Yes; http://cfformprotect.riaforge.org/ comes to mind.
mxAjax / CFAjax docs and other useful articles:
http://www.bifrost.com.au/blog/
2009/3/18 Dave Watts :
>
>> If putting a CAPTCHA on the page is enough of a
>> deterrent that a would-be attacker goes away, then it's
>> served its purpose.
>
> CAPTCHA is virtually never the right solution.
I wish I could favorite this to infinity.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Fig Leaf Software provides the highest caliber vendor-authorized
instruction at our training centers in Washington DC, Atlanta,
Chicago, Baltimor
> If putting a CAPTCHA on the page is enough of a
> deterrent that a would-be attacker goes away, then it's
> served its purpose.
But there are easier, more accessible and equally effective ways to do
the same thing.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Fig Leaf Software p
> So, do quad core processors just give you 4 times as
> much "room" to put users on a system as a single
> core? (I've started trying to find out what advantage
> quad core processors really have over very fast single
> core processors.
They can run more threads at the same time. "Cores" are es
A nonce is designed exactly for the case of validating a
form-to-action process: that's the whole point. Using CAPTCHA for
that works, because CAPTCHA is a form on nonce that requires the user
to "promote" the nonce into a state that can be passed to the action.
But the core functionality is stil
> CAPTCHA is virtually never the right solution. If
> a simple CAPTCHA is sufficient to protect your form,
> you're not securing something immensely valuable in
> an attacker's eye.
I'll respectfully disagree. You also made a great point for using it while
trying to break it down. If putting a
CAPTCHA is virtually never the right solution. If a simple CAPTCHA is
sufficient to protect your form, you're not securing something
immensely valuable in an attacker's eye. If simple CAPTCHA isn't
sufficient, then complex CAPTCHA will be broken as well, because
you've obviously got something va
So, do quad core processors just give you 4 times as much
"room" to put users on a system as a single core? (I've started
trying to find out what advantage quad core processors really
have over very fast single core processors. I would *really*
like to assign software to certain cores and make s
> How do I prevent someone from using their own form to submit
> to my action page and skipping my javascript function to make
> sure the data is well formatted?
If you want to make sure the input is well formed, you'll need to do that on
the server side. Do not rely on JavaScript code to do t
> Yeah, like anyone that offers hosting with a P4 server
> is less likely to pack it with users...sure...
They won't be any more likely to pack it with users, either. In both
cases, they would be inclined to support as many users as the hardware
can handle. That's the logical business decision. T
> Not entirely sure createObject for .NET or COM would
> be a security issue?
There are all sorts of system interfaces for COM and .NET. If
CFEXECUTE is a problem, so is this.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Fig Leaf Software provides the highest caliber vendor-author
What is the best way to verify that data coming into an action page is from
your form?
I have a form that uses javascript to make sure they filled out the form right.
Email, user name, password etc.
How do I prevent someone from using their own form to submit to my action page
and skipping
Yeah, like anyone that offers hosting with a P4 server
is less likely to pack it with users...sure...
> -Original Message-
> From: Dave Watts [mailto:dwa...@figleaf.com]
> Sent: Tuesday, March 17, 2009 4:45 PM
> To: cf-talk
> Subject: Re: Anybody have exerience with KickAssVPS.com?
>
>
>
> > If I am right, I should also be disabling createObject for .NET, COM,
> CORBA and Java, but are there any other functions I should disable?
>
> That should do it if you are just after security.
If this is a CF8 Box, you can have createObject() for Java enabled, just
remember to disable acc
> From what I understand about cfthread and the way it
> works, it can easily be misused and dramatically
> impact the server's performance.
CFQUERY can likewise be misused and can dramatically impact the
server's performance. You can't insulate one client from another
client's bad code within a
On Tue, Mar 17, 2009 at 1:13 PM, N K wrote:
>
> Hi All,
>
> It would be helpful if you all could give some advice/suggestions as I am
> planning to give my Adobe CF8 certification exam.Benforta Book for CF8
> certification exam is still not out.
> -study material would be required
>
http://www
> True...but I would tend to think, as a "general" rule, that
> anyone offering quad-core is offering more than
> someone offering P4.
I would tend to think that anyone offering quad-core will play this up
in their advertising for exactly this reason, regardless of the actual
fact of the matter.
Hi All,
It would be helpful if you all could give some advice/suggestions as I am
planning to give my Adobe CF8 certification exam.Benforta Book for CF8
certification exam is still not out.
-study material would be required
NK
~~
Is it because you are getting script tags, meta, etc?
You might try parsing it all out, removing the unnecessary tags first so you
are only dealing with elements and styles instead of the entire document?
Otherwise another way to do it is download FCKEditor stand alone and load it in
HTML mo
Hey all:
I need to evaluate some analytics packages for a client. Primary concern is
the ability to do "goal setting" and/or "funneling". They have a number of
multi-step processes on their site, and want to be able to track the points
at which people exit the process without finishing.
Google
You need a dollar sign at the end of the regular expression. Then it
should work.
cheers,
barneyb
On Tue, Mar 17, 2009 at 4:08 PM, Les Mizzell wrote:
>
> Need a little hlep on a IIS URL Rewrite Rule:
>
> I've got the files:
>
> 1. RSVP/index.cfm - currently contains a jump menu that goes to:
>
Need a little hlep on a IIS URL Rewrite Rule:
I've got the files:
1. RSVP/index.cfm - currently contains a jump menu that goes to:
2. RSVP/rsvp_form.cfm?eventcode=#evntCODE#
Clinet requested an IIS URL rewrite to go directly to the for in the
format RSVP/#evntCODE#
So, the rule that works is:
Here you go:
SELECT * FROM inbox where uid = '#tmail.uid#'
INSERT INTO inbox
(
uid,
messageID,
from_name,
to_name,
cc_name,
subject,
body,
textbody,
htmlbody,
at
Thanks everyone!
I remember having problems with some database with INSERT INTO. Access maybe?
I can't remember.
I will check out the CF8 result structure... I did not know is existed!
Thanks!
> -Original Message-
> From: Azadi Saryev [mailto:az...@sabai-dee.com]
> Sent: Tuesday, Ma
Jochem, thanks for the in-depth answers. In reply:
In retrospect, there's really no reason to disable the cfldap and cfexchange
functions I guess.
>From what I understand about cfthread and the way it works, it can easily be
>misused and dramatically impact the server's performance. If others
InnoDB are the only transactional tables in MySQL, but CF doesn't know
about the backing table, and the latter is what we care about. In
order for transactions to work correctly, the client has to ensure
that all queries within the transaction execute on a single DB
connection, and that no other
@ Barney:
you CAN run multiple queries in one tag as long as you db
supports it.
by default, mysql db does not, but one can easily change that using
mysql admin or another mysql db administration tool...
Azadi Saryev
Sabai-dee.com
http://www.sabai-dee.com/
Barney Boisvert wrote:
> It doesn't
If your on CF8 there are inbuilt features to take advantage of see
here: http://tutorial9.learncf.com/
Paul.
On Tue, Mar 17, 2009 at 1:42 PM, Chad Gray wrote:
>
> I am trying to use the MySQL function LAST_INSERT_ID() in a CFquery tag and
> get this error.
>
> Error Executing Database Query.
well...
first, the proper syntax for an INSERT query starts with INSERT INTO,
not just INSERT ...
second, by default, multiple statements are NOT supported in mysql db -
do you have multiple statements enabled for this dsn in mysql?
third: cf8 has a cfquery attribute RESULT, which, when utilise
You actually *can* run multiple statements in a cfquery if you change a
setting in the datasource. By default MySQL does not let you, this is a
security precaution to protect against SQL injection. This may help:
http://www.petefreitag.com/item/357.cfm
Also note that you can only use CFTRANS
It doesn't work because you can't run multiple statements in a single
query. If you use two CFQUERY tags (wrapped in a CFTRANSACTION to
ensure connection affinity) it'll work fine. MySQL Front is splitting
the single query into two distinct queries on the semicolon, sending
each to the server in
I am trying to use the MySQL function LAST_INSERT_ID() in a CFquery tag and get
this error.
Error Executing Database Query.
You have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near '; SELECT
LAST_INSERT_ID() AS UserI
Dave Watts wrote:
>> Yes, a "slice" is not exactly "scientific", but assuming
>> the slices are of equal size...P4 or Quad?
>
> My point is that you have absolutely no reason to assume that. Anybody
> allocating virtualized server resources is going to tend toward
> maximum allocation of those re
True...but I would tend to think, as a "general" rule, that
anyone offering quad-core is offering more than someone offering P4.
Again, *general* rule...not absolute. For certainty, details would
have to be know about configurations of both.
> -Original Message-
> From: Dave Watts [mailt
On Tue, Mar 17, 2009 at 4:30 PM, TJ Downes wrote:
> I've read through the docs on inxstalling CF and noted that the only things
> they've encouraged are disabling RDS and JSP for shared hosting. Ive also
> disable cfobject, cfschedule, cfldap, cfregistry, cfthread, cfexecute and all
> the cfexc
Mercy...16 cores in a server.
Question...ot..but...
If I build a workstation (I'm tired of slow processing
on my years-old P4) with a quad core processor, can I assign
certain apps to run on only a certain core and restrict other
programs from using that core? Or do I have to let Windows
(will
> Yes, a "slice" is not exactly "scientific", but assuming
> the slices are of equal size...P4 or Quad?
My point is that you have absolutely no reason to assume that. Anybody
allocating virtualized server resources is going to tend toward
maximum allocation of those resources.
Dave Watts, CTO, F
As Brad notes, messageid is your best bet for uniqueness ... messagenumber is a
query column, too, but it changes per request (recalculated based on what's in
the folder on the server). If you need a unique value in the DB, I would go
with messageid rather than subject, but it sounds like you'
Have you read the docs?
http://www.cfquickdocs.com/cf8/#cfpop
The cfpop tag returns you a regular old result set that you can loop over
just like a result set and access each column to do whatever you want with
it.
All the column names in the query you get back are documented on livedocs.
cfd
cfpop returns a query object which can be looped through to get each email,
which is contained within a single row. Do a test on the email and look at
body, textbody, and htmlbody to see which you want. Once you know what you
want to send to the DB, just loop over the query and run a cfquery to in
Hi
I have had look via google and found no answers, has anybody ever needed to
read the contents of an email and enter them into a database.
The subject line will contain a unique identifier and emails will be fired into
a single account.
I need to get the body contents and enter them into a
On Tuesday 17 Mar 2009, Justin Scott wrote:
> You mean like your sig? ;) I think you win the award for lowest "message
> to signature" ratio I've ever seen. I realize it may be an imposed thing
> by your company, but, wow!
Oh, I know, and it is imposed.
Soon (soon !) they might let SSH out fro
On Thursday 12 Mar 2009, Philip Kaplan wrote:
> the process check every couple of minutes, right? That way if there's an
Beware the amount of (network) I/O this may generate.
--
Tom Chiverton
Helping to professionally establish 24/7 B2C principle-centered CEOs
as part of the IT team of the year
> Beware the amount of (network) I/O this may generate.
You mean like your sig? ;) I think you win the award for lowest "message
to signature" ratio I've ever seen. I realize it may be an imposed thing by
your company, but, wow!
-Justin
~
You're better off on multicore systems. If the VMs are set up
properly, you aren't bound to a given core, so there's more chance
that there's a core free for your slice when it's your time.
As an example, our main VM servers are quad CPU quad core systems
(i.e. 16 cores in each box).
mxAjax / CF
Thanks James. So my original thought to sandbox each site is correct it seems.
Are there any existing scripts out there that assist with this function? I
don't mind building my own, but why reinvent the wheel if it exists?
~|
Sandboxing is a must if you want any kind of security for your
customers. The Admin API lets you create all the sandbox rules
programatically.
mxAjax / CFAjax docs and other useful articles:
http://www.bifrost.com.au/blog/
2009/3/18 TJ Downes :
>
> I would appreciate advice from anyone who has e
I would appreciate advice from anyone who has experience with this topic in a
production shared host environment.
I've read through the docs on inxstalling CF and noted that the only things
they've encouraged are disabling RDS and JSP for shared hosting. Ive also
disable cfobject, cfschedule,
Yes, a "slice" is not exactly "scientific", but assuming
the slices are of equal size...P4 or Quad?
> -Original Message-
> From: Dave Watts [mailto:dwa...@figleaf.com]
> Sent: Monday, March 16, 2009 11:40 PM
> To: cf-talk
> Subject: Re: Anybody have exerience with KickAssVPS.com?
>
>
>
I want to load a html page into my editor exmaple below but it just will not
work, anyone have any better ideas?
What I need is a system where the file can be edited and update saved
http://www.mydomain.co.uk/afile.html";>
#content#
many thanks :)
~
>Put in your page.
>
>Adrian
Works! This is a great forum for folks like me. Your help is really
appreciated.
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://
try putting at the top of your page.
that will set the request timeout to 600 seconds.
alternatively, consider breaking your routine into several different
pages pages... or running it a scheduled task... or using if
you are on cf8...
Azadi Saryev
Sabai-dee.com
http://www.sabai-dee.com/
Ron
Put in your page.
Adrian
> -Original Message-
> From: Ron Gruner [mailto:webmas...@gruner.com]
> Sent: 17 March 2009 10:50
> To: cf-talk
> Subject: Time-our on compute intensice page
>
>
> I'm executing a compute-intensive page that has 500 iterations which
> generates an "exceeded al
I'm executing a compute-intensive page that has 500 iterations which generates
an "exceeded allowable time limit" error after 30 seconds or so. The page
needs to run 500 seconds to finish. I tried executing one iteration and then
having the page call itself using but that errors out after 10
54 matches
Mail list logo