am mistaken, but I thought that was if the system was
checking *only* mime-type. The framework checks both mime-type
Subject: Re: Beta Tester Wanted for new CF (MVC) Framework
Andrew,
Correct me if I am mistaken, but I thought that was if the system was
checking *only* mime-type. The framework checks both mime-type AND file
extension. I did check on that at the time of that exploit and ensured
[mailto:david.mcg...@gmail.com]
Sent: Wednesday, 5 January 2011 9:31 AM
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF (MVC) Framework
How would CF server know to process a .cfm file unless you pre-configured
your IIS or Apache to tell CF to process and execute PNGs? I'm honestly
asking.
I
Both mime types and file extensions can be spoofed by a hacker as both
are just data that hackers can manipulate on their end of the
client-server relationship. Unless you are running code that actually
inspects the content of the file to confirm that it matches the file
type and the mime
Andrew,
You just hit me with a You should know that and a Steve needs to
understand I get that you have a headache, but I am not trying to fight
you on this. I am really just trying to get a feel for the threat-level so I
can decide on the appropriate action(s) to take.
It sounds like
Ian,
I'm not sure that is exactly accurate. A mime-type can certainly be spoofed, no
debate there. A file extension can be *changed*, but (unless I understand
incorrectly), the server is going to decide how to handle a file based on the
extension.
So, for example, you may save a ColdFusion
9:45 AM
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF (MVC) Framework
Andrew,
You just hit me with a You should know that and a Steve needs to
understand I get that you have a headache, but I am not trying to
fight
you on this. I am really just trying to get a feel
I think the fear would be if an EXE was uploaded as a CFM file...
Regards,
David @ Oyova - http://www.oyova.com
On Tue, Jan 4, 2011 at 5:52 PM, Steve Bryant
st...@bryantwebconsulting.comwrote:
Ian,
I'm not sure that is exactly accurate. A mime-type can certainly be
spoofed, no debate
What about *.jsp files, or even aspx or asp files?
Regards,
Andrew Scott
http://www.andyscott.id.au/
-Original Message-
From: Steve Bryant [mailto:st...@bryantwebconsulting.com]
Sent: Wednesday, 5 January 2011 9:53 AM
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF (MVC
,
Andrew Scott
http://www.andyscott.id.au/
-Original Message-
From: Steve Bryant [mailto:st...@bryantwebconsulting.com]
Sent: Wednesday, 5 January 2011 9:53 AM
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF (MVC) Framework
Ian,
Even if it was, Application.cfm
Andrew,
Definitely a good point which is why I mentioned modifying the framework to
have black-listed file extensions that would have to be explicitly allowed for
a field.
I do think, however, that I should have a note on the section about uploading
files that a list of allowed extensions
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF (MVC) Framework
Andrew,
Definitely a good point which is why I mentioned modifying the framework
to have black-listed file extensions that would have to be explicitly
allowed
for a field.
I do think, however, that I should have
A. Kruger, MCSE, CFG
(402) 408-3733 ext 105
Skype: markakruger
www.cfwebtools.com
www.coldfusionmuse.com
www.necfug.com
-Original Message-
From: Steve Bryant [mailto:st...@bryantwebconsulting.com]
Sent: Tuesday, January 04, 2011 4:15 PM
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF
[mailto:st...@bryantwebconsulting.com]
Sent: Tuesday, January 04, 2011 4:53 PM
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF (MVC) Framework
Ian,
I'm not sure that is exactly accurate. A mime-type can certainly be spoofed,
no debate there. A file extension can be *changed*, but (unless I
: Tuesday, January 04, 2011 4:53 PM
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF (MVC) Framework
Ian,
I'm not sure that is exactly accurate. A mime-type can certainly be
spoofed,
no debate there. A file extension can be *changed*, but (unless I
understand
incorrectly), the server
On Tue, Jan 4, 2011 at 8:27 AM, Steve Bryant
st...@bryantwebconsulting.com wrote:
I think it is quite a bit unlike any other ColdFusion framework out there. It
isn't hub-and-spoke (where all requests are routed through index.cfm, for
example). It doesn't require OO. It does, however, provide
Mark,
I actually remember reading that blog post when it came out (I always love your
blog, by the way). To be honest, I don't remember if I am doing that validation
in place or not. Certainly this does demonstrate that it shouldn't be done in
place - and I will address that if it is.
I am
Subject: Re: Beta Tester Wanted for new CF (MVC) Framework
Mark,
I actually remember reading that blog post when it came out (I always love
your blog, by the way). To be honest, I don't remember if I am doing that
validation in place or not. Certainly this does demonstrate that it
shouldn't
Subject: Re: Beta Tester Wanted for new CF (MVC) Framework
Mark,
I actually remember reading that blog post when it came out (I always love
your blog, by the way). To be honest, I don't remember if I am doing that
validation in place or not. Certainly this does demonstrate that it
shouldn't be done
Mark,
Good to know. I certainly understand about future threats, but I think this is
sufficient to keep my current approach (with the modifications outlined) with
only a relatively mild warning about putting files outside the web root (but a
major one about white listing extensions).
Maybe I
of everything
eh :)
-mark
-Original Message-
From: Steve Bryant [mailto:st...@bryantwebconsulting.com]
Sent: Tuesday, January 04, 2011 9:43 PM
To: cf-talk
Subject: Re: Beta Tester Wanted for new CF (MVC) Framework
Mark,
Good to know. I certainly understand about future threats, but I think
from the URL.
Regards,
Andrew Scott
http://www.andyscott.id.au/
-Original Message-
From: Mark A. Kruger [mailto:mkru...@cfwebtools.com]
Sent: Wednesday, 5 January 2011 3:04 PM
To: cf-talk
Subject: RE: Beta Tester Wanted for new CF (MVC) Framework
Steve,
Ok... given your
Yeah, not being able to disable execute permissions would be annoying, but I
think the other protections should still cover the possibilities pretty well.
Nonetheless, that probably does deserve a note in the docs (including we would
recommend finding another host).
Just to clarify, I do
76 matches
Mail list logo