On Wed, Mar 5, 2014 at 11:16 AM, Nick Gleason n.glea...@citysoft.comwrote:
Hi Pete,
I've been researching CSP and it sounds like a pretty cool option. But, I
just wanted to follow up on this comment that you made
below:-- it will also block inline
Hi Pete,
I've been researching CSP and it sounds like a pretty cool option. But, I
just wanted to follow up on this comment that you made
below:-- it will also block inline
scripts and style elements--
Are you
On Mon, Mar 3, 2014 at 5:11 PM, Nick Gleason n.glea...@citysoft.com wrote:
Pete,
Much appreciated. I guess where I'm being a bit of a dunce is that in your
example, if a malicious url.query variable was passed in by a hacker,
wouldn't the display only be available on that single request?
.
Thanks again!
Nick
-Original Message-
From: Russ Michaels [mailto:r...@michaels.me.uk]
Sent: Friday, February 28, 2014 9:39 AM
To: cf-talk
Subject: Re: Best practices for xss security in CMS?
with any decent editor including CKeditor and tinyMCE, you can specify down
Dave, this is an interesting idea which we haven't pursued yet. I don't
have a clear sense of how the server configuration would work here. Would
you have two separate db servers (one for authored content and one for
published content) that would sync up? Or would you have an authoring
On Sun, Mar 2, 2014 at 11:21 PM, Nick Gleason n.glea...@citysoft.comwrote:
Hi guys,
Following up on this thread I have a related question - what are some
examples of XSS scenarios other than comments and forum posts.
Any other prominent risk scenarios for XSS?
There are a lot of
Pete,
Much appreciated. I guess where I'm being a bit of a dunce is that in your
example, if a malicious url.query variable was passed in by a hacker,
wouldn't the display only be available on that single request? And if I
come to the same search form 2 minutes later and do a normal search,
You could manage the web.config ip filter via cf.
You can also have the option to disable 2 factor authentication for a
specific computer for 30 days which is a common option, using either a
cookie or ip logging.
Russ Michaels
www.michaels.me.uk
cfmldeveloper.com
cflive.net
cfsearch.com
On 3 Mar
Hi Russ,
This is very interesting. In this case, we limit failed logins to a fairly
small number before the login is disabled so in theory that would prevent
dictionary style attacks, even against fairly weak logins. If you think
that is flawed, let me know.
We've discussed adding an IP
Nick you are correct, strictly speaking. That simple example is harmless,
it runs only one time and is 'visible' only to the single client. Consider
what happens if the payload that is executed is nowhere nearly as benign.
At that point, code of some kind is being executed on your server that
To clarify, I was oversimplifying above when I said 'code is being executed
on your server'. Pete's script example would of course need to link up
with some other vulnerability for that to happen (i.e. an unpatched exploit
of some kind).
Since you can't predict such things, you minimize the
:29 AM
To: cf-talk
Subject: Re: Best practices for xss security in CMS?
I'm very interested in your feedback on best practices when 1) trying
to mitigate risk of XSS and other hacks while 2) providing CMS
functionality that includes a web editor that clients use to publish web
pages
, 2014 9:39 AM
To: cf-talk
Subject: Re: Best practices for xss security in CMS?
with any decent editor including CKeditor and tinyMCE, you can specify down
to a granular level which html tags and attributes are allowed/not allowed,
just check the docs and there should be a config file somewhere
...@gmail.com]
Sent: Friday, February 28, 2014 11:10 AM
To: cf-talk
Subject: Re: Best practices for xss security in CMS?
Sorry, I only read as far as disabling Javascript and was commenting on
that. The fact remains that anything done *clientside* is not reliable. It
seems we're not disagreeing
Hi Adam,
Can you tell me a little more about what you mean by coding in order to
prevent posting directly to a form and bypassing validation?
Nick
-Original Message-
From: Adam Cameron [mailto:dacc...@gmail.com]
Sent: Friday, February 28, 2014 10:56 AM
To: cf-talk
Subject: Re: Best
-Original Message-
From: Russ Michaels [mailto:r...@michaels.me.uk]
Sent: Friday, February 28, 2014 11:58 AM
To: cf-talk
Subject: Re: Best practices for xss security in CMS?
tsk, not reading properly before replying is very naughty, I will set
Charlie Arehart on you.
I am quite confident
I'm very interested in your feedback on best practices when 1) trying to
mitigate risk of XSS and other hacks while 2) providing CMS functionality
that includes a web editor that clients use to publish web pages.
For example, there are many tags like style, iframe, and embed that
are
with any decent editor including CKeditor and tinyMCE, you can specify down
to a granular level which html tags and attributes are allowed/not allowed,
just check the docs and there should be a config file somewhere in your CMS
that instantiates the editor where you can modify these settings.
So
Also bear in mind that is only half the work. Whatever pre-validation or
UX tweaks one does on the client, one still needs to do the actual
validation on the server too.
On 1 March 2014 06:38, Russ Michaels r...@michaels.me.uk wrote:
with any decent editor including CKeditor and tinyMCE, you
although these days if a user has javascript disabled they wont be able to
use the cms at all as it is a requirement for the editor and all the AJAXy
stuff.
but what you can do, is apply filtering to all form fields at a global
level, so any form submission any page will have anything dodgy
That's a bit narrow-sighted.
Hackers don't disable JS to bypass clientside pre-validation, they just
post the form directly. Often the server code is not coded in such a way to
be aware how a post is made (via a legit form, or just by a POST request).
*Always* consider client-side
I disagree 100%
scanning All form fields globally for any dodgy content is the complete
opposite of narrow sighted, it is a much more efficient way to make sure
nothing gets through rather than instead trying to do these checks in
multiple different places and potentially missing one.
On Fri,
Sorry, I only read as far as disabling Javascript and was commenting on
that. The fact remains that anything done *clientside* is not reliable. It
seems we're not disagreeing there,
Certainly having a WAF is borderline essential on anything other than a
trivial site. I'm not entirely sure doing
tsk, not reading properly before replying is very naughty, I will set
Charlie Arehart on you.
I am quite confident that fuseguard would do a better job than a generic
WAF on a CF site, and anyone of shared hosting wont really have the option
to do a server wide solution.
but certainly if you use
Hi Nick,
It is tricky to handle HTML content while avoiding XSS, there are a two
tools I'm aware of that can help you here:
1) scrubHTML() - This is one I built in pure CFML and I think it is pretty
easy to build a whitelist of allowed html using it:
https://github.com/foundeo/cfml-security it
Thanks very much Pete.
We have implemented Portcullis among other things and that will also block
tags like the ones mentioned. I think that may be similar to the ones that
you mention. I expect that Fuseguard has something similar.
I guess my follow up question may have to be with what
)
Name stuff so the next person that looks at the code has a clue what you're
doing.
-Original Message-
From: Maureen [mailto:mamamaur...@gmail.com]
Sent: Wednesday, June 20, 2012 6:18 PM
To: cf-talk
Subject: Re: Best practices
If I wrap a large amount of code in cfoutput tags, I
I recently had to help with some code with really outlandish variable and
field names.
cfset mawkishbbt = GNOME.barakish (not really, but a good paraphrase)
I've been telling this story to students for I guess around ten years now.
I've done quite a bit of work reviewing other
I recently had to help with some code with really
outlandish variable and field names.
cfset mawkishbbt = GNOME.barakish (not really, but a good paraphrase)
That reminds me of my days writing vScript for the Virtual Advanced
BBS (way back in 1995) where all of the variables were predefined
Even worse is when they copy code directly from tutorials and have
names like myTable, myQuery, myForm, foo and bar.
On Thu, Jun 21, 2012 at 9:08 AM, Justin Scott leviat...@darktech.org wrote:
That reminds me of my days writing vScript for the Virtual Advanced
BBS (way back in 1995) where
Everything between cfoutput tags needs to be parsed. So a big page would
slow performance, by how much is prob negligible but worth testing to find
out.
If there are only a few vars in the whole page then only putting the
cfoutput where needed will speed things up. Depends how important those
Everything between cfoutput tags needs to be parsed. So a big
page would slow performance, by how much is prob negligible
but worth testing to find out.
Remember that this would only be a hit once each time the file was
changed, as once it's compiled down to bytecode it doesn't have to be
Everything between cfoutput tags needs to be parsed. So a big
page would slow performance, by how much is prob negligible
but worth testing to find out.
Remember that this would only be a hit once each time the file was
changed, as once it's compiled down to bytecode it doesn't have to
While the general statement you made about bytecode is true, the
conclusion you draw from it is one that I'd be reluctant to make
without load testing.
Indeed, I had this debate with someone a few years ago and we beat a
server into the ground for a few hours with both scenarios and the
Hi folks
Thanks for the input and help.
I had not been thinking in terms of speed but of accuracy, which doesn't seem
to
be an issue. The page isn't that big that speed is going to be a problem. It is
actually much easier to code without the output as I have several paragraphs
with variable
If I wrap a large amount of code in cfoutput tags, I always comment
the starting and ending tags to describe what they wrap. It makes it
easier to match them when debugging.
On Wed, Jun 20, 2012 at 3:05 PM, Rob Voyle robvo...@voyle.com wrote:
Hi folks
Thanks for the input and help.
I had
Years ago it was much more performant to use the single tag wrapped around
everything. Nowadays it is kinda more about personal preference than
performance.
HTH
Sent from my Samsung Galaxy SII
On Jun 19, 2012 6:20 PM, Rob Voyle robvo...@voyle.com wrote:
Hi Folks
I am wondering what is
If you use cfsetting show output only (cant recall attribute)
You have to wrap html in cfoutput tags
On Jun 20, 2012 7:20 AM, Rob Voyle robvo...@voyle.com wrote:
Hi Folks
I am wondering what is considered best practices for the cfoutput tag
I have a large page many tables, paragraphs etc.
Matt's dead on. It really doesn't matter very much, anymore. It's a style
preference.
That said, I would add that style is very important! The ability to scan a
file and know what it's doing without guessing is an important thing.
Having templates that match and create a cohesive feeling
Is that Jason Dean format?
On Thu, Dec 15, 2011 at 2:36 PM, Larry Lyons larrycly...@gmail.com wrote:
My iPad has a completely different idea of my typing. (Its becoming typecast
actually)
I meant to say you may want to try the jquery google maps plugin. It accepts
json.
You can try my CFGMap project on RIAForge. Should be well documented,
but you're welcome to ask questions off list.
http://cfgmap.riaforge.org/
Steve 'Cutter' Blades
Adobe Community Professional
Adobe Certified Expert
Advanced Macromedia ColdFusion MX 7 Developer
I've got a few blog entries on using Google Maps w/ CF outside of
CFMAP as well.
On Wed, Dec 14, 2011 at 4:19 PM, Jeff Gladnick jeff.gladn...@gmail.com wrote:
Is there a current state of the art for dealing with Google maps and
coldfusion, especially asynchronously. I've used cf_googlemap
Is there a current state of the art for dealing with Google maps and
coldfusion, especially asynchronously. I've used cf_googlemap
extensively in the past, but has anything eclipsed it?
You could try the google maps jQuert plugin. One of the options is accepting
Jason input.
Is that Jason Dean format?
On Thu, Dec 15, 2011 at 2:36 PM, Larry Lyons larrycly...@gmail.com wrote:
Is there a current state of the art for dealing with Google maps and
coldfusion, especially asynchronously. I've used cf_googlemap
extensively in the past, but has anything eclipsed it?
take a lot of work off the CPU
and database.
Rick
-Original Message-
From: Cutter (CFRelated) [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 20, 2007 2:37 PM
To: CF-Talk
Subject: Re: Best Practices for Web Site Traffic Tracking
Rick,
Last week we deployed new code, here
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 20, 2007 8:10 PM
To: CF-Talk
Subject: Re: Best Practices for Web Site Traffic Tracking
Anyone know of a discussion/tutorial on the best way to go about
creating a website traffic management/reporting system?
Only my own experience
But, we've found that bots will also show a screen res of 0 x 0, so if
you check this sort of thing you can then exclude anything without a
screen res.
Cutter
__
http://blog.cutterscrossing.com
Claude Schneegans wrote:
Anyone know of a discussion/tutorial on the best way to
Thanks for point that out to me, Rey... unfortunately
it only runs on Linux and I'm not capable of porting it to Windows.
Rick
-Original Message-
From: Rey Bango [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 21, 2007 11:52 AM
To: CF-Talk
Subject: Re: Best Practices for Web Site
PROTECTED]
Sent: Wednesday, February 21, 2007 11:52 AM
To: CF-Talk
Subject: Re: Best Practices for Web Site Traffic Tracking
Rick,
I couldn't remember the name of the free stats server that I had seen
awhile back. I found it:
http://www.mrunix.net/webalizer/
Haven't used it but it might
Yes.. I do see a Win32-Intel binary distribution.
I was going by information found in the FAQ's.
Thanks!
-Original Message-
From: Rey Bango [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 21, 2007 2:23 PM
To: CF-Talk
Subject: Re: Best Practices for Web Site Traffic Tracking
You mean like a WebTrends kind of thing?
This e-mail is from Reed Exhibitions (Gateway House, 28 The Quadrant,
Richmond, Surrey, TW9 1DN, United Kingdom), a division of Reed Business,
Registered in England, Number 678540. It contains information which is
confidential and may also be
, February 20, 2007 2:02 PM
To: CF-Talk
Subject: Re: Best Practices for Web Site Traffic Tracking
You mean like a WebTrends kind of thing?
This e-mail is from Reed Exhibitions (Gateway House, 28 The Quadrant,
Richmond, Surrey, TW9 1DN, United Kingdom), a division of Reed Business,
Registered
Rick,
Webmaster World has one of the best forums for that topic:
http://www.webmasterworld.com/analytics/
Check them out.
I recommend Sawmill for website tracking data (http://sawmill.net). I've
also read some VERY good things about Mint (http://www.haveamint.com/)
although its only a
Rick,
Last week we deployed new code, here at work, redesigning our
application and session startup and management, specifically for
improving our own click-through user/session tracking on our client's
sites. Now, we're talking about a shared application templated system
that services 1600+
$800!!... yes, I'll build my own!)
Rick
-Original Message-
From: Robertson-Ravo, Neil (RX)
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 20, 2007 2:02 PM
To: CF-Talk
Subject: Re: Best Practices for Web Site Traffic Tracking
You mean like a WebTrends kind of thing
Thanks for the info, Rey... I'll check out the references.
Rick
-Original Message-
From: Rey Bango [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 20, 2007 2:38 PM
To: CF-Talk
Subject: Re: Best Practices for Web Site Traffic Tracking
Rick,
Webmaster World has one of the best forums
Faircloth
To: CF-Talk
Sent: Tue Feb 20 19:32:20 2007
Subject: RE: Best Practices for Web Site Traffic Tracking
Yes, but it doesn't have to be quite that extensive...something like
their Standard Package...(whew, even the Standard version of WebTrends
is around $800!!... yes, I'll build my own
Message-
From: Cutter (CFRelated) [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 20, 2007 2:37 PM
To: CF-Talk
Subject: Re: Best Practices for Web Site Traffic Tracking
Rick,
Last week we deployed new code, here at work, redesigning our
application and session startup and management
To: CF-Talk
Subject: Re: Best Practices for Web Site Traffic Tracking
Rick,
Also checkout Google Analytics (http://www.google.com/analytics/) which
is Google's implementation of Urchin.
Rey
Rick Faircloth wrote:
Yes, but it doesn't have to be quite that extensive...something like
their Standard
a database? They just parse server
logs to get the info? Sure would take a lot of work off the CPU
and database.
Rick
-Original Message-
From: Cutter (CFRelated) [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 20, 2007 2:37 PM
To: CF-Talk
Subject: Re: Best Practices
: Re: Best Practices for Web Site Traffic Tracking
Can you build it for less or = to $800 with the same features? :-)
This e-mail is from Reed Exhibitions (Gateway House, 28 The Quadrant,
Richmond, Surrey, TW9 1DN, United Kingdom), a division of Reed Business,
Registered in England, Number 678540
Whew... I think my server would choke... :o)
Thanks for the info on the procedure, however.
Rick
-Original Message-
From: Cutter (CFRelated) [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 20, 2007 3:22 PM
To: CF-Talk
Subject: Re: Best Practices for Web Site Traffic Tracking
I've
, however.
Rick
-Original Message-
From: Cutter (CFRelated) [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 20, 2007 3:22 PM
To: CF-Talk
Subject: Re: Best Practices for Web Site Traffic Tracking
I've seen dedicated systems solely for parsing the logs. Can chew up a
lot of CPU
SmarterStats is cheep and provides a wealth of information about your
visitor.
~|
Create robust enterprise, web RIAs.
Upgrade integrate Adobe Coldfusion MX7 with Flex 2
http://www.adobe.com/products/coldfusion/flex2/
Archive:
To: CF-Talk
Subject: Re: Best Practices for Web Site Traffic Tracking
Rick,
I would seriously look at Google Analytics:
Benefits
1. it's free
2. it is extensively documented
3. you can manage multiple websites thru one interface
4. there are books written by real authors on the reports
5. the reports
that to my attention again, Casey!
Rick
-Original Message-
From: Casey Dougall [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 20, 2007 5:00 PM
To: CF-Talk
Subject: Re: Best Practices for Web Site Traffic Tracking
SmarterStats is cheep and provides a wealth of information about your
visitor
Anyone know of a discussion/tutorial on the best way to go about
creating a website traffic management/reporting system?
Only my own experience on the subject.
You'll have to parse the headers to distinguish robots from human
visitors, otherwise your statistics will be biased.
This does not
Good point, Claude...
Rick
-Original Message-
From: Claude Schneegans [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 20, 2007 8:10 PM
To: CF-Talk
Subject: Re: Best Practices for Web Site Traffic Tracking
Anyone know of a discussion/tutorial on the best way to go about
creating
I would also be interested in that information.
me to!
Andrew
~|
Create robust enterprise, web RIAs.
Upgrade integrate Adobe Coldfusion MX7 with Flex 2
Actually so far i have had very little actual information - mostly people
saying they want it too.
Michael DInowitz said he'd see if he could dig out some information he had
- did you ever manage to do that Michael?
I'm heading off to the beach on Sunday, so if i havent got anything to work
with
Mike,
Mike Dinowitz might have something for you. He gave a great error handling
preso at CFUNITED. It also included some good OO error handling techniques.
Will
~|
Create robust enterprise, web RIAs.
Upgrade integrate Adobe
I'd be interested in this info as well.
Rey
Mike Kear wrote:
Every January, when I go to the beach for a holiday, I take the
opportunity to review one or more of my common methods and techniques
to update to the current best practice.Last year I decided to
commit to learning what i
I would also be interested in that information.
Mike is anything posted on the House of Fusion?
Mario
-Original Message-
From: Rey Bango [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 04, 2007 10:43 AM
To: CF-Talk
Subject: Re: Best practices - error handling
I'd be interested
On 1/4/07, Rey Bango wrote:
I'd be interested in this info as well.
Me three
--
[EMAIL PROTECTED]
Janitor, The Robertson Team
mysecretbase.com
~|
Create robust enterprise, web RIAs.
Upgrade integrate Adobe Coldfusion MX7
Let me dig up the ppt and post it up and see if I can do a voice over or
something.
On a related note, if anyone knows someone in the NY area who can take
dictation and wants to hear me talking on a LOT of technical subjects, please
contact me off list. I can get 3-4 articles out a week if I
ok, great. Thanks guys.
You can also use cfinclude and cfsavecontent to read the file, which is
faster.
-Original Message-
From: Rob Wilkerson [mailto:[EMAIL PROTECTED]
Sent: 30 October 2006 20:00
To: CF-Talk
Subject: Re: best practices for encryption
On 10/30/06, daniel kessler
How do you read something that is above web root?
And to destroy it, do you just stick it in a var then overwrite the var with
cfset myvar = '' when done?
I recently had the same situation come up and ended up choosing the
security-by-obscurity approach. I generated a key as you did and
On 10/30/06, daniel kessler [EMAIL PROTECTED] wrote:
How do you read something that is above web root?
And to destroy it, do you just stick it in a var then overwrite the var with
cfset myvar = '' when done?
Using CFFILE and supplying an absolute path. The content of the file
is simply the
You can also use cfinclude and cfsavecontent to read the file, which is
faster.
-Original Message-
From: Rob Wilkerson [mailto:[EMAIL PROTECTED]
Sent: 30 October 2006 20:00
To: CF-Talk
Subject: Re: best practices for encryption
On 10/30/06, daniel kessler [EMAIL PROTECTED] wrote:
How
If you use Encrypt, you will need the same key to Decrypt the data back.
There are multiple types of encryption that CF supports, so you may want to
research into which one fits you best.
You may want to look up the ideas of adding an additional string to your
encryption. A good idea is to have
The correct answer to your question really depends on the specifics of
the job at hand. If, for example, you are storing account login
passwords I would say that a salted hash is a mighty good option, if
not the best. But that won't work for a lot of things.
What are you up to?
--
[EMAIL
: Monday, September 25, 2006 4:49 PM
To: CF-Talk
Subject: Re: best practices for encryption
The correct answer to your question really depends on the specifics of
the job at hand. If, for example, you are storing account login
passwords I would say that a salted hash is a mighty good option
[mailto:[EMAIL PROTECTED]
Sent: Monday, September 25, 2006 4:49 PM
To: CF-Talk
Subject: Re: best practices for encryption
The correct answer to your question really depends on the specifics of
the job at hand. If, for example, you are storing account login
passwords I would say
On 9/25/06, Ray Champagne [EMAIL PROTECTED] wrote:
I was
more worried about where and how to store the generated key to decrypt the
data on the other side.
That right there is the weak link in the chain no matter what you do.
Someone can hack the box and get that key, and at that point they
]
Sent: Monday, September 25, 2006 5:12 PM
To: CF-Talk
Subject: Re: best practices for encryption
Importance: High
On 9/25/06, Ray Champagne [EMAIL PROTECTED] wrote:
I was
more worried about where and how to store the generated key to decrypt
the
data on the other side.
That right
I recently had the same situation come up and ended up choosing the
security-by-obscurity approach. I generated a key as you did and
stored it in a file outside of the web root. I read the key as
needed and destroy it to keep it out of memory. I'd be interested in
how others handled
On 9/25/06, Rob Wilkerson [EMAIL PROTECTED] wrote:
I generated a key as you did and
stored it in a file outside of the web root. I read the key as
needed and destroy it to keep it out of memory.
I should mention that I only store stuff in Application.cfm when I am
not working with anything
Well, you can't use archive and deploy, as far as I know. I've been thinking
for some time of writing a version of archive and deploy for myself to use on
Standard installs, but honestly since my company has Ent. I've never been
sufficiently motivated to do it. Do you have the motivation to
Rob,
I'm installing Standard. Any advice on that?
Rey...
Robert Munn wrote:
Are you upgrading Pro or Enterprise? If you are upgrading Enterprise, you can
use the Archive and Deploy features as you suggested. I did it with a couple
of systems, one of which had six separate server instances
Good god don't do it in CF - you will kill it. This should all be done
inside SQL Server - DTS / SP type thing.
-Original Message-
From: C. Hatton Humphrey [mailto:[EMAIL PROTECTED]
Sent: 13 April 2005 16:42
To: CF-Talk
Subject: Best Practices - Large Data Load
I have a query that is
Yes, remove CF from the equation. Whats it doing in the middle that a
db to db connection wouldn't handle?
-Adam
On 4/13/05, C. Hatton Humphrey [EMAIL PROTECTED] wrote:
I have a query that is returning roughly 60,000 records from one
database that I need to insert into another database. Right
We have some interfaces here that take the same amount of records then just
flat out loop over it and insert them. Takes for ever to run. I have been
able to replace one so far with a dblink in Oracle so now I just run a
stored proc and it inserts the data when selected.
On 4/13/05, C. Hatton
Sometimes, in our situations at least, db to db connections are not allowed.
For instance one of ours that does this type of copying of data the other
side of the fense will only grant us ODBC access.
On 4/13/05, Adrocknaphobia [EMAIL PROTECTED] wrote:
Yes, remove CF from the equation.
Good god don't do it in CF - you will kill it. This should all be done
inside SQL Server - DTS / SP type thing.
This is something that has to be portable and web-launchable; I
haven't done much direct DB - DB interaction so I'll fiddle around
with the syntax and see how it works out.
Hatton
Okay, I got it rewritten into workable SQL; now I just have to change
it to a dynamic query so I can pass in database names to a stored
procedure;
The inital CF based method was taking something in the order of 30
minutes to chug through; the cross-db method took a total of 44
seconds on my dev
DTS and SP are Web launchable..
-Original Message-
From: C. Hatton Humphrey [mailto:[EMAIL PROTECTED]
Sent: 13 April 2005 17:06
To: CF-Talk
Subject: Re: Best Practices - Large Data Load
Good god don't do it in CF - you will kill it. This should all be done
inside SQL Server - DTS
Use DTS - you can pass in variables - and it will no doubt be faster than
using crappy dynamic SQL.
-Original Message-
From: C. Hatton Humphrey [mailto:[EMAIL PROTECTED]
Sent: 13 April 2005 17:10
To: CF-Talk
Subject: Re: Best Practices - Large Data Load
Okay, I got it rewritten
-Original Message-
From: C. Hatton Humphrey [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 13, 2005 12:06 PM
To: CF-Talk
Subject: Re: Best Practices - Large Data Load
Good god don't do it in CF - you will kill it. This should all be done
inside SQL Server - DTS / SP type
I second to motion to use DTS if possible (going from MS-to-MS tools it's a
no brainer, but it also supports some others). You can create a package,
accept variable inputs, define all aspects of the transfer and the bastard
is very FAST.
The situation is always going to be where both of the
If you have any money look at DT/Studio from Embarcadero.
-Original Message-
From: C. Hatton Humphrey [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 13, 2005 11:06 AM
To: CF-Talk
Subject: Re: Best Practices - Large Data Load
Good god don't do it in CF - you will kill
1 - 100 of 243 matches
Mail list logo
