Re: Sudden error with CFHTTP and SSL
If they have disable the older SSL protocols here are two blog posts I did on how to handle that with CFHTTP and your Java version. Java Version http://www.trunkful.com/index.cfm/2014/11/24/ColdFusion-JVM-SSL-CA-CERTS-and-POODLE CFHTTP and JVM switches http://www.trunkful.com/index.cfm/2014/12/8/Preventing-SSLv3-Fallback-in-ColdFusion If they have disabled TLSv1.0 then we could have bigger troubles. Regards, Wil Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Apr 1, 2015, at 5:41 PM, Russ Michaels r...@michaels.me.uk wrote: I suspect they disabled various ssl protocols due to poodle, you should ask them. The default response ro poodle was to disable everything except latest tls version, which is not supported out of the box by the jvm that ships with cf9. On Mon, Mar 30, 2015 at 18:33 PM, wrote: Hi, I have an application under CF 9 with a paiment module using Paypal. At the end of the process, Paypal acknowledges the paiement and my app calls a Paypal page to validate the whole operation. This is done with a CFHTTP call This application has been working fine for years with no modification, bur all of a sudden starting March 23rd, I get this error: I/O Exception: peer not authenticated It appears to be an error with the SSL certificate, but how come ? The Paypal site is verified by Verisign. What ca I do? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360347 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: 500 error/Permission issue with IIS 7
Questions: Did you create a connector to IIS with WSConfig tool? Do you have a Jakarta Alias in the IIS site? Those are the two most common issues for this type of error. If your wsconfig was used to configure all sites and then later a new site was added the number one this is people forgetting that the connector needs to be added to the new site via the Jakarta alias. Regards, Wil Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Mar 27, 2015, at 12:52 PM, Gerald Guido gerald.gu...@gmail.com wrote: I have been down the rabbit hole with this all day and have not been able to figure this out. I have been all over The Google with no love. We followed the CF 11 lockdown guide and got everything working fine for 2 domains/applications. We went to set up a third domain that uses subdirectories as the root directory for seperate applications and we get a 500 error (details below) when we hit a subdirectory like so: http://www.mydomain.com/somedir/ But if I add index.cfm to the URL like below everything works fine. http://www.mydomain.com/somedir/index.cfm And, yes, the default document is set to index.cfm and the permissions for all the sub directories are identical to the domains what work (as per the lockdown guide). IIS error details Module IsapiModule Notification ExecuteRequestHandler Handler cfmHandler Error Code 0x80004005 Anyone have an idea how to remedy this situation? As always, many TIA, G! *Gerald Anthony Guido* Nullius in verba http://en.wikipedia.org/wiki/Nullius_in_verba -- Horace learn.geraldguido.com Twitter https://twitter.com/CozmoTrouble Facebook https://www.facebook.com/gerald.guido.9 ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360317 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: ColdFusion 9 on Java 8
Unless I missed it, Adobe has not certified ColdFusion 9.0.x on Java 8. Remember this as I continue Also, Adobe ColdFusion 9.x.x reached End Of Life back on December 31st, 2014. http://www.trunkful.com/index.cfm/2014/11/24/ColdFusion-9-Reaches-End-Of-Life-Long-Live-ColdFusion Remember this too Now, that I got those two items out of the way I will say that while researching and testing ColdFusion potential POODLE issues via CFHTTP I did happen to successfully attempt to run ColdFusion 9.0.2 fully patched on Java 1.8. (This blog post BTW: http://www.trunkful.com/index.cfm/2014/12/8/Preventing-SSLv3-Fallback-in-ColdFusion - The note at the bottom) There were no errors or warnings. I was able to run some code. I by no means tried to test all the functionality because I had a different goal to achieve when I was doing my research. So it could very well be possible. However I do have another concern. The company/agency youre working for is requiring Java to be up to date, but not ColdFusion? I would embrace the Java 8 upgrade and say then we need to buy ColdFusion 11 and make the migration. (IMHO) Regards, Wil Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Mar 12, 2015, at 9:37 AM, Scott Stewart webmas...@sstwebworks.com wrote: This is googleable uhmmm.. thanks Captain Obvious, here's your cape :P From what I was able to dig up ColdFusion 9 is a no go with Java 8. There are hotfixes available for 10 and 11... of course there's always Railo/Lucee .. On Thu, Mar 12, 2015 at 10:16 AM, Eric Roberts ow...@threeravensconsulting.com wrote: This is googleable...i was just looking for a similar solution with 10...you ar going to have to move several files from the sdk jre directory...one is tools.jar and msvcr1000.dll (I think)...you also have to change the java home setting in cfadmin to the jre directory in the sdk as well. Charlie Airheart has a page that describes pretty much everything you need to know. I don;t have the link handy, but I am sure you can easily find it via google. Eric On Thu, Mar 12, 2015 at 8:07 AM, Scott Stewart webmas...@sstwebworks.com wrote: Oracle is EOL'ing Java 7 in February. The agency that I work for is going to require upgrades to Java 8. Does anyone know definitively whether or not ColdFusion 9 will work on Java 8. We are in deep poop if it doesn't. Thanks sas -- -- Scott Stewart Adobe Certified Instructor, ColdFusion 8 9 Adobe Certified Expert, ColdFusion 8 9 Blog: http://www.sstwebworks.com Email: webmas...@sstwebworks.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360249 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: ColdFusion 9 on Java 8
So is this still a Windows 2003 server too? :D Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Mar 12, 2015, at 9:59 AM, Scott Stewart webmas...@sstwebworks.com wrote: Wil, that's what I'm pushing for. The powers that be having been dragging their feet on upgrading. This may be just the thing to push them over. On Thu, Mar 12, 2015 at 10:48 AM, Wil Genovese jugg...@trunkful.com wrote: Unless I missed it, Adobe has not certified ColdFusion 9.0.x on Java 8. â Remember this as I continue Also, Adobe ColdFusion 9.x.x reached End Of Life back on December 31st, 2014. http://www.trunkful.com/index.cfm/2014/11/24/ColdFusion-9-Reaches-End-Of-Life-Long-Live-ColdFusion â Remember this too Now, that I got those two items out of the way I will say that while researching and testing ColdFusion potential POODLE issues via CFHTTP I did happen to successfully attempt to run ColdFusion 9.0.2 fully patched on Java 1.8. (This blog post BTW: http://www.trunkful.com/index.cfm/2014/12/8/Preventing-SSLv3-Fallback-in-ColdFusion - The note at the bottom) There were no errors or warnings. I was able to run some code. I by no means tried to test all the functionality because I had a different goal to achieve when I was doing my research. So it could very well be possible. However I do have another concern. The company/agency youâre working for is requiring Java to be up to date, but not ColdFusion? I would embrace the Java 8 upgrade and say then we need to buy ColdFusion 11 and make the migration. (IMHO) Regards, Wil Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Mar 12, 2015, at 9:37 AM, Scott Stewart webmas...@sstwebworks.com wrote: This is googleable uhmmm.. thanks Captain Obvious, here's your cape :P From what I was able to dig up ColdFusion 9 is a no go with Java 8. There are hotfixes available for 10 and 11... of course there's always Railo/Lucee .. On Thu, Mar 12, 2015 at 10:16 AM, Eric Roberts ow...@threeravensconsulting.com wrote: This is googleable...i was just looking for a similar solution with 10...you ar going to have to move several files from the sdk jre directory...one is tools.jar and msvcr1000.dll (I think)...you also have to change the java home setting in cfadmin to the jre directory in the sdk as well. Charlie Airheart has a page that describes pretty much everything you need to know. I don;t have the link handy, but I am sure you can easily find it via google. Eric On Thu, Mar 12, 2015 at 8:07 AM, Scott Stewart webmas...@sstwebworks.com wrote: Oracle is EOL'ing Java 7 in February. The agency that I work for is going to require upgrades to Java 8. Does anyone know definitively whether or not ColdFusion 9 will work on Java 8. We are in deep poop if it doesn't. Thanks sas -- -- Scott Stewart Adobe Certified Instructor, ColdFusion 8 9 Adobe Certified Expert, ColdFusion 8 9 Blog: http://www.sstwebworks.com Email: webmas...@sstwebworks.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360251 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: ACF10 and IIS8
Configure the ColdFusion internal web server on port 8500 and then you have access to the CFAdmin without IIS. http://www.carehart.org/blog/client/index.cfm/2012/7/23/the-builtin-web-server-in-coldfusion-10-enabling-it-configuring-it-reconsidering-it Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Feb 26, 2015, at 1:59 PM, John M Bliss bliss.j...@gmail.com wrote: So I'm looking at this: http://blogs.coldfusion.com/post.cfm/cautions-for-configuring-cf-10-with-iis-8-on-windows-2012-server ...and I'm here: 4) If all the above steps have been followed and if you are still getting the error, please verify that update 8 is installed properly by checking the log file under \cfusion\hf-updates\hf-10- 8\Adobe_ColdFusion_10_Update_8*.log The problem is that I can't figure out how to install update 8 without first having the IIS connector setup so that I can use the CFAdmin. Is there a way to install update 8 without logging in to the CFAdmin? -- John Bliss - http://www.linkedin.com/in/jbliss ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360171 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF11 Migration Tool?
Sounds like the Code Analyzer in the CF Admin. Wil Genovese One man with courage makes a majority. -Andrew Jackson A fine is a tax for doing wrong. A tax is a fine for doing well. On Feb 23, 2015, at 1:33 PM, Robert Glover sled...@gmail.com wrote: I was told that there's a Migration Tool for CF11... it supposedly scans your code and tells you of any incompatibilities with CF11. I had never heard of it; if it exists, how do you run it? I've googled for it and nothing comes up at all. Thanks! Rob ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360149 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF Builder 3
Scott, You are sadly misinformed. Nick Bradbury created Homesite and then sold it to Allaire. Later Nick also created Top Style as a stand alone CSS Editor. Homesite was originally developed in Borland Delphi in 1995 by Nick Bradbury. Bradbury wrote HomeSite after using HotDogand being frustrated with it. In March 1997 Allaire Corporation from Cambridge, Massachusetts (founded by brothers Jeremy and J.J. Allaire) acquired HomeSite and Nick Bradbury joined Allaire. After leaving Allaire in 1998, Bradbury went on to work on the CSS/xHTML editor TopStyle and the RSS reader FeedDemon. Macromedia acquired Allaire in 2001 and was in turn acquired by Adobe in 2005. Even Wikipedia has it right http://en.wikipedia.org/wiki/Macromedia_HomeSite Wil Genovese One man with courage makes a majority. -Andrew Jackson A fine is a tax for doing wrong. A tax is a fine for doing well. On Jan 14, 2015, at 6:18 PM, Andrew Scott andr...@andyscott.id.au wrote: And it was called Top Style before Allaire bought it and rebranded it as Homesite Studio in 1996. Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/113032480415921517411 On Thu, Jan 15, 2015 at 11:16 AM, Andrew Scott andr...@andyscott.id.au wrote: Sorry that should be 1996 not 1995 Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/113032480415921517411 On Thu, Jan 15, 2015 at 11:14 AM, Andrew Scott andr...@andyscott.id.au wrote: I don't know about pre dating it, I have been using Studio since 1995, when Allaire purchased it. They then decided to release Homesite and then Homesite+ The only difference between the two, was that Studio had far more features. When Studio was discontinued, they then decided to release homesite+ I still have the Homesite Studio Disc with the copyright of 1994 on it. Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/113032480415921517411 On Thu, Jan 15, 2015 at 4:51 AM, Dave Watts dwa...@figleaf.com wrote: I can never understand why Homesite was so popular, it's bigger brother was the better of the two. Which was Studio. My memory here is a little hazy, as I haven't used either one for a long time, but I recall it being a little more complicated than that. As Wil mentioned, Homesite predated CF Studio. Allaire purchased it and kept Nick on to make future versions. The next version was CF Studio, which was basically Homesite with RDS functionality and CF-specific code generators and wizards. But after a while, the product was renamed Homesite+, and still had the RDS functionality and CF-specific stuff. So for me at least, I think of all three as Homesite, because they're all basically the same thing. Homesite+ was the final version released by Macromedia, and I think it was still supported for a while after the Adobe acquisition. https://www.adobe.com/support/homesite/releasenotes/plus/releasenotes_plus.html Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Service-Disabled Veteran-Owned Small Business (SDVOSB) on GSA Schedule, and provides the highest caliber vendor- authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359954 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF Builder 3
I guess we could just ask Nick http://en.wikipedia.org/wiki/Nick_Bradbury Who knew he had his own Wikipedia page? Wil Genovese On Jan 14, 2015, at 8:52 PM, Andrew Scott andr...@andyscott.id.au wrote: Because Homesite and Studio where to be its replacement and when Nick wasn't happy with Macromedia he left and continued development on Topstyle. Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/113032480415921517411 On Thu, Jan 15, 2015 at 1:46 PM, M.A. Kruger mkru...@cfwebtools.com wrote: Andrew, I seem to remember that topstyle shipped with cf studio and with homesite. how could homesite be a later version of topstyle? Sent from my iPhone On Jan 14, 2015, at 7:16 PM, Andrew Scott andr...@andyscott.id.au wrote: And for fuck sake my name is not Scott, but then if you can get that wrong you can get your facts wrong about Studio as well. Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/113032480415921517411 On Thu, Jan 15, 2015 at 12:15 PM, Andrew Scott andr...@andyscott.id.au wrote: Wil, I am not sadly misinformed at all. Nick Bradley created a product called Top Style, which I used extensively in those days. Allaire then purchased that program from Nick and rebadged it as Homesite, Homesite Studio was the first version which followed by the free version called Homesite. Studio did things that Homesite could not do. Studio was then let go in favor of making Homesite more powerful, hence HomeSite+, problem was that the best features of Studio where lost forever. So how is that misinformed? Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/113032480415921517411 On Thu, Jan 15, 2015 at 11:24 AM, Wil Genovese jugg...@trunkful.com wrote: Scott, You are sadly misinformed. Nick Bradbury created Homesite and then sold it to Allaire. Later Nick also created Top Style as a stand alone CSS Editor. Homesite was originally developed in Borland Delphi in 1995 by Nick Bradbury. Bradbury wrote HomeSite after using HotDogand being frustrated with it. In March 1997 Allaire Corporation from Cambridge, Massachusetts (founded by brothers Jeremy and J.J. Allaire) acquired HomeSite and Nick Bradbury joined Allaire. After leaving Allaire in 1998, Bradbury went on to work on the CSS/xHTML editor TopStyle and the RSS reader FeedDemon. Macromedia acquired Allaire in 2001 and was in turn acquired by Adobe in 2005. Even Wikipedia has it right http://en.wikipedia.org/wiki/Macromedia_HomeSite Wil Genovese One man with courage makes a majority. -Andrew Jackson A fine is a tax for doing wrong. A tax is a fine for doing well. On Jan 14, 2015, at 6:18 PM, Andrew Scott andr...@andyscott.id.au wrote: And it was called Top Style before Allaire bought it and rebranded it as Homesite Studio in 1996. Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/113032480415921517411 On Thu, Jan 15, 2015 at 11:16 AM, Andrew Scott andr...@andyscott.id.au wrote: Sorry that should be 1996 not 1995 Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/113032480415921517411 On Thu, Jan 15, 2015 at 11:14 AM, Andrew Scott andr...@andyscott.id.au wrote: I don't know about pre dating it, I have been using Studio since 1995, when Allaire purchased it. They then decided to release Homesite and then Homesite+ The only difference between the two, was that Studio had far more features. When Studio was discontinued, they then decided to release homesite+ I still have the Homesite Studio Disc with the copyright of 1994 on it. Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/113032480415921517411 On Thu, Jan 15, 2015 at 4:51 AM, Dave Watts dwa...@figleaf.com wrote: I can never understand why Homesite was so popular, it's bigger brother was the better of the two. Which was Studio. My memory here is a little hazy, as I haven't used either one for a long time, but I recall it being a little more complicated than that. As Wil mentioned, Homesite predated CF Studio. Allaire purchased it and kept Nick on to make future versions. The next version was CF Studio, which was basically Homesite with RDS functionality and CF-specific code generators and wizards. But after a while, the product was renamed Homesite+, and still had the RDS functionality and CF-specific stuff. So for me at least, I think of all three as Homesite, because they're all basically the same thing. Homesite+ was the final version released by Macromedia, and I think it was still supported for a while after the Adobe acquisition. https://www.adobe.com/support/homesite/releasenotes/plus/releasenotes_plus.html Dave Watts
Re: CF Builder 3
Starting way back in 1996 Homesite was the popular HTML editor BEFORE Allaire bought it from Nick Bradbury. It was in heavy competition with HotDog HTML Editor. Allaire made a deal with Nick and brought Homesite and him to Allaire. Then they made the CFStudio variant of Homesite. So Homesite had a huge following before Studio even existed. /Historylesson Wil Genovese One man with courage makes a majority. -Andrew Jackson A fine is a tax for doing wrong. A tax is a fine for doing well. On Jan 14, 2015, at 8:38 AM, Russ Michaels r...@michaels.me.uk wrote: because it was FREE and used to come on CD with Dreamweaver and CF I believe On Wed, Jan 14, 2015 at 4:11 AM, Andrew Scott andr...@andyscott.id.au wrote: I can never understand why Homesite was so popular, it's bigger brother was the better of the two. Which was Studio. But as it is old and ancient and not being updated any more, feel free to use 20 year old software. Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/113032480415921517411 On Wed, Jan 14, 2015 at 10:45 AM, Rob Voyle robvo...@voyle.com wrote: Hi Aaron After much frustration I found that you need to select wrap search in the options box for the find to work. Still prefer homesite for project wide find and replace when upgrading an entire site. Rob Robert J. Voyle, Psy.D. Director, Clergy Leadership Institute For Coaching and Training in Appreciative Inquiry Author: Restoring Hope: Appreciative Strategies to Resolve Grief and Resentment http://www.appreciativeway.com/ 503-647-2378 or 503-647-2382 On 13 Jan 2015 at 15:21, Aaron Rouse wrote: I have had horrible luck with the CFBuilder Find. Just as one short example, last quarter I was asked to find some emails in a big project that the support person no longer was available for. My workstation at home has CFBuilder on it and it could not find one CFMail tag(or just the text cfmail) in there. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359949 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF Builder 3
ColdFusion Builder 3 is an IDE based on Eclipse. You can install as standalone or as a plugin for an existing Eclipse setup. - oh and desktop NOT the server. Regards, Wil Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Jan 6, 2015, at 12:18 PM, Steve LaBadie slaba...@po-box.esu.edu wrote: We just purchased CF 11 and we also received a license for Builder 3. I don't know anything about the product and wanted to know if it something that should be installed. Does it get installed on the server or desktop? Steve LaBadie, Web Manager East Stroudsburg University 570-422-3999 slaba...@esu.edumailto:slaba...@esu.edu [facebook-16x16]http://www.facebook.com/eaststroudsburguniversity [twitter-16x16] http://twitter.com/esuniversity [youtube-16x16] http://www.youtube.com/user/esuedu ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359910 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Work Around for SSLv3 Vulnerability?
Well you question was one of the reasons I did the research. We had several clients at CF Webtools and a few at other hosting companies that needed to know for sure how CFHTTP and SSL was working. Regards, Wil Sent from a hand held device that autocorrects my typos in a mist humorous fashion. ð On Dec 13, 2014, at 6:06 PM, Michael Grant mgr...@modus.bz wrote: Wow I could've used this four weeks ago! Haha. Good article. On Monday, December 8, 2014, Wil Genovese jugg...@trunkful.com wrote: I just published blog posts today on how to prevent ColdFusion from falling back to SSLv3 with CFHTTP. http://www.trunkful.com/index.cfm/2014/12/8/Preventing-SSLv3-Fallback-in-ColdFusion http://www.coldfusionmuse.com/index.cfm/2014/12/8/colfusion-jvm-versions-sslv3-tls Enjoy! Wil Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com javascript:; www.trunkful.com On Nov 19, 2014, at 6:49 PM, Russ Michaels r...@michaels.me.uk javascript:; wrote: were on CF9 On Thu, Nov 20, 2014 at 12:16 AM, Wil Genovese jugg...@trunkful.com javascript:; wrote: This is the Adobe bug report about Solr breaking with Java 1.7.0_51 and higher when sandboxes are enabled. This was just fixed in Update 14 for CF10. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com javascript:; www.trunkful.com On Nov 19, 2014, at 4:28 PM, Russ Michaels r...@michaels.me.uk javascript:; wrote: no I haven't seen it, I even emailed Adobe about it directly and got no reply On Wed, Nov 19, 2014 at 9:49 PM, Michael Grant mgr...@modus.bz javascript:; wrote: I appreciate your feedback Russ. Thank you. From what I've read there does seem to be a fix to the broken SOLR collections. Have you seen this? On Wed, Nov 19, 2014 at 10:20 AM, Russ Michaels r...@michaels.me.uk javascript:; wrote: if you are on a shared server then it would be an issue for others who are using SOLR, which would then require the host to roll back to 1.6, which would then cause your problem again. Judging by the fact that you said you had to convince them to do this, I assume it is a shared server, otherwise you would have been free to do it yourself had it been your own server. Thus why I am suggesting you check this rather than just dismiss it because it doesn't affect you, as when on a shared server you have to consider everyone. On Wed, Nov 19, 2014 at 12:24 AM, Michael Grant mgr...@modus.bz javascript:; wrote: Hi Russ, I don't use SOLR so this isn't an issue for my use case. On Tue, Nov 18, 2014 at 11:57 AM, Russ Michaels r...@michaels.me.uk javascript:; wrote: did you check if SOLR still works after the upgrade ? On Tue, Nov 18, 2014 at 3:00 PM, Michael Grant mgr...@modus.bz javascript:; wrote: I finally have an update here. After much back and forth and having to REALLY make a case for why I was able to convince Newtek to update their CF servers to run Java 1.7 instead of 1.6. This had an immediate positive result and the SSL handshake was able to proceed properly with TLS. Thanks to all that helped. Mike On Sat, Nov 1, 2014 at 3:42 PM, Michael Grant mgr...@modus.bz javascript:; wrote: Just a heads up to everyone, I'm still waiting to hear back from Newtek about whether they've reimported the certs and CA cert again. Once I have some news I'll post back. Thanks again everyone for your guidance. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359842 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Work Around for SSLv3 Vulnerability?
I just published blog posts today on how to prevent ColdFusion from falling back to SSLv3 with CFHTTP. http://www.trunkful.com/index.cfm/2014/12/8/Preventing-SSLv3-Fallback-in-ColdFusion http://www.coldfusionmuse.com/index.cfm/2014/12/8/colfusion-jvm-versions-sslv3-tls Enjoy! Wil Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Nov 19, 2014, at 6:49 PM, Russ Michaels r...@michaels.me.uk wrote: were on CF9 On Thu, Nov 20, 2014 at 12:16 AM, Wil Genovese jugg...@trunkful.com wrote: This is the Adobe bug report about Solr breaking with Java 1.7.0_51 and higher when sandboxes are enabled. This was just fixed in Update 14 for CF10. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Nov 19, 2014, at 4:28 PM, Russ Michaels r...@michaels.me.uk wrote: no I haven't seen it, I even emailed Adobe about it directly and got no reply On Wed, Nov 19, 2014 at 9:49 PM, Michael Grant mgr...@modus.bz wrote: I appreciate your feedback Russ. Thank you. From what I've read there does seem to be a fix to the broken SOLR collections. Have you seen this? On Wed, Nov 19, 2014 at 10:20 AM, Russ Michaels r...@michaels.me.uk wrote: if you are on a shared server then it would be an issue for others who are using SOLR, which would then require the host to roll back to 1.6, which would then cause your problem again. Judging by the fact that you said you had to convince them to do this, I assume it is a shared server, otherwise you would have been free to do it yourself had it been your own server. Thus why I am suggesting you check this rather than just dismiss it because it doesn't affect you, as when on a shared server you have to consider everyone. On Wed, Nov 19, 2014 at 12:24 AM, Michael Grant mgr...@modus.bz wrote: Hi Russ, I don't use SOLR so this isn't an issue for my use case. On Tue, Nov 18, 2014 at 11:57 AM, Russ Michaels r...@michaels.me.uk wrote: did you check if SOLR still works after the upgrade ? On Tue, Nov 18, 2014 at 3:00 PM, Michael Grant mgr...@modus.bz wrote: I finally have an update here. After much back and forth and having to REALLY make a case for why I was able to convince Newtek to update their CF servers to run Java 1.7 instead of 1.6. This had an immediate positive result and the SSL handshake was able to proceed properly with TLS. Thanks to all that helped. Mike On Sat, Nov 1, 2014 at 3:42 PM, Michael Grant mgr...@modus.bz wrote: Just a heads up to everyone, I'm still waiting to hear back from Newtek about whether they've reimported the certs and CA cert again. Once I have some news I'll post back. Thanks again everyone for your guidance. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359773 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: need a host
I should really get to know these KickAssVPS people. They are located less than 2 miles from my house here in St. Paul, MN. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Nov 21, 2014, at 2:57 PM, Rick Eidson cfh...@kchost.net wrote: They have CF11. Rick -Original Message- From: Rob Voyle [mailto:robvo...@voyle.com] Sent: Friday, November 21, 2014 2:43 PM To: cf-talk Subject: Re: need a host Hi Folks I would affirm kickAssVps, I was with them for several years and got great responsive service. However for business reasons, which I totally understand, they are not upgrading to CF11. I moved to www.viviotech.net/ and because I am not all that literate in the server and condfusion administration arena purchased the extended support and I couldn't be happier, the crew their have been really great. Rob Robert J. Voyle, Psy.D. Director, Clergy Leadership Institute For Coaching and Training in Appreciative Inquiry Author: Restoring Hope: Appreciative Strategies to Resolve Grief and Resentment http://www.appreciativeway.com/ 503-647-2378 or 503-647-2382 ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359697 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Work Around for SSLv3 Vulnerability?
This is the Adobe bug report about Solr breaking with Java 1.7.0_51 and higher when sandboxes are enabled. This was just fixed in Update 14 for CF10. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Nov 19, 2014, at 4:28 PM, Russ Michaels r...@michaels.me.uk wrote: no I haven't seen it, I even emailed Adobe about it directly and got no reply On Wed, Nov 19, 2014 at 9:49 PM, Michael Grant mgr...@modus.bz wrote: I appreciate your feedback Russ. Thank you. From what I've read there does seem to be a fix to the broken SOLR collections. Have you seen this? On Wed, Nov 19, 2014 at 10:20 AM, Russ Michaels r...@michaels.me.uk wrote: if you are on a shared server then it would be an issue for others who are using SOLR, which would then require the host to roll back to 1.6, which would then cause your problem again. Judging by the fact that you said you had to convince them to do this, I assume it is a shared server, otherwise you would have been free to do it yourself had it been your own server. Thus why I am suggesting you check this rather than just dismiss it because it doesn't affect you, as when on a shared server you have to consider everyone. On Wed, Nov 19, 2014 at 12:24 AM, Michael Grant mgr...@modus.bz wrote: Hi Russ, I don't use SOLR so this isn't an issue for my use case. On Tue, Nov 18, 2014 at 11:57 AM, Russ Michaels r...@michaels.me.uk wrote: did you check if SOLR still works after the upgrade ? On Tue, Nov 18, 2014 at 3:00 PM, Michael Grant mgr...@modus.bz wrote: I finally have an update here. After much back and forth and having to REALLY make a case for why I was able to convince Newtek to update their CF servers to run Java 1.7 instead of 1.6. This had an immediate positive result and the SSL handshake was able to proceed properly with TLS. Thanks to all that helped. Mike On Sat, Nov 1, 2014 at 3:42 PM, Michael Grant mgr...@modus.bz wrote: Just a heads up to everyone, I'm still waiting to hear back from Newtek about whether they've reimported the certs and CA cert again. Once I have some news I'll post back. Thanks again everyone for your guidance. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359682 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF9.02 administrator hack
Tom, Stop and go back to the CF Admin and check the setting for Missing Template Handler. Make sure its blank or is actually pointing to a valid missing template handler page that you setup. This blog post is why I mention that. http://www.coldfusionmuse.com/index.cfm/2013/12/5/attack.vector.missing.template.handler Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Nov 12, 2014, at 3:12 PM, Tom McNeer tmcn...@gmail.com wrote: One more followup: whatever this is, it isn't related to CF. I jumped to the wrong conclusion. The problem reappeared when I was in the CF admin page, long after I'd logged on. But then I opened another browser and purposely asked for a local page that didn't exist. The IIS error page contained ads. Again, this doesn't make me feel a whole lot better. But folks should know that this is not a new CF attack. On Wed, Nov 12, 2014 at 3:56 PM, Tom McNeer tmcn...@gmail.com wrote: I appreciate all the suggestions - and I especially appreciate when you step in, Dave. Certainly, I'm considering a clean installation. But as a followup: Dave's comment about the problem is almost certainly in the browser itself or some other piece of malware installed on the client brings up lots of other possibilities. To be clear (since some other folks have misunderstood this), I can't say that this hack appears *only* in the CF Admin login page, or only in the CF Admin. I have the browser on the server set to the CF admin as a default, because that's what I use the browser for - administering CF. So the hacks appeared immediately after the browser was started and the first page loaded -- which *happened* to be the CF Admin. It's entirely possible, as Dave suggests, that the problem isn't related to CF at all, now that we've discussed it. That doesn't make it less of a problem. In fact, it means there are lots of other possible vectors. On Wed, Nov 12, 2014 at 3:29 PM, wrote: One is that, while it doesn't show up in the view source for a given page, a JS library referenced in the page has been compromised to rewrite page content. Of course, this is quite possible in theory, however it would imply that the hacker has already hacked the server, and one could ask what he is still trying to hack. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359634 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF9.02 administrator hack
Tom - I missed the email that Mark sent with that same blog post (which was written by me). Mark and I tag team this stuff regularly. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Nov 12, 2014, at 4:27 PM, Tom McNeer tmcn...@gmail.com wrote: Wil, Thanks. I'd already checked that. Mark chimed in earlier, and it's his post. Pete, Thanks. I was so concerned that the server was compromised in a way that would affect its performance as a server, I hadn't had a chance to start googling the text itself. And Dave, Thanks again. Yes, it's just a client-side problem. And Pete seems to have identified the particular hack. On Wed, Nov 12, 2014 at 5:13 PM, Dave Watts dwa...@figleaf.com wrote: One is that, while it doesn't show up in the view source for a given page, a JS library referenced in the page has been compromised to rewrite page content. Of course, this is quite possible in theory, however it would imply that the hacker has already hacked the server, and one could ask what he is still trying to hack. That's pretty obvious: the client. Lots of server hacks are pretty trivial in their effect on the server, and are ultimately aimed at compromising clients (whether the client is a browser or a search engine). Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Service-Disabled Veteran-Owned Small Business (SDVOSB) on GSA Schedule, and provides the highest caliber vendor- authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359638 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Is time for a change?
Im working with Hostek for a client and so far theyve been great. What issues are you seeing? Have you talked to them? Theyve been very responsive to our clients needs and requests. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Nov 7, 2014, at 1:15 PM, Rick Eidson cfh...@kchost.net wrote: Anyone using Hostek? I have been with them for. well a long time. But in the last year it seems there have been more problems than ever. I really hate the idea of moving all my clients but I am wondering if in the long run will I be better off. Any thoughts? Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359567 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF11 Licensing - 2 servers behind load balancer
IANAL - As I understand it if one server is just failover then you only need one license. If both servers are active then you need two. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Oct 2, 2014, at 2:15 PM, Dan LeGate d...@legeek.com wrote: Okay, if I have a single site, being run on two or more virtual (vmware) servers behind a load balancer, does each server need a license? Or does one license cover the site? Thanks! ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359393 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF11 Licensing - 2 servers behind load balancer
as they are virtual, if you have enterprise license then you are covered as long as you are within the CPU/core requirements. And this is why I hate licensing agreements. You need a lawyer to understand it and another lawyer to tell you you got it wrong. ð Why does it have to be so complicated? Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Oct 2, 2014, at 2:22 PM, Russ Michaels r...@michaels.me.uk wrote: as they are virtual, if you have enterprise license then you are covered as long as you are within the CPU/core requirements. On Thu, Oct 2, 2014 at 8:15 PM, Dan LeGate d...@legeek.com wrote: Okay, if I have a single site, being run on two or more virtual (vmware) servers behind a load balancer, does each server need a license? Or does one license cover the site? Thanks! ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359395 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFML restart ACF 10 app server service
If you are having to do regular restarts for server stability then there is definitely something wrong. At CF Webtools we have work with a large number of clients on CF10 that have very high load websites. None of them need regular restarts anymore. We are experts at rooting out server configuration issues as well as coding practices that may not be efficient that can cause problems. There are numerous blog posts on performance tuning for ColdFusion 10 JVM, Tomcat IIS connectors and code. Some of those are at my blog (http://www.trunkful.com) or at the ColdFusion Muses blog (http://coldfusionmuse.com/). Adobe has many blog posts too on server performance and tuning. I highly recommend using these resources to see if you can resolve the root cause(s) for the server stability issues. *Shameless plug* Or contact us and we can help you. Regards, Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Oct 2, 2014, at 3:56 PM, Russ Michaels r...@michaels.me.uk wrote: except we rarely had any such issues with cf4/5, it ran like a dream compared to CF6+, which is down to java On Thu, Oct 2, 2014 at 8:59 PM, UXB Internet denn...@uxbinternet.com wrote: we have a scheduled task setup to restart CF every morning. Since we have done this we have hardly any cf issues any more. Wow! How far we have come, he says with great sarcasm, it harkens back to the good old CF4 on NT server days. Dennis Powers UXB Internet - A website Design and Hosting Company P.O. Box 6028, Wolcott, CT 06716 - T:203-879-2844 W: http://www.uxbinternet.com W: http://www.ctbusinesslist.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359399 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFML restart ACF 10 app server service
Russ, I love those types of challenges! Yes, I have stabilized very large shared hosting ColdFusion 10 servers. Even some with hundreds of websites. It can be true that its not always as easy to do, but I know it can be done. Of course one of the best bangs for the buck is to buy Fusion Reactor when it comes down to figuring out if a certain sites code, DB, etc is a root cause. Even *I* (:-P) use Fusion Reactor, after all I can only do so much via mental telepathy. ;-) Regards, Wil Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Oct 2, 2014, at 4:18 PM, Russ Michaels r...@michaels.me.uk wrote: so just to clarify, these are servers with hundreds of different websites and customers on right ? not just 1 client/app per server? which is easy to tune On Thu, Oct 2, 2014 at 10:09 PM, Wil Genovese jugg...@trunkful.com wrote: If you are having to do regular restarts for server stability then there is definitely something wrong. At CF Webtools we have work with a large number of clients on CF10 that have very high load websites. None of them need regular restarts anymore. We are experts at rooting out server configuration issues as well as coding practices that may not be efficient that can cause problems. There are numerous blog posts on performance tuning for ColdFusion 10 JVM, Tomcat IIS connectors and code. Some of those are at my blog ( http://www.trunkful.com) or at the ColdFusion Muses blog ( http://coldfusionmuse.com/). Adobe has many blog posts too on server performance and tuning. I highly recommend using these resources to see if you can resolve the root cause(s) for the server stability issues. *Shameless plug* Or contact us and we can help you. Regards, Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Oct 2, 2014, at 3:56 PM, Russ Michaels r...@michaels.me.uk wrote: except we rarely had any such issues with cf4/5, it ran like a dream compared to CF6+, which is down to java On Thu, Oct 2, 2014 at 8:59 PM, UXB Internet denn...@uxbinternet.com wrote: we have a scheduled task setup to restart CF every morning. Since we have done this we have hardly any cf issues any more. Wow! How far we have come, he says with great sarcasm, it harkens back to the good old CF4 on NT server days. Dennis Powers UXB Internet - A website Design and Hosting Company P.O. Box 6028, Wolcott, CT 06716 - T:203-879-2844 W: http://www.uxbinternet.com W: http://www.ctbusinesslist.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359401 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFML restart ACF 10 app server service
The simplest way would be to use these two commands net stop Servcie name net start Servcie name Thats all you really need to stop and start ANY Windows service from the command line on the local machine. You can eve use the NET command to access a remote Windows server to stop and start services. Regards, Wil Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Oct 1, 2014, at 4:57 PM, John M Bliss bliss.j...@gmail.com wrote: Care to share the batch file? On Oct 1, 2014 5:56 PM, Russ Michaels r...@michaels.me.uk wrote: we have a batch file which we run via a windows scheduled task, we don't do it via CF. On Wed, Oct 1, 2014 at 7:10 PM, John M Bliss bliss.j...@gmail.com wrote: And do you do it the way Gerald recommended...? On Wed, Oct 1, 2014 at 12:16 PM, Russ Michaels r...@michaels.me.uk wrote: we have a scheduled task setup to restart CF every morning. Since we have done this we have hardly any cf issues any more. On Wed, Oct 1, 2014 at 3:46 PM, Gerald Guido gerald.gu...@gmail.com wrote: I don't know if this is the best way but you can put the following text in a .bat file and run it using cfexecute. net stop ColdFusion 10 Application Server net start ColdFusion 10 Application Server cfexecute name = C:\somefolder\yourbatfile.bat /cfexecute HTH G! *Gerald Anthony Guido* Nullius in verba http://en.wikipedia.org/wiki/Nullius_in_verba -- Horace learn.geraldguido.com Twitter https://twitter.com/CozmoTrouble Facebook https://www.facebook.com/gerald.guido.9 On Wed, Oct 1, 2014 at 9:22 AM, John M Bliss bliss.j...@gmail.com wrote: Hi. What's the current best way to use CFML to restart ACF 10 app server service (on Windows server)? -- John Bliss - http://www.linkedin.com/in/jbliss ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359381 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: EMail Injection Attack
Garry The hack files are not always called h.cfm. In fact that was just one named used by one attacker. there was also i.cfm by another attacker. Others have used other file names and/or other techniques as described in this blog post that Mark Kruger wrote that describes an exploit method I found. The file can be named anything. and its does not even need to be a .cfm or .cfc file. As this post points out (http://www.coldfusionmuse.com/index.cfm/2013/12/5/attack.vector.missing.template.handler ) Odds are someone was able to insert onto your server a web shell file that is granting them full access to anything they want on the server. The blog post by Charlie that was already mentioned is a great resource too. Here is what I would be doing: 1. At this point I would be changing my mail server credentials and going from CFAdmin mail credential settings to template level just to stop the flow of bogus email. 2. Locking down the CFAdmin and CFIDE or disabling it all together. The fastest way on IIS would be to restrict access to CFIDE to the 127.0.0.1 IP address. 3. Next I would do a search of all text files for the existence of CFMAIL. 4. If a file is found then you can search for that file name in your web server and CF logs to see when it was first created/accessed. Depending on what you find it may or may not be necessary to abandoned the server and start with a fresh setup. That is the worst case situation and weve run into that before. Also remember that a fully patched CF8.0.1 server HAS the CFAdmin API exploit. If you need further help please contact me. Investigating hacked servers is a large part of what we do at CF Webtools. Regards, Wil Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wil@cfwebtools www.trunkful.com On Aug 18, 2014, at 3:23 PM, Jeff Garza j...@garzasixpack.com wrote: What version of ColdFusion are you currently on and what's your patch level. I've seen instances where the vulnerability in the AdminAPI is exploited to upload templates that mass send junk mail. Look for a file called h.cfm in your CFIDE folder and in your webroot. That is the usual vector for this kind of attack.. If you find it, you'll need to assume that your entire server is potentially compromised as they have the ability to upload and execute any code in your system... -- Jeff Original Message From: G T tran.ga...@gmail.com Sent: Monday, August 18, 2014 1:13 PM To: cf-talk cf-talk@houseoffusion.com Subject: Re: EMail Injection Attack Hi Robert - Thanks for the reply, yes of course let me explain a bit more. While checking our sent mail logs, logged by coldfusion, we noticed emails were being sent out that was not directly sent through our own pages. Spam emails that were sent to different outside emails. So we can see that spam emails were sent outbound, but as of yet, we have no source of where they're coming from (ie. which pages are compromised). From what I've been researching, one way this is done by email inject - where they use form submissions to inject their own coldfusion code to form their own 'cfmail' sends. http://www.asadesigner.com/13-coldfusion/07d6a249de5791e6.htm Please let me know if you need additional info Can you explain a bit more what you mean by email injection attack? Do you mean someone is spamming forms that generate forms email, or is someone using some application you have to generate spam? Can you provide a slightly better explanation of what's happening? Robert Harrison Director of Interactive Services Austin Williams Advertising I Branding I Digital I Direct 125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788 T 631.231.6600 X 119 F 631.434.7022 http://www.austin-williams.com Blog: http://www.austin-williams.com/blog Twitter: http://www.twitter. com/austin_ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359146 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: How To Fix Server Hack
There is a lot of work to do at this point and you will need to face the possibility that it could be to late to lockdown (depending on what was hacked/installed etc and what data was taken) and you may in the worst case be looking at reinstalling everything from scratch. In the mean time you can use the CF9 lockdown guide (most applies to CF8) to learn what you need to do to lock down the server. http://www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/91025512-cf9-lockdownguide-wp-ue.pdf If you want professional help then contact us at CF Webtools. This is what we do and weve written a few blog posts on security and locking down ColdFusion. http://www.coldfusionmuse.com/index.cfm/2014/3/6/IIS.Vulnerability.CF.Task.Scheduler.API http://www.coldfusionmuse.com/index.cfm/2013/5/10/Protecting-the-CFIDE-directory-in-IIS http://www.coldfusionmuse.com/index.cfm/2013/5/9/sub.zero.coldfusion http://www.trunkful.com/index.cfm/ColdFusion-Security Regards, Wil Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Aug 5, 2014, at 6:47 PM, E Cohen eron_co...@yahoo.com wrote: Hello All, Sorry this is a bit of a clueless email. I have a ColdFusion 8 server that was hacked yesterday. A file was installed at /CFIDE/scripts/index.html on a Windows 2008 server that redirected to a phishing site. I am trying to work out what they did to install that file and lock it down. Does anyone have any tips or ideas? Thank you ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359059 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: stripping characters for meta description
Matthew - what is your end goal? Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On May 13, 2014, at 10:47 AM, DURETTE, STEVEN J sd1...@att.com wrote: Actually with the ^ I thought he told it to remove anything not in 0-9A-Za-z Steve -Original Message- From: Russ Michaels [mailto:r...@michaels.me.uk] Sent: Tuesday, May 13, 2014 11:34 AM To: cf-talk Subject: Re: stripping characters for meta description you haven't told it to remove quotes, you have only told it to remove 0-9A-Za-z If you want quotes removed also then you need to include that in your regex On Tue, May 13, 2014 at 4:26 PM, Matthew Smith chedders...@gmail.comwrote: I have this: cfset request.page.description = REReplace(request.page.description,[^0-9A-Za-z ],,all) yes I am still getting quotes in the description. http://www.theartoflovingcatsanddogs.com/art-item/pueblo-kitties-coffee-cup-286/index.cfm ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358633 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: stripping characters for meta description
Here try this. Its from one of my long used validation methods. It removes all punctuation and control type characters. REReplaceNoCase(arguments.string,'([[:cntrl:]]|[[:punct:]])','','All') Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On May 13, 2014, at 11:36 AM, Matthew Smith chedders...@gmail.com wrote: I want to remove anything not number and letters to be sure that it does not cause an issue with the search engines properly indexing the meta tags. Thank you for the help! On Tue, May 13, 2014 at 11:51 AM, Wil Genovese jugg...@trunkful.com wrote: Matthew - what is your end goal? Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On May 13, 2014, at 10:47 AM, DURETTE, STEVEN J sd1...@att.com wrote: Actually with the ^ I thought he told it to remove anything not in 0-9A-Za-z Steve -Original Message- From: Russ Michaels [mailto:r...@michaels.me.uk] Sent: Tuesday, May 13, 2014 11:34 AM To: cf-talk Subject: Re: stripping characters for meta description you haven't told it to remove quotes, you have only told it to remove 0-9A-Za-z If you want quotes removed also then you need to include that in your regex On Tue, May 13, 2014 at 4:26 PM, Matthew Smith chedders...@gmail.com wrote: I have this: cfset request.page.description = REReplace(request.page.description,[^0-9A-Za-z ],,all) yes I am still getting quotes in the description. http://www.theartoflovingcatsanddogs.com/art-item/pueblo-kitties-coffee-cup-286/index.cfm ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358643 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: More CFBuilder 3 frustration
I have about 20 client Projects is CF Builder. You need to create Projects and basically NEVER use the File view. Use the Navigator pane and Create New ColdFusion Project. Point it as your code and you should be good to go from there. Eclipse is the base platform here and everything is Project based. Once you have that setup everything else should start working with minimal config. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Apr 30, 2014, at 5:15 PM, Mike K afpwebwo...@gmail.com wrote: Does anyone actually use CF Builder for multiple projects? Everything I've seen so far seems to assume I'm working for a company with one web site. There's nothing I've found so far showing how to set it up for multiple web sites. I thought I'd done it right, but apparently not, because I can't preview any pages. I've seen a video on the Adobe web site about using CF Builder for Dreamweaver users.The guy just clicks a tab at the bottom of the screen called Safari and sees the page run right in the window.I can't find that tab or any menu item or link where I can do the same thing. So after messing about with this damn thing for 4 hours now, I've got nowhere.Can't preview a page. Can't upload anything to the server. It's just an expensive text editor so far. I can't use code insight either because unless I've missed something, it doesnt insight into CFCs instantiated with Coldspring. Has anyone managed to make CFBuilder introspect CFCs instantiated with ColdSpring? -- Cheers Mike Kear Windsor, NSW, Australia Adobe Certified Advanced ColdFusion Developer AFP Webworks http://afpwebworks.com ColdFusion 9 Enterprise, PHP, ASP, ASP.NET hosting from AUD$15/month ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358494 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: max heap
There is no such reference. Each server/application(s) has its own needs that must be evaluated on a case by case basis. The only general rule of thumb that can be applied is that 64bit systems tend to need more JVM heap than a 32bit system and that isnt even set in stone. It still depends on the web application(s) needs. Regards, Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Apr 2, 2014, at 9:14 PM, John M Bliss bliss.j...@gmail.com wrote: Hi. Does anyone know of a simple-ish reference showing: ACF version ACF standard v enterprise (if that matters) OS (Windows v Linux) OS version (if that matters) OS 32 bit v 64 bit ...and correlated max heap size? -- John Bliss - http://www.linkedin.com/in/jbliss ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358291 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
Imagine a family buys a car, and by default the airbags and anti-lock breaks are not enabled. Indeed, they are in the trunk, under the spare tire, but it's up to you to go to the manufacturer's site and download instructions to install them ;-) Obviously none of you have ever owned a Jeep :D When Im not hacking on servers - http://www.jeepforum.com/forum/f96/bug-out-build-1568531/ Just Empty Every Pocket Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Mar 28, 2014, at 12:58 PM, Claude Schnéegans schneegans@internetiq.trunkful.com wrote: ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358194 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
I see lessons in seeing sarcasm are needed Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Mar 28, 2014, at 1:02 PM, Russ Michaels r...@michaels.me.uk wrote: if you think no-one uses Windows web servers then you are wrong, very wrong. It would seem you also think that Windows is not locked down by default, that may have been true once upon a time, but is no longer the case and hasn't been for many years.Certainly since Windows Server 2008, you must specifically choose which roles to install, everything is not installed by default, the firewall is also installed and enabled by default with only the basic required services allowed through and networking is also disabled. On Fri, Mar 28, 2014 at 5:52 PM, Dave Watts dwa...@figleaf.com wrote: sure something may break by being locked down, but as I said earlier, you have 2 choices.. 1. out of the box install, not secure, but your site works just fine.. So nothing to learn unless you choose to. User continues in blissful ignorance. 2. out of the box, locked down and secure, but site may break, so you have to learn something about CF security to get it working. Learning is required and not optional, user has now learnt something new and has a secure system. surely this is a no brainier. This explains why absolutely no one uses Windows web servers. After all, that's how Unix web servers always worked, pretty much. You had to know what you were doing to get them working. I can see now why Windows never got any market share. (note: this is not an endorsement of one or the other, just an observation) Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358196 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
Ray, Yes that is pretty much the case. I spend a lot of my time cleaning up and securing severs that have been left unsecured. It happens all the time. I do more server work than code these days. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Mar 27, 2014, at 8:52 PM, Raymond Camden raymondcam...@gmail.com wrote: On Thu, Mar 27, 2014 at 8:12 PM, Maureen mamamaur...@gmail.com wrote: And that direction on how to secure it more exists where exactly? Is it in the install instructions, or only in some obscure document that a person unfamiliar with the need for security might not know about? So to be clear - there are people installing servers who don't know that security is important? Nothing can help them. I don't know about you - but pretty much *any* tech I use, I know to google foo security to see what resources exist for securing the app, install, etc. Number one result for coldfusion security was http://www.adobe.com/devnet/coldfusion/security.html ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358152 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
Honestly if these people are living under their cubicle desk then I have no clue how to get their attention. Its not as if no one is talking about ColdFusion security and certainly not as if the main stream news media is reporting security breaches. If someone chooses to stay uninformed there isnt much anyone can do to wake them up. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Mar 27, 2014, at 9:46 PM, Andrew Scott andr...@andyscott.id.au wrote: Ray, Probably not... Other people should also remember that not everyone spends time online in groups, they are 9 to 5 developers who have a life. These are the people who set these things up, these are the people that aren't being reached. Can more be done, don't think so. Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/113032480415921517411 On Fri, Mar 28, 2014 at 1:43 PM, Raymond Camden raymondcam...@gmail.comwrote: Playing attention to the requirement to inform these people about the need for extra lock down early in the process would be more effective in solving the problem than Adobe employees and evangelists ignoring the fact that these people exist and doing nothing more than yelling Um... who exactly is ignoring these people? You may argue the CF team should do *more*, but they are not *ignoring* anyone. The Secure Profile was a *big* step to try to help lock things down out of the box. Hiring Pete to write a guide, and hosting it, on *additional* steps was a good too imo. Can even more be done - maybe so. I'd like the installer to point to the lock down guide so folks know it exist. Rah, Rah, Adobe as if the company had no place in the solution. As if Adobe hasn't at least made an effort - oh wait - they did. Users must take some responsibility too, Maureen. You can't put it all on Adobe's shoulders here. If you let your nephew install a server and don't bother to double check his work, that is *your* fault, no one else. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358156 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
Only if it was flashing in huge read letters with the BLINK tag. Then again, some will still miss that. :) On Mar 27, 2014, at 10:16 PM, Raymond Camden raymondcam...@gmail.com wrote: I *do* think that at the end of the installation, linking to the lock down guide would be useful. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358163 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
Ill weigh in on this for a few reasons. One of the servers in the Krebs article is one that I was called in to fix. Ive had to investigate/fix several other breached servers over the past year. All were new to us clients that came to us with a breached server. Another reason is that I maintain a large number of ColdFusion servers at CF Webtools. Another is that other hosting companies contact CF Webtools and myself to assist with ColdFusion server issues. I am not all that concerned about the exploit. All software has bugs. Adobe fixed it pretty quick once it was noticed. Reading David Eplers blog post (http://www.dcepler.net/post.cfm/how-patching-coldfusion-8-0-x-made-you-more-vulnerable-in-some-cases-or-fun-with-cve-2013-0632-from-apsb13-03) may lead you to think that Adobe didnt do proper testing. But thats not the concern here. I know of many properly locked down servers that didnt get hacked even though it was attempted. The concern here is Who should be responsible for setting up, maintaining and securing a public facing server? (http://www.trunkful.com/index.cfm/2014/3/7/Who-Patches-Your-ColdFusion-Servers) The short answer is A qualified systems administrator and that should be the end of the discussion. I dont care if youre installing ColdFusion, Railo, PHP, .NET, Ruby, MySQL or any other system. If you are not a systems administrator you should not be working on the server. There are no excuses and the costs of making a mistake are growing very quickly. Should the ColdFusion installer do all the things in the lockdown guide for me? The answer is mixed. Id love to see CFIDE split apart so that CFAdmin is standalone from the scripts. How Adobe does it is up to them. Another change Id like to see is during the install is to have the option to pick the user account that ColdFusion will run under. This has been an option for the Linux installer, but not on Windows. (At least not that I can remember.) The last item Id like to see is during the Secure Profile install is that CFAdmin is locked down to localhost by default and the option to add an IP address if needed. I think these changes would be a huge step in persuading the sysadmin into properly securing ColdFusion installations. I know these have been mentioned before and during the ColdFusion 10 beta cycle many new security and installation changes where made. These were deferred. Id like to see these added this time. I know some people are going to take issue with requiring systems administrators to install and maintain ColdFusion servers. Too bad. I think it is obvious now that the costs of not having a qualified systems administrator are too high. Regards, Wil Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Mar 26, 2014, at 10:45 AM, Andrew Scott andr...@andyscott.id.au wrote: I agree with Ben and Dave There was a point, where I was siding with Adam on this. But Ben you make a good point, which I think Dave was trying to get at. SysAdmins by default are the type that want to do everything, they need to know what it is they have control over. Therefore, if Adobe in this case locked it down, they would become too complacent with the product. But Where Adam is coming from, is that there are a lot more people out there developing and maintaining cheap VPS servers for clients, which has been a huge push by the Community to some degree when hosting ever pops up. You know I feel safer having someone who manages the SysAdmin side of it, than rely on my knowledge as a developer. The problem is the perception of the younger developers coming up, is just that, they expect things to be done for them, in cases like what Adam is describing is that it is locked down 100%. Which I think would force these younger, newer developers to ColdFusion, to then learn the security of ColdFusion if they are forced to begin unlocking what they need. Now the question is how would Adobe then begin to cater for both those worlds? Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/113032480415921517411 On Thu, Mar 27, 2014 at 2:12 AM, Ben Forta b...@forta.com wrote: Sure, the installer could make things simpler, and maybe should. But, that's a double edged sword, make things easier and admins will be even less likely to learn and manage what they really need to. At the end of the day, whether it is Windows or Apache or your mail server or CF or Java or Oracle or anything else, if you think you can run install and click Next a few times and then ignore a public facing server, you are asking for trouble, and have no one to blame but yourself when it happens. --- Ben (Sent from a handheld device) ~| Order the Adobe Coldfusion Anthology now
Re: The long tail of ColdFusion fail
Let me add this: Who Patches Your ColdFusion Servers? http://www.trunkful.com/index.cfm/2014/3/7/Who-Patches-Your-ColdFusion-Servers Many companies dont have dedicated server IT staff and are either hoping their internally hosted servers are being updated by one or more of their devs. Some are thinking that their hosting provider is doing the updates. The truth is that unless you have a service agreement with your hosting provider that specifies ColdFusion updates they most likely are not doing them. If you are reading this and you are the owner of the company you should be able to answer, without doubt, the question above Who patches your ColdFusion servers? and you can verify that by asking them if the servers are up to date. Regards, Wil Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Mar 17, 2014, at 1:58 PM, Justin Scott leviat...@darktech.org wrote: http://krebsonsecurity.com/2014/03/the-long-tail-of-coldfusion-fail/ Patch your servers people. Follow the lockdown guide while you're at it. CF 10: https://www.adobe.com/content/dam/Adobe/en/products/coldfusion-enterprise/pdf/cf10-lockdown-guide.pdf CF 9: http://www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/91025512-cf9-lockdownguide-wp-ue.pdf -Justin ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357963 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
PHP isnt safer. Just different. And just because youre not hosting the servers does not me you are not responsible for them and you certainly are responsible for the damage caused by the hack. Go to http://www.securityfocus.com/vulnerabilities and look up PHP vulnerabilities. Regards, Wil Wil Genovese One man with courage makes a majority. -Andrew Jackson A fine is a tax for doing wrong. A tax is a fine for doing well. On Mar 17, 2014, at 2:08 PM, Robert Harrison rob...@austin-williams.com wrote: It's unfortunate, and I've tried to fight it for years, but CF is clearly experiencing a slow, painful death. At this point almost all of our CF sites have been hacked repeatedly (and before you point me to the lockout guide - we don't host CF, we just build (built) the sites). We're not releasing any more CF sites and are converting those site we can to PHP. I hate that this is happening, but the writing is on the wall. Robert Harrison Director of Interactive Services Austin Williams Advertising I Branding I Digital I Direct 125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788 T 631.231.6600 X 119 F 631.434.7022 http://www.austin-williams.com Blog: http://www.austin-williams.com/blog Twitter: http://www.twitter.com/austin_ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357968 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: The long tail of ColdFusion fail
Google for inurl:cfide/administrator to find a few. Hmmm - Our new prospective client list! Time to starting pitching services. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Mar 17, 2014, at 3:36 PM, Cameron Childress camer...@gmail.com wrote: There are a ton of sites out there with insecure CFAdmins, some running CFMX6!!! Google for inurl:cfide/administrator to find a few. -Cameron ... On Mon, Mar 17, 2014 at 4:30 PM, wrote: I think this hack is known since a long time ago. I remember having installed my CF administrator in a safe place at least 2 or 3 years ago. The adobe document which describes what to do is dated Mai 2010, almost 4 years old. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357974 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: ColdFusion code and STIG (DoD / Navy)
I got as far as this http://en.wikipedia.org/wiki/Security_Technical_Implementation_Guide Then real work called me. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Mar 10, 2014, at 11:48 AM, Ben b...@webworldinc.com wrote: For those of us unfamiliar with STIG compliance, can you give a reference? Thanks! Ben On Mar 10, 2014, at 9:15 AM, Chester Austin chesteraus...@gmail.com wrote: We're in the process of trying to get our Production server STIG compliant. The database and OS end seem pretty straight forward. The application end, however, seems to be more complicated than it needs to be. Is there any resources that point to how to handle web development things in the STIG server requirement? How different is the coding practices for STIG and non-STIG? For example, a simple CFM might have (minus any frameworks) a cfquery on the top of the page and a cfoutput on the bottom of the page. Are there different DSN for various security roles a user might be (a regular user might be one DSN and another user might be another)? Would that be necessary? I can give a more detailed example if necessary, but some guidance on how to design and implement the various requirements would be a good first step. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357903 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Honest question about cfform
There is always better ways to do things than using the client side CF code. I have not looked at the output of CFFORM JavaScript in ages, but if it has not been updated at all theres a good chance its not fully compatible with todays browsers. There are also form validation frameworks. One that I know of is ValidateThis http://www.validatethis.org/ Im not sure if this will work in your case. Its worth at least looking into it. There are options and most will be better than CFFORM. Regards, Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357828 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Jrun Restarts Itself Every Few Minutes - CF 8
Which Java version are you running? If you are not sure then look in
c:\coldfusion8\runtime\bin\jvm.config and report the line that starts with
Java.home.
As Jon Clausen pointed out ColdFusion 8 was not coded to work on Java 1.7. As
I did some additional searching it appears that Java 1.6 would be using
msvcr71.dll if anything and not msvcr100.dll. The later is used with Java
1.7.
The last version of Java that ColdFusion 8 is known to work on is Java
1.6.0_45. That was the last version of the 1.6 line as that line has reached
its End Of Life 1 year ago this month.
Regards,
WIl
Wil Genovese
Sr. Web Application Developer/
Systems Administrator
CF Webtools
www.cfwebtools.com
wilg...@trunkful.com
www.trunkful.com
On Feb 6, 2014, at 10:08 AM, Jon Clausen jon_clau...@silowebworks.com wrote:
A quick search shows a bunch of results for the MSVCR100.dll module fault.
Which version of Java are you running on? I dont think CF8 was ever updated
to run on 1.7.
A quick look shows that copying the msvcr100.dll from {JDK Home}\jre\bin to
{CF-Home}\runtime\bin has solved the issue for some (Examples:
http://www.trunkful.com/index.cfm/2013/8/8/ColdFusion-on-Java-17
http://helpx.adobe.com/coldfusion/kb/cumulative-hotfix-4-coldfusion-901.html)
but Im not sure if that would work with CF8.
HTH,
Jon
On Feb 6, 2014, at 10:35 AM, E Cohen eron_co...@yahoo.com wrote:
Thanks Mark. I have checked in the runtime\bin directory and there aren't
any log files in there of any sort. I also checked the log files in
runtime\logs and there isn't anything very interesting there either aside
from the frequent errors in coldfusion-out and coldfusion-event logs that
states There is no web application configured to service your request
but I think that's an effect of jrun crashing, not the cause.
I'd really appreciate any other ideas anyone may have! This is a huge
problem for me right now.
Look in the runtime/bin directory for any hotspot errors. Hsxx.log
usually. If you find any they should give you a clue where to look.
Hello All,
I am having a problem with one of my ColdFusion 8 production servers. JRUN
seems to be the issue--it is restarting itself every few minutes and I don't
know why. This is the error I find in the Windows Server 2008 R2
Application error log:
Faulting application name: jrun.exe, version: 4.0.7.43137, time stamp:
0x47d937de
Faulting module name: MSVCR100.dll, version: 10.0.30319.1, time stamp:
0x4ba220dc
Exception code: 0xc417
Fault offset: 0x0007038c
Faulting process id: 0x14e8
Faulting application start time: 0x01cf234798a16348
Faulting application path: C:\ColdFusion8\runtime\bin\jrun.exe
Faulting module path: C:\Windows\system32\MSVCR100.dll
Report Id: 28eeef4c-8f3b-11e3-95a9-80ee73328ead
I have tried uninstalling and re-installing ColdFusion but the problem
continues. Can anyone give me any other ideas of where to look or how to
troubleshoot this?
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357602
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFAdmin failing to set up a Scheduled Task
I ran into this on a server recently. There was code (not mine) that was running cfschedule and updating scheduled tasks every second. (Yeah, a bad idea) So my changes were just overwritten even before I could save. It could also be permissions to the neo-cron.xml file have been altered. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Jan 29, 2014, at 5:48 PM, Gonzo Rock gonzor...@gmail.com wrote: Any ideas on why attempts to set a scheduled task would cause a Server closed the connection without sending any data message. When I reload the scheduled tasks... the new one is not there. When I edit a task... not really edit... I just pull it up... and click Submit I get the same result. And get this... If instead of hitting Submit I hit Cancel I get the same result. I can create data sources and edit the mail setting and other such things... just scheduled tasks is suddenly having a problem. I have confirmed scheduled tasks are running... I can see the logs for them updating. This is a linux box running CF 9 Any ideas? Unfortunately the Google is not helping :( ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357526 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Viviotech?
I was on the phone with Vivio. The claim there was or is some sort of DDOS against one or more of the sites hosted there. We have a client that has been down for about at hour at Vivio and SSH to their server is essentially not possible. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Jan 28, 2014, at 1:10 PM, Kelly Matthews webd...@gmail.com wrote: I think they had some issues. Several of my sites went down, also I think their support number is tied to their network so if the network goes down so do their phones. If that's still the case, I really wish that's something they would fix, it's my only gripe. :) However, my sites seem to be back up now. On 28 Jan 2014, at 14:08, Money Pit wrote: Anyone hear anything from them? They've been completely off the air for about an hour. Fast busy signal on the phone. Was originally just 'busy' so I'm wondering if someone got thru to them before the phone went down. -- --m@Robertson-- Janitor, The Robertson Team mysecretbase.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357509 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Viviotech?
Those files were then hit remotely and caused the exploited servers to send massive amounts of ARP requests off to an IP belonging to Chase bank. I never did trust Chase! :D BUT! This is interesting to note. If the IP really belongs to Chase as in inside Chase then what exactly at Chase has been compromised? That should give you chills up and down your spine. Regards, Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Jan 28, 2014, at 4:53 PM, Jordan Michaels jor...@viviotech.net wrote: Those files were then hit remotely and caused the exploited servers to send massive amounts of ARP requests off to an IP belonging to Chase bank. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357512 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: SSL certificate problem with 3rd party
I was helping Jason with this a bit before he posted here, but didnt have time to do full tests. I have run into this situation before and that time it automagically started working the next day with an unaltered keystore. Arg! So this issue: I have a Win 7 VM with CF8.0.1 fully patched and CF10 fully patched. Both jvm.config files are edited to use the exact same JVM at c:\program files\jdk1.6.0_45\jre and the exact same keystore cacerts file. This cacerts is the one that came with jdk 1.6.0_45. BEFORE importing the Comodo cert CF8.0.1 CFHTTP fails with with error I/O Exception: Name in certificate `internetsecure.com' does not match host name `test.internetsecure.com. CF10 is successful. Next I imported the cert COMODOHigh-AssuranceSecureServerCA.crt from Comodo and restarted CF8.0.1. After the restart I still get the same error message on CF8.0.1 and after restarting CF10 it still works. Ive pulled my hair out before on this without luck other than in one case an SSL cert automagically started working. I have in the past looked for any documentation that Adobe updated CFHTTP between CF8 and CF10 I have not found anything yet. However, something must have changed to allow certs with Subject Alternate Names. Regards, Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Jan 16, 2014, at 4:38 PM, Byron Mann byronos...@gmail.com wrote: Apologies, Justin is correct. I tested this on one of our CF 8 servers and the host file/IP manipulation worked as stated. I'm so used to dealing with the * certificate issue, I wasn't aware this wasn't the case for the new certificates with the multiple names. FYI, I tried things out on CF 10, and it appears to accept these types of certificates without issue. Byron Mann Lead Engineer Architect HostMySite.com On Thu, Jan 16, 2014 at 4:18 PM, Justin Scott leviat...@darktech.orgwrote: You will need to import the star (*) certificate into the keystore for the java instance ColdFusion is running upon. Basically ColdFusion doesn't like to speak to *.domain.com certificates (I think CF10 doesn't mind so much), as it is not an exact match to the URL it is attempting to access. In this case it's not a wildcard certificate, it's a standard cert using the subject alternative names extension which isn't supported on Java 6. Importing the certificate into the Java keystore won't help in this case because the primary name on the certificate doesn't match the hostname being called. Java will only check against the primary hostname and not the alternative names listed in the certificate. Calling the primary hostname on the certificate and using a hosts entry to override the DNS entry to direct it to the right IP is the only workaround in this instance. -Justin Scott ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357470 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: SSL certificate problem with 3rd party
Simply stating it works on ColdFusion 10 is meaningless. ColdFusion 10 installs with Java 1.6 by default. So unless youve patched CF10 and explicitly installed Java 1.7 and edited your jvm.config to use Java 1.7 you are still on Java 1.6. Wil Genovese Owner / Sr Web Application Developer / Systems Administrator Trunkful Technologies, inc. 729 Dodd Road Saint Paul, MN 55107 | m: 651-894-4238 | skype: wilgeno wilg...@trunkful.com | http://www.trunkful.com On Jan 16, 2014, at 4:38 PM, Byron Mann byronos...@gmail.com wrote: Apologies, Justin is correct. I tested this on one of our CF 8 servers and the host file/IP manipulation worked as stated. I'm so used to dealing with the * certificate issue, I wasn't aware this wasn't the case for the new certificates with the multiple names. FYI, I tried things out on CF 10, and it appears to accept these types of certificates without issue. Byron Mann Lead Engineer Architect HostMySite.com On Thu, Jan 16, 2014 at 4:18 PM, Justin Scott leviat...@darktech.orgwrote: You will need to import the star (*) certificate into the keystore for the java instance ColdFusion is running upon. Basically ColdFusion doesn't like to speak to *.domain.com certificates (I think CF10 doesn't mind so much), as it is not an exact match to the URL it is attempting to access. In this case it's not a wildcard certificate, it's a standard cert using the subject alternative names extension which isn't supported on Java 6. Importing the certificate into the Java keystore won't help in this case because the primary name on the certificate doesn't match the hostname being called. Java will only check against the primary hostname and not the alternative names listed in the certificate. Calling the primary hostname on the certificate and using a hosts entry to override the DNS entry to direct it to the right IP is the only workaround in this instance. -Justin Scott ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357469 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: IE 11 not maintaining state
Did you recently update ColdFusion? This may be related: http://forums.adobe.com/message/4539348 Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Dec 13, 2013, at 6:59 PM, Matthew Smith chedders...@gmail.com wrote: Just had the IE 11 update pushed to my development box. Now, on the site I am working on, I am getting a new cfid/cftoken with every page request, ruining state/session management. What is the easiest work around on this? I would hate to have to go through all the site adding #cfid# and #cftoken# to every url... Also, if I do have to append cfid/cftoken, how is it handled when the site is indexed by a se bot? Wouldn't the cached links have the same cfid/cftoken for everyone? Thank you. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357363 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Secure attribute on CF Session Cookies
Ive seen people request this before due to a PCI security audit. Usually the best solution, depending on the code, is to switch to J2EE session variables. Instead of physical cookies the session cookies are true session cookies in browser memory. This would eliminate the secure cookies issue. I think? Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Dec 6, 2013, at 1:29 PM, Robert Harrison rob...@austin-williams.com wrote: Is there any way to ensure the CFTOKEN and CFID cookies include the secure attribute when sending over https? I see no way to do this on CF9. Thanks Robert Harrison Director of Interactive Services Austin Williams Advertising I Branding I Digital I Direct 125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788 T 631.231.6600 X 119 F 631.434.7022 http://www.austin-williams.com Blog: http://www.austin-williams.com/blog Twitter: http://www.twitter.com/austi ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357314 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: per application settings
I swear this guy is a troll, nobody is that dense. but incase he is: CFMappings are used ONLY FOR things such as CFINCLUDE. They are never used for img src=/some/place/imagename.png To get a mapping for image or other HTML urls you have to use the web server (IIS OR Apache) Alias configuration settings. These are two totally different types of mappings and they have NO relation to each other. Can only hope this sinks in. Wil Genovese One man with courage makes a majority. -Andrew Jackson A fine is a tax for doing wrong. A tax is a fine for doing well. On Nov 26, 2013, at 2:12 PM, Matt Quackenbush quackfu...@gmail.com wrote: Correct. And you should read what I wrote. I addressed your words, exactly. On Tue, Nov 26, 2013 at 3:09 PM, Eric Roberts ow...@threeravensconsulting.com wrote: Matt...please read what you quoted and that should address your statement about non-cfm files... Philip...it is in a .cfm file that handles the header. in this specific instance, it is calling up a logo image in the header. If this was in an html file, then they would be correct...but in a cfm file...everything is parsed. I know you've been told this repeatedly and so I'm probably just wasting my breath (finger energy, I suppose), but you are 100% incorrect. 100% WRONG. Here's a 100% accurate statement that is based upon your 100% inaccurate one: CF does not execute html files unless your web server is specifically custom-configured to do so. In a default CF installation, CF only executes *.cfm(l) and *.cfc files. At no time does CF parse the entire file that it executes, but rather, it relies on specific syntax and code constructs - CFML and/or CFScript - to determine its parsing boundaries. CF never has and never will parse HTML. Period. Please read before commenting. I clearly stated that it was in a cfm file...not an html file...sheesh Eric On Tue, Nov 26, 2013 at 2:07 PM, Eric Roberts ow...@threeravensconsulting.com wrote: Matt...where did I say I was executing a non-cfm file? On Tue, Nov 26, 2013 at 2:04 PM, Matt Quackenbush quackfu...@gmail.com wrote: On Tue, Nov 26, 2013 at 2:52 PM, Eric Roberts ow...@threeravensconsulting.com wrote: Philip...it is in a .cfm file that handles the header. in this specific instance, it is calling up a logo image in the header. If this was in an html file, then they would be correct...but in a cfm file...everything is parsed. I know you've been told this repeatedly and so I'm probably just wasting my breath (finger energy, I suppose), but you are 100% incorrect. 100% WRONG. Here's a 100% accurate statement that is based upon your 100% inaccurate one: CF does not execute html files unless your web server is specifically custom-configured to do so. In a default CF installation, CF only executes *.cfm(l) and *.cfc files. At no time does CF parse the entire file that it executes, but rather, it relies on specific syntax and code constructs - CFML and/or CFScript - to determine its parsing boundaries. CF never has and never will parse HTML. Period. The point behind having mappings is so that in the code, you are refering to a directiory by name rather than having to deal with what the path is from the file. You are correct that by setting a CF mapping named `/foo` you can then reference the mapping by name as simply `/foo` rather than needing to write out the full path. CF handles determining what that is when it renders it int o html. You are 100% WRONG if you think CF does anything with mappings for any purpose other than **CFML FILE SYSTEM ACCESS**. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357180 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF 10 on Mavericks AND Adobe download links not working
Funny how the ONLY apps that are not ready for Mavericks are Adobe's. Adobe has a failed history of being ready for new OS releases whether is be OS X or Windows. So please do not insult users for Adobe failing to be ready for new OS releases. Regards, Wil On Oct 28, 2013, at 11:22 AM, Russ Michaels r...@michaels.me.uk wrote: And TBH it is pretty daft to just upgrade your OS without first checking that all your apps are compatible and then moaning about it. On Mon, Oct 28, 2013 at 4:19 PM, Raymond Camden raymondcam...@gmail.comwrote: My guess, and I speak here as just Ray, not Adobe Ray, heck, I'm not on that team anyway, is that they have a certified list of web servers they support, and adding one involves significant effort, and is probably only done in major releases, ie, CF11 may support Apache 5 or somesuch. The CF requirements page should clearly spell out what versions of Apache it supports and I'd always recommend following that if - well - you want stuff to work. On Mon, Oct 28, 2013 at 10:42 AM, Scott Brady dsbr...@gmail.com wrote: We were getting a fairly generic Error processing your request with a number of links to the home page and to contact Adobe. It's still happening (after a restart). Someone else was able to get me the file, so now just to try to get it up and running again. Isn't Adobe in Apple's developer program and, thus, had access to the Mavericks builds so they could have had a fix out by now (rather than the community having to provide a mod_jk.so file)? (MAMP uses an older version of Apache, I believe, which is why that works.) On Mon, Oct 28, 2013 at 9:20 AM, Bruce Sorge sor...@gmail.com wrote: I did the mavericks fix for cf this morning and a reinstall and I am working fine using apache and cf10. I already had the dmg for cf so I never messed towing it. Sent from my iPhone 4S. On Oct 28, 2013, at 10:15 AM, Raymond Camden raymondcam...@gmail.com wrote: I just tried and it worked for me - the download I mean. What problem did you have with the link? As for Mavericks - I updated yesterday and CF is running fine for me. Note though that I do not use the OSX Apache but rather MAMP. On Mon, Oct 28, 2013 at 9:10 AM, Scott Brady dsbr...@gmail.com wrote: I upgraded my Mac to Mavericks over the weekend and I had CF 10 working yesterday, by using the modified mod_jk.so that someone posted on the net (since there isn't a fix from Adobe yet). This morning, it stopped working after trying a CF restart, so I went through the process again and still couldn't get it working. So, I figured i'd try re-installing CF10. Unfortunately, it looks like both the download links on Adobe's site for ColdFusion 10 aren't working (nor is the Report a bug link on their site), but other download links are working. (One other developer can get to the download page, but another one can't -- we thought maybe it was a VPN issue, but if I disconnect from the VPN, I still can't get to the download link). Since I can't report the problem and Ray is on this list, I'm hoping he can at least notify the web site team. Here's the download link I'm trying: http://www.adobe.com/cfusion/tdrc/index.cfm?product=coldfusion -- - Scott Brady http://www.scottbrady.net/ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356988 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: test
fail :D Wil Genovese One man with courage makes a majority. -Andrew Jackson A fine is a tax for doing wrong. A tax is a fine for doing well. On Aug 28, 2013, at 12:20 PM, Torrent Girl moniqueb...@gmail.com wrote: test ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356593 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF 9 and Java 1.7 ?
We've been converting out CF9 and CF10 to Java 1.7 at CF Webtools. Here is what I wrote up about it. http://www.trunkful.com/index.cfm/2013/8/8/ColdFusion-on-Java-17 Regards, Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Aug 13, 2013, at 2:11 PM, Chris 0404tow...@gmail.com wrote: Hi, are many people using CF 9 and Java 1.7 ? With Cumulative HotFix 4, CF9 should now support Java 1.7. Just wondering how it's working. I see a couple issues in https://bugbase.adobe.com thanks, Chris ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356454 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF10 Dev Edition...
Adobe changed the two IP restriction a bit. A small but significant change in ColdFusion 10 is around IP address restriction. Till ColdFusion 9, only two fixed IP addresses can access the developer edition of server. But this restriction is changed in ColdFusion 10. ColdFusion 10 developer edition can now be accessed concurrently by any two IP addresses. The restriction is on two concurrent request from any two IP addresses and not on which IP addresses. http://blogs.coldfusion.com/post.cfm/coldfusion-10-developer-edition-can-now-be-accessed-by-any-ip-address Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Aug 13, 2013, at 5:35 PM, Eric Roberts ow...@threeravensconsulting.com wrote: Is ther anything that limits the number of requests in the dev edition? We have some calls that use https and the call is crapping out when I use https to call another page hat has cfc and http requests. The code works fine on out cf9 production and dev servers.Iam trying to set up a local dev, but I have 10 installed. Eric ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356461 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFQueryParam
No, cfqueryparam does not work in the order by clause.
However, when using url params passed to a query for altering the order I use
if/then logic to set the order by clauses to prevent SQLi.
if (url.sortby EQ 'D') { orderby mycolum desc } else { order by mycolumn ASC }
THis is a simple and effective way to prevent SQLi in the order by clauses.
Wil Genovese
Sr. Web Application Developer/
Systems Administrator
CF Webtools
www.cfwebtools.com
wilg...@trunkful.com
www.trunkful.com
On Jul 21, 2013, at 12:50 PM, Dave Hatz daveh...@hatzventures.org wrote:
I know using cfqueryparam helps with hack attempts on your database and it
helps performance for the execution of the queries.
Question, does using the cfqueryparam help with performance on the ORDER BY
clause? One some of our pages we give the user the ability to change the
sort order of the data being displayed. But, we do not use CFQUERYPARAM on
the ORDER BY clauses.
Thanks,
Dave Hatz
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356263
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Vivio Down?
Yes - I just lost a few client sites too Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Jun 20, 2013, at 3:35 PM, Josh Nathanson joshnathan...@gmail.com wrote: Anyone here host on Viviotech? My site's down and their main website isn't responding. -- Josh ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356025 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Vivio Down?
Must have been a router burp Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Jun 20, 2013, at 3:37 PM, Josh Nathanson joshnathan...@gmail.com wrote: Oh, looks like it's back up now. Carry on. -- Josh On Thu, Jun 20, 2013 at 1:36 PM, Wil Genovese jugg...@trunkful.com wrote: Yes - I just lost a few client sites too Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Jun 20, 2013, at 3:35 PM, Josh Nathanson joshnathan...@gmail.com wrote: Anyone here host on Viviotech? My site's down and their main website isn't responding. -- Josh ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356028 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFMail Issues since Upgrading to CF10
Please attach the code used to generate the emails. We will need that to have any ideas on why they are not working. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Jun 18, 2013, at 11:56 AM, Zad I zadi...@gmail.com wrote: Ever since upgrading to CF10, we've been having some odd issues with our automated ColdFusion emails. The processes always functioned properly in the past, but lately we've been getting some very out of the ordinary issues which I'll describe further below. We discover the problem usually from contacts who usually receive these emails on a daily basis with or without attachments. We'll go to the CFMAIL directory for the corresponding server and find a slew of emails stuck in the 'Undelivr' emails. In some cases, we can just move these emails to the Spool folder and they process fine, but in most cases they result in one of the two errors below: Error 1: In an email which normally does not contain a body and contains an attachment, the follow error is what we found in the logs: - Error,scheduler-1,01/15/13,14:09:56,,javax.mail.MessagingExce ption: missing body for message javax.mail.MessagingException: missing body for message at coldfusion.mail.MailImpl.createMessage(MailImpl.java:696) at coldfusion.mail.MailSpooler.deliver(MailSpooler.java:1295) at coldfusion.mail.MailSpooler.sendMail(MailSpooler.java:1197) at coldfusion.mail.MailSpooler.deliverFast(MailSpooler.java:1657) at coldfusion.mail.MailSpooler.run(MailSpooler.java:1567) at coldfusion.scheduling.ThreadPool.run(ThreadPool.java:211) at coldfusion.scheduling.WorkerThread.run(WorkerThread.java:71) --- Placing these emails that have always been sent out this way in the past without an attachment in the spool directory causes it to go right back in the 'Undelivr' folder and resulting in the same error. We ended up having to modify the email file and add random content in the body message, place it back in the spool directory, and it went through. - Mind boggling. Error 2: -- Error,scheduler-2,02/04/13,09:08:17,,javax.mail.MessagingExce ption: Exception reading response; nested exception is: java.net.SocketException: Connection reset Both errors occur randomly and we have not been able to find out what causes them randomly from time to time. All other emails go through fine, but certain emails will never go out and end up in the 'Undelivr' folder. We are running them on Windows Server 2008 64bit. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355966 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Adobe no longer supports ColdFusion??? Really?
I've never been and never will be a designer and thus a Dreamweaver user. I would never want to use Dreamweaver to write server side code. I say leave Dreamweaver to designers. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Jun 18, 2013, at 12:52 PM, Russ Michaels r...@michaels.me.uk wrote: sadly this is true, they have dropped CF support in DW, you have to buy CFBuilder now if you want a CF IDE. Very annoying as I liked DW On Tue, Jun 18, 2013 at 6:07 PM, Mike K afpwebwo...@gmail.com wrote: Have I missed something here? I upgraded my Dreamweaver CS6 to Dreamweaver CC and ColdFusion is no longer supported apparently. There are no CFM file types, no tag hinting or code completion etc for ColdFusion, apparently. Unless I've missed something somewhere and I have to change a setting or install an extension or something. Has anyone else found a fix for this? Or have I got it wrong? -- Cheers Mike Kear Windsor, NSW, Australia Adobe Certified Advanced ColdFusion Developer AFP Webworks http://afpwebworks.com ColdFusion 9 Enterprise, PHP, ASP, ASP.NET hosting from AUD$15/month ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355972 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Adobe no longer supports ColdFusion??? Really?
I think some of the complaining is from people that 'fear' learning an Eclipse style IDE. At the Twin Cities CFUG a week ago a few people expressed that they didn't want to learn such a complicated IDE. That and having to actually pay for software came up again. I did point out the free edition. I think there will always be a segment that wants free software that is simply a text type editor. That's fine, but others like myself do want a powerful IDE. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Jun 18, 2013, at 1:02 PM, Raymond Camden raymondcam...@gmail.com wrote: Details on free version of ColdFusion Builder: http://cfdocyard.blogspot.com/2011/05/coldfusion-builder-express-edition-free.html Note this is from two years ago. On Tue, Jun 18, 2013 at 1:01 PM, Raymond Camden raymondcam...@gmail.comwrote: Um, no, you don't have to buy ColdFusion Builder. There is a free edition. And yes - we've already announced plans for an update. So - there ya go. No need to panic - again - right? On Tue, Jun 18, 2013 at 12:59 PM, Wil Genovese jugg...@trunkful.comwrote: I've never been and never will be a designer and thus a Dreamweaver user. I would never want to use Dreamweaver to write server side code. I say leave Dreamweaver to designers. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Jun 18, 2013, at 12:52 PM, Russ Michaels r...@michaels.me.uk wrote: sadly this is true, they have dropped CF support in DW, you have to buy CFBuilder now if you want a CF IDE. Very annoying as I liked DW On Tue, Jun 18, 2013 at 6:07 PM, Mike K afpwebwo...@gmail.com wrote: Have I missed something here? I upgraded my Dreamweaver CS6 to Dreamweaver CC and ColdFusion is no longer supported apparently. There are no CFM file types, no tag hinting or code completion etc for ColdFusion, apparently. Unless I've missed something somewhere and I have to change a setting or install an extension or something. Has anyone else found a fix for this? Or have I got it wrong? -- Cheers Mike Kear Windsor, NSW, Australia Adobe Certified Advanced ColdFusion Developer AFP Webworks http://afpwebworks.com ColdFusion 9 Enterprise, PHP, ASP, ASP.NET hosting from AUD$15/month ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355980 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Adobe no longer supports ColdFusion??? Really?
The trial version becomes the Express Version after the trail period ends. Thus free. Sent from my iPad, enjoy the auto replace typos :) On Jun 18, 2013, at 8:23 PM, Casey Dougall - Uber Website Solutions ca...@uberwebsitesolutions.com wrote: On Tue, Jun 18, 2013 at 2:02 PM, Mark Drew mark.d...@gmail.com wrote: I thought you could get a free version of CFBuilder?? You can... go to ColdFusion Summit and you get a copy for free! http://cfsummit.adobeevents.com/ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355997 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: ColdFusion Enterprise Manager - Instance Manager disappearing
Make sure you are accessing the primary CF Admin port 8300 in most cases. Regards, Wil Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Jun 6, 2013, at 1:06 PM, Scott Stewart webmas...@sstwebworks.com wrote: Hi all.. I don't have a lot of background on this because it was just reported to me. Has anyone seen the Instance Manager just vanish from a CF 9 install. It's Windows 2008 and IIS 7.5 Thanks in advance.. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355876 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: ??
Jealous! I should crash the party's tonight being I live 10 miles from the conference. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On May 17, 2013, at 10:28 AM, Nathan Strutz str...@gmail.com wrote: Yea, we are all in Minneapolis :D www.cfobjective.com Consider coming next year, this is a great conference! nathan strutz [www.dopefly.com] [hi.im/nathanstrutz] On Fri, May 17, 2013 at 2:48 AM, Russ Michaels r...@michaels.me.uk wrote: Cf.objective Regards Russ Michaels www.michaels.me.uk www.cfmldeveloper.com - Free CFML hosting for developers www.cfsearch.com - CF search engine On 17 May 2013 08:34, Stephens, Larry V steph...@iu.edu wrote: According to HoF I'm still subscribed but I've seen no messages for several days? Has everyone gone to a convention or is CF now quiescent? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355755 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: ATTENTION Adobe! Multiple Broken CF-Related Links on Adobe.com!
Attention Christian Abad: Maybe you should try a different browser or computer or something. Each of those links you provided work great for me. On Apr 15, 2013, at 11:29 AM, Christian N. Abad li...@accessiblecomputing.com wrote: Adobe Folks: There are multiple broken links on the Adobe.com Website for ColdFusion-related Downloads. For instance, I am unable to download CF 10 (any version, using any link) or ColdFusion Builder 2 (using any link). Here are some of the broken links: http://www.adobe.com/go/trycoldfusion http://www.adobe.com/cfusion/tdrc/index.cfm?product=coldfusion http://www.adobe.com/go/trycoldfusionbuilder http://www.adobe.com/cfusion/tdrc/index.cfm?product=coldfusion_builder http://www.adobe.com/sitemap/ Câmon Adobe! This is disastrous! EPIC FAIL! â¹ Sincerely, Christian N. Abad - President Accessible Computingâ¢, Inc. 1210 McLaughlin Drive Charlotte, NC 28212 http://www.AccessibleComputing.com 704.900.1825 (Direct Line) li...@accessiblecomputing.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355407 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Now() offset by 1 hour
This could be caused by an old JVM version. Which version JVM are you running? Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Apr 2, 2013, at 12:48 PM, Richard White rich...@re-base.net wrote: Hi, Since the clocks went forward in GMT the now() function is returning an incorrect time (-1 hour to what the server clock reads). I have searched over the internet and found several references to this but not solution. Has anyone found a way to fix? I am using CF9 Thanks Richard ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355227 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Now() offset by 1 hour
On rare occasion I've had a JVM refuse to get onto the correct timezone, while new and having the correct timezone data and the server having the correct timezone data and even reporting the correct time. 1. Make sure the JVM is reporting the correct timezone. 2. if its not, you can force it with this JVM arg in jvm.config -Duser.timezone=America/New_York If it's reporting the correct timezone, then I think we need to start looking for bugs with JVM 1.7. Unsure about that though. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Apr 2, 2013, at 1:03 PM, Richard White rich...@re-base.net wrote: Hi Will, thanks for your suggestion i just updated to the latest JVM 7, update 17. No change unfortunately This could be caused by an old JVM version. Which version JVM are you running? Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Apr 2, 2013, at 12:48 PM, Richard White rich...@re-base.net wrote: ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355229 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Now() offset by 1 hour
Download it here and install. http://www.oracle.com/technetwork/java/javase/downloads/index.html I keep my JVM Install for ColdFusion separate from the default Java that the OS is using. Typically I change the default location of the install to be in a top level folder named /java/ So c:\Java or D: java on Windows. On Linux I use the /opt folder because ColdFusion is installed in /opt so it would be /opt/java/ Then you need to edit your jvm.config file and point the java.home= to the new path of your newly installed JVM. Be sure to backup your jvm.config. So the JVM config line might look something like this. You'll have to make sure you get the path correct for your OS. java.home=C:/java/jvm_16xxx/jre Regards, Wil Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Apr 2, 2013, at 3:26 PM, Richard White rich...@re-base.net wrote: Thanks guys. After running this code I can see I am running 1.6 Please excuse my ignorance but i have been searching on how to upgrade to 1.7 and have found no instructions on where to download it or upgrade. I have downloaded the JVM 7 Update 17 but it appears this isnt the same thing thanks for any guidance It may be worth double checking that you are using the version you think you are using: This will tell you: #CreateObject(java, java.lang.System).getProperty(java.version)# ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355234 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Now() offset by 1 hour
Which version of ColdFusion are you using? All you said was 9. 9 and 9.0.1 with NO updates will not work on JVM 7. You need to fully update/patch ColdFusion 9. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Apr 2, 2013, at 4:22 PM, Richard White rich...@re-base.net wrote: I have downloaded the latest version although when I amend the jvm.config and attempt to restart CF it does not restart correctly, very odd! Download it here and install. http://www.oracle. com/technetwork/java/javase/downloads/index.html I keep my JVM Install for ColdFusion separate from the default Java that the OS is using. Typically I change the default location of the install to be in a top level folder named /java/ So c:\Java or D: java on Windows. On Linux I use the /opt folder because ColdFusion is installed in /opt so it would be /opt/java/ Then you need to edit your jvm.config file and point the java.home= to the new path of your newly installed JVM. Be sure to backup your jvm.config. So the JVM config line might look something like this. You'll have to make sure you get the path correct for your OS. java.home=C:/java/jvm_16xxx/jre Regards, Wil Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Apr 2, 2013, at 3:26 PM, Richard White rich...@re-base.net wrote: Thanks guys. After running this code I can see I am running 1.6 Please excuse my ignorance but i have been searching on how to upgrade to 1.7 and have found no instructions on where to download it or upgrade. I have downloaded the JVM 7 Update 17 but it appears this isnt the same thing thanks for any guidance It may be worth double checking that you are using the version you think you are using: This will tell you: #CreateObject(java, java.lang.System).getProperty(java. version)# ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355237 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: now( ) is off by an hour
Here is your answer: This JVM version is SO old that it has the OLD DST change over date. The DST change over dates changed in 2008. See this tech note from (Sun) Oracle. http://www.oracle.com/technetwork/java/javase/releasenotes-138306.html#142_19 Regards, Wil Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Mar 12, 2013, at 5:36 PM, Carl Von Stetten vonner.li...@vonner.net wrote: Daniel, What version of ColdFusion are you running? Maybe you can upgrade the JVM to a newer version that has updated DST settings? I think the start/end dates for DST in the US were changed in 2007, while Java 1.4 hasn't been current since around 2004. -Carl V. On 3/12/2013 6:31 AM, daniel kessler wrote: I get: JRE:=Java(TM) 2 Runtime Environment, Standard Edition 1.4.2_09-b05 tz:=Eastern Daylight Time dst savings:=1 uses DST: YES in DST now: NO I saw that there is an update to 1.4.2_11, but that came out around 2007 I think. So I would need a more recent update. A coworker said that she updated her jvm and still sees the error. However, I'm waiting for her to come in to work and run this script that you gave me. Maybe it gives some different info. When it says in dst now, that means that JVM thinks it's not in DST or that the computer does not think it's in DST? script jre=createObject(java,java.lang.System); JREname=jre.getProperty(java.runtime.name); JREversion=jre.getProperty(java.runtime.version); tz=createObject(java,java.util.TimeZone).getDefault(); tzName=tz.getDisplayName(true,tz.LONG); dstSavings=tz.getDSTSavings()/360; writeoutput(JRE:=#JREname# #JREversion#br tz:=#tzName#brdst savings:=#dstSavings#br uses DST: #tz.useDaylightTime()#br in DST now: #tz.inDaylightTime(now())#); /cfscript ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354953 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Hosting - Clear Template Cache required
I am working with CF10 all the time these days. There is a setting for using Trusted Cache, but it is optional and up to the CFAdmin to enable or disable this feature. In the past 6 months of working with CF10 servers I have never needed to Clear the Template Cache. Regards, Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Feb 25, 2013, at 12:47 PM, Dan LeGate d...@legeek.com wrote: I've been with Newtek (formerly CrystalTech) a long time. Ever since I moved to their CF10 plan, any edits I make to my CFMs require me to login to their cumbersome interface and issue a Clear Template Cache command. They say this is required by ColdFusion, not them, and that the only way to not have this happen is to switch me back to a CF9 plan. Ugh. So my questions are: 1. Are they right? Do ALL CF hosting companies require a Clear Template Cache feature for CF10? 2. Is there a programmatic way I can quickly clear the cache instead of relying on their interface? 3. What CF10 hosting company/ies do you recommend? Thanks! Dan ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354686 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF10 CFBuilder
a couple things: 1. On the previous screen make sure you chose CF10+Tomcat Bundle and not JRun. 2. Make sure you selected Local and not remote. 3. Server home is the root of the server instance you are connecting to. [cfpath]\cfusion for the default instance [cfpath]\[your_instance_name] for any instance you created. So if you installed the defaults and want to connect CFBuilder to the default instance the Server home would be C:\ColdFusion10\cfusion Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Feb 15, 2013, at 5:35 PM, John M Bliss bliss.j...@gmail.com wrote: Hi. Just installed CF10 developer edition and attempting to register the server with CFBuilder. Stuck on: Server Home: (Enter the server home directory) I've tried: C:\ColdFusion10 C:\ColdFusion10\cfusion ...and both give me, Server home is not valid. Help? -- John Bliss - http://about.me/jbliss ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354540 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF10 CFBuilder
John, I know about it because I did the same thing the first time. Easy to miss. Enjoy TGIF! I already have a TGIF cigar burning. Drinks to start soon. Cheers! Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Feb 15, 2013, at 5:55 PM, John M Bliss bliss.j...@gmail.com wrote: 1. On the previous screen make sure you chose CF10+Tomcat Bundle and not JRun Geez, that was it. Apparently, I should not start TGIF happy hour before doing stuff like this. ;-) Thanks, Wil. On Fri, Feb 15, 2013 at 5:46 PM, Wil Genovese jugg...@trunkful.com wrote: a couple things: 1. On the previous screen make sure you chose CF10+Tomcat Bundle and not JRun. 2. Make sure you selected Local and not remote. 3. Server home is the root of the server instance you are connecting to. [cfpath]\cfusion for the default instance [cfpath]\[your_instance_name] for any instance you created. So if you installed the defaults and want to connect CFBuilder to the default instance the Server home would be C:\ColdFusion10\cfusion Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Feb 15, 2013, at 5:35 PM, John M Bliss bliss.j...@gmail.com wrote: Hi. Just installed CF10 developer edition and attempting to register the server with CFBuilder. Stuck on: Server Home: (Enter the server home directory) I've tried: C:\ColdFusion10 C:\ColdFusion10\cfusion ...and both give me, Server home is not valid. Help? -- John Bliss - http://about.me/jbliss ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354542 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Anyway to automatically convert to URLSESSIONFORMAT
First off, passing session data on the URL should NEVER be done in my opinion. Especially the old integer, guessable, repeatable CFID and CFTOKEN. You are just open the door to session highjacking and cross site scripting attacks. Plus if someone bookmarks a URL with that session data they will steal that sessionID if it is in use by someone else when they come back to the site. It can happen. I've seen it happen. You should enable J2EE Session variables. This will set a session cookie that will expire at the end of the session. If you do not want CFID and CFTOKEN cookies at all then you should disable clientmanagement and clientcookies in you application.cfm/cfc file. Regards, Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Feb 8, 2013, at 4:28 PM, Leigh cfsearch...@yahoo.com wrote: Can you ask why on Earth client say no cookies? That's sort of crazy. I do not think they are saying no cookies, rather that they be optional instead of mandatory. -Leigh ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354432 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Anyway to automatically convert to URLSESSIONFORMAT
Then setup the login authentication in the session scope and let J2EE session variables manage the sessions. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Feb 8, 2013, at 4:44 PM, Deborah Yoder dyo...@fes.follett.com wrote: My understanding is that the customer does not permit their employees to use cookies on their machines. So the way it is now, they can't even login to our site because we check for enabled cookies and, if not found, give them an error message. Leigh is correct that we want customers who allow cookies to be able to use them and those who have them disabled to still have access to the site. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354435 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: (ot) Fed Reserve Hack
This goes to show the poor quality of coders in the Government more than weaknesses in ColdFusion. Same for SysAdmins that fail to follow the lock down procedures. Any web application can be poorly written and any server can be poorly administered. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Feb 7, 2013, at 12:33 PM, Russ Michaels r...@michaels.me.uk wrote: some more great publicity for Adobe/CF On Thu, Feb 7, 2013 at 6:24 PM, Che Vilnonis ch...@asitv.com wrote: With all of the talk of CF security I thought I'd pass this along. According to Chris Wysopal of VeraCode, the site was running Coldfusion. https://www.veracode.com/blog/2013/02/stolen-data-headers-from-the-federal-r eserve-hack/ http://www.huffingtonpost.com/2013/02/05/federal-reserve-security-breach_n_2 622698.html ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354352 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: (ot) Fed Reserve Hack
I don't know about the pay level at the Federal level. I saw a posting for ColdFusion jobs with the State on MN (where I live) a couple years back and it was so far underpaid that I cannot imagine even a fresh newbie wanting to work at that scale. MN does hire it's on coders so thats why I thought he Fed did it that way too. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Feb 7, 2013, at 2:00 PM, Russ Michaels r...@michaels.me.uk wrote: Govt generally don't have their own coders, they outsource everything to agencies, who then outsource to contractors, and nothing is checked by anyone in between. Regards Russ Michaels www.michaels.me.uk www.cfmldeveloper.com - Free CFML hosting for developers www.cfsearch.com - CF search engine On Feb 7, 2013 6:36 PM, Wil Genovese jugg...@trunkful.com wrote: This goes to show the poor quality of coders in the Government more than weaknesses in ColdFusion. Same for SysAdmins that fail to follow the lock down procedures. Any web application can be poorly written and any server can be poorly administered. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Feb 7, 2013, at 12:33 PM, Russ Michaels r...@michaels.me.uk wrote: some more great publicity for Adobe/CF On Thu, Feb 7, 2013 at 6:24 PM, Che Vilnonis ch...@asitv.com wrote: With all of the talk of CF security I thought I'd pass this along. According to Chris Wysopal of VeraCode, the site was running Coldfusion. https://www.veracode.com/blog/2013/02/stolen-data-headers-from-the-federal-r eserve-hack/ http://www.huffingtonpost.com/2013/02/05/federal-reserve-security-breach_n_2 622698.html ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354357 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: ColdFusion MX 7 Updater 2
Amazingly those old bits on that NAS are still working. I do have that installer. It's a 295Mb file. How do you want it sent? Wil Genovese One man with courage makes a majority. -Andrew Jackson A fine is a tax for doing wrong. A tax is a fine for doing well. On Feb 5, 2013, at 11:22 AM, Mosh Teitelbaum mosh.teitelb...@evoch.com wrote: All: Any chance someone has a copy of the ColdFusion MX 7 Updater 2 for Win32 lying around? I have a client that is perfectly happy with their current version of CFMX 7, thank you very much, but we had to reinstall everything on a new server. I've installed 7.0.0 from CD but don't have access to the 7.0.2 updater. Anyone have it and willing to share? The filename should be coldfusion-70-updater2-win.exe and it should weigh in at about 46.1 MBs. MD5 Checksum of 8dde3d2e45541d2cf4e1db90d33668ab . Thanks in advance. -- Mosh Teitelbaum ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354313 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Source control in CF
Out of context for this thread? This thread was a question about how to do xyz with Subversion. Anything about using Git, the kewl kids are using Git, Git is Defacto, etc etc etc, is out of context. Every technology is a tool and each tool has it's uses. Just because some have manage to replace one tool for another does not mean it's right for some else's team. This technology zealotry is annoying at best and for the most part useless off-topic squabbling. Most of the replies here have not even addressed the OP and his questions, aside from my initial reply to the OP. SVN is very valid and is used heavily will continue to be used long from now. And the same should be said about Git. For those that remember the old slow Tortoise client maybe you should revisit SVN with a new client. As of the 1.7 releases of the SVN clients they no longer use the .svn files and folders. Additionally the 1.7 SVN clients work perfectly with the SVN 1.6 server. This change in client behavior has made working with very large repos mush easier and faster. If fact he new SVN clients are similar to the Git clients in that fashion. I hope the OP did find use in the first few responses before this SVN vs Git feud started. It would be a shame to drive a person away because instead of getting his question answered everyone decided to start a technology flame war. Now have a nice day. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Jan 30, 2013, at 10:01 AM, Matt Quackenbush quackfu...@gmail.com wrote: On Wed, Jan 30, 2013 at 9:56 AM, Andrew Scott wrote: Till then my view is not going to change, LOL. That's what we all love about you, my friend! :-) in a team SVN is far better when you know how to use it right. And there are countless teams who have used both - correctly - who vehemently disagree with you. But again, this is out of context for this thread, and therefore a non-starter. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354145 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Source control in CF
I have a few blog posts on setting up a Subversion server with a few web based tools. And a good post on the Subversive plugin for CFBuilder. http://www.trunkful.com/index.cfm/SVNVersion-Control You are correct in that you need a server for the team to access. P1: You need to use an SVN client such as tortoise or subversive and do an Import. P2: Jenkins is a good solution for pushing code to a staging server upon commit. P3: Read this: http://www.trunkful.com/index.cfm/2011/7/11/ColdFusion-Builder-2-and-the-Subversive-Plugin P4: Subversion does not do locking is the sense that CVS or TFS do. Typically you check out the code and edit then commit. If someone else is also editing the same file and checks it in before you do then you are required to reconcile the differences, merge and then commit the merge with their and your changes. There are several good PDF versions of Subversion books out there. I think one is even open source/free. Regards, Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Jan 29, 2013, at 5:11 PM, Michael Christensen mich...@strib.dk wrote: Hi all! At my company we're once again talking about setting up source control for our CF. I've been googling and reading for quite a while now and so far I've gathered, that we first of all need a SVN server of some sort on a central server, so that the entire team can access it. I've looked at VisualSVN Server and managed to install it and even add a repository. But now I am getting into problems, which I am hoping someone here might be able to help me solve; Problem 1: We naturally already have a whole bunch of code that we'd like to put into our repository - but I can't figure out how to do that. Is this where I need something like TortoiseSVN? And if so, how do I structure my repository? Problem 2: We don't use a setup where each developer runs a local copy of the code, instead we all run the code on a single develoment server, accessing the code-files via a webpath (\\server\project\file.cfm) So instead of checking the file out to a local copy, I'd like to use a exclusive-lock-in-place sort of thing - is this possible? Problem 3: I am trying to use the Subclipse plugin, but I simply can't figure it out. Does anyone know of a how to use Subclipse for dummies tutorial? Problem 4: Is it possible to auto-lock/check out files in Eclipse as soon as they are opened by a developer? (versus manually selecting to lock the opens a file? Or how does one go about ensuring that no two developers can change a file at the same time (referring to problem 2)? As you can tell, I'm at a bit of a loss at the moment, so any and all feedback is appreciated. Thanks a bunch! ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354112 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Does CF10 support 64-bit COM Objects?
Short answer - NO. Adobe thinks they might do it for the next version and made some lame claim about not having enough time to get it working in CF 9 and CF10. Wil Genovese One man with courage makes a majority. -Andrew Jackson A fine is a tax for doing wrong. A tax is a fine for doing well. On Jan 24, 2013, at 7:17 AM, Marty Franklin ma...@assetresearch.com wrote: I know CF9 did not support 64-bit COM Objects. Does anyone know if CF10 does? -- Best Regards, *Marty Franklin* /Information Technology/ *Asset Research Services, Inc.* ma...@assetresearch.com mailto:ma...@assetresearch.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354046 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Does CF10 support 64-bit COM Objects?
I agree Dave, Sometimes we are stuck supporting legacy code while upgrading platforms (newer servers and newer CF versions). I had to do this for one client. I finally convinced them to switch from the COM version of PDFLib to the new Java version that was available. At least in this case the there was an alternative. So yes, I agree that using an alternative to COM is a good thing, however there may be legacy cases that we are forced to support. Adobe should work on integrating the 64 BIT jIntegra http://j-integra.intrinsyc.com/ . Regards, Wil Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Jan 24, 2013, at 11:37 AM, Dave Watts dwa...@figleaf.com wrote: Jiminy Christmas, we live in a 64 bit world now, come-on Adobe! We also live in a .NET world. I'm not sure how many Adobe customers use COM any more. I would not recommend the use of COM from CF, based on its history of poor performance as a COM client. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354049 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Looking for affordable Colocation
Edgeweb is by far the best on the east coast IMHO Hostek is very good too. And the give me a little $ to promote them, But they are in the Oklahoma :) http://hostek.com/aff.php?aff=630p=CF Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Jan 12, 2013, at 9:56 AM, Robert Rhodes rrhode...@gmail.com wrote: Hello, I am looking for 2 to 4 rack-spaces of affordable co-location on the east coast, with decent quality transit. Any suggestions? -RR ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353846 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Lite CFML Editor
So far I have not found one for iPad that actually works. If anyone has, I'd love to know about it. Wil Genovese One man with courage makes a majority. -Andrew Jackson A fine is a tax for doing wrong. A tax is a fine for doing well. On Jan 10, 2013, at 6:29 PM, John M Bliss bliss.j...@gmail.com wrote: Hi! Quick poll: I'd like to install a lite, free, CFML editor onto a computer (not my main computer) where the editor is suitable for me to use my iPad to RDC to the computer and edit existing code. Suggestions? -- John Bliss - http://about.me/jbliss ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353825 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: New Security Issue with CF
I am investing a server that has been hit. I am seeing these files were created at the time of the attack. C:\ColdFusion9\wwwroot\WEB-INF\cfclasses\cfh2ecfm509131890$funcLOC.class C:\ColdFusion9\wwwroot\WEB-INF\cfclasses\cfh2ecfm509131890.class C:\ColdFusion9\wwwroot\WEB-INF\cfclasses\cfi2ecfm506365939.class C:\ColdFusion9\wwwroot\WEB-INF\cfclasses\cf7einfo2drequest2dsend2ecfm170364941.class I do not know what they do as of yet. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Jan 2, 2013, at 11:00 PM, Robert Rhodes rrhode...@gmail.com wrote: Thanks. I saw that afterwards. I was freaking out a bit there. Still am. :( I have gone through the logs on that server (windows 2008 R2 server running IIS7.5 and CF9.02) and the hacker loaded his script 1 time each on 15 different sites. They all look like this: 2013-01-02 00:15:15 192.168.55.129 GET /CFIDE/h.cfm - 80 - 178.170.124.210 python-requests/0.14.2+CPython/2.7.3+Linux/3.2.0-32-generic 200 0 0 171 But on 3 of the sites, he also loaded: help,cfm, administrator.cfc, mappings.cfm, scheduleedit.cfm, and scheduletasks.cfm but there are no scheduled tasks showing in the administrator. I checked the CF Administrator log and found nothing. Fortunately, he missed the one site (none of his crap shows up in its logs) where there was sensitive information, so assuming he could not traverse directories, I am hoping I am ok there. I ran his file (after renaming it), and none of my datasources showed up (it was an empty select). I am hoping I am good there too. It looks like his script it needs to be driven by a human (a lot of it is a form). So I am hoping that the one hit I see on most of those sites is an automated hit to see if the script is there, then he was going to come around later and do his damage -- and he never did. Wishful thinking right? I don't see any other signs of trouble anywhere, but am very worried that something bad has happened that I have just not stumbled on yet. Any suggestions or advice? Any place else I should be looking? Am I fooling my self to think I got lucky here? I have shut down CF on that server and am now searching all other servers for h.cfm. So far nothing. Tomorrow, I will completely wipe that server and reload it. -RR On Wed, Jan 2, 2013 at 10:16 PM, Raymond Camden raymondcam...@gmail.comwrote: Charlie posted an update: http://www.carehart.org/blog/client/index.cfm/2013/1/2/Part2_serious_security_threat On Wed, Jan 2, 2013 at 9:00 PM, Robert Rhodes rrhode...@gmail.com wrote: Oh man I just looked and one of my standby servers got hit with this. Somehow we forgot to patch that one. It had a bunch of sites on it, but none of them were actually live (because it was a standby server). So I have questions. Does anyone know that this thing does? I can just wipe this box and reload it, but it was on the network with our other windows servers (some of which are SQL database servers). Is it possible this hacker could have accessed other other servers through this hack? Do we know the steps yet to clean up the mess? Any idea where to look for damage that the hacker has caused? I am a little lost here. :( -RR On Wed, Jan 2, 2013 at 3:52 PM, Russ Michaels r...@michaels.me.uk wrote: and also read the following article. http://www.michaels.me.uk/post.cfm/securing-your-coldfusionmx-installation-on-windows On Wed, Jan 2, 2013 at 7:47 PM, Larry Lyons larrycly...@gmail.com wrote: A new CF security issue was just discovered a few days ago. You may want to forward this information to whomever is your CF Admin. http://www.carehart.org/blog/client/index.cfm/2013/1/2/serious_security_threat To make a very long story short, the exploit allows a hacker to upload a file is put on the server. This gives a hacker pretty much unfettered access to a lot of things including reading/downloading/uploading/renaming and creating files, accessing datasource information, and more. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353737 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: New Security Issue with CF
Never mind - I just realized this server has template caching turned on. duh. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Jan 3, 2013, at 12:14 AM, Wil Genovese jugg...@trunkful.com wrote: I am investing a server that has been hit. I am seeing these files were created at the time of the attack. C:\ColdFusion9\wwwroot\WEB-INF\cfclasses\cfh2ecfm509131890$funcLOC.class C:\ColdFusion9\wwwroot\WEB-INF\cfclasses\cfh2ecfm509131890.class C:\ColdFusion9\wwwroot\WEB-INF\cfclasses\cfi2ecfm506365939.class C:\ColdFusion9\wwwroot\WEB-INF\cfclasses\cf7einfo2drequest2dsend2ecfm170364941.class I do not know what they do as of yet. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Jan 2, 2013, at 11:00 PM, Robert Rhodes rrhode...@gmail.com wrote: Thanks. I saw that afterwards. I was freaking out a bit there. Still am. :( I have gone through the logs on that server (windows 2008 R2 server running IIS7.5 and CF9.02) and the hacker loaded his script 1 time each on 15 different sites. They all look like this: 2013-01-02 00:15:15 192.168.55.129 GET /CFIDE/h.cfm - 80 - 178.170.124.210 python-requests/0.14.2+CPython/2.7.3+Linux/3.2.0-32-generic 200 0 0 171 But on 3 of the sites, he also loaded: help,cfm, administrator.cfc, mappings.cfm, scheduleedit.cfm, and scheduletasks.cfm but there are no scheduled tasks showing in the administrator. I checked the CF Administrator log and found nothing. Fortunately, he missed the one site (none of his crap shows up in its logs) where there was sensitive information, so assuming he could not traverse directories, I am hoping I am ok there. I ran his file (after renaming it), and none of my datasources showed up (it was an empty select). I am hoping I am good there too. It looks like his script it needs to be driven by a human (a lot of it is a form). So I am hoping that the one hit I see on most of those sites is an automated hit to see if the script is there, then he was going to come around later and do his damage -- and he never did. Wishful thinking right? I don't see any other signs of trouble anywhere, but am very worried that something bad has happened that I have just not stumbled on yet. Any suggestions or advice? Any place else I should be looking? Am I fooling my self to think I got lucky here? I have shut down CF on that server and am now searching all other servers for h.cfm. So far nothing. Tomorrow, I will completely wipe that server and reload it. -RR On Wed, Jan 2, 2013 at 10:16 PM, Raymond Camden raymondcam...@gmail.comwrote: Charlie posted an update: http://www.carehart.org/blog/client/index.cfm/2013/1/2/Part2_serious_security_threat On Wed, Jan 2, 2013 at 9:00 PM, Robert Rhodes rrhode...@gmail.com wrote: Oh man I just looked and one of my standby servers got hit with this. Somehow we forgot to patch that one. It had a bunch of sites on it, but none of them were actually live (because it was a standby server). So I have questions. Does anyone know that this thing does? I can just wipe this box and reload it, but it was on the network with our other windows servers (some of which are SQL database servers). Is it possible this hacker could have accessed other other servers through this hack? Do we know the steps yet to clean up the mess? Any idea where to look for damage that the hacker has caused? I am a little lost here. :( -RR On Wed, Jan 2, 2013 at 3:52 PM, Russ Michaels r...@michaels.me.uk wrote: and also read the following article. http://www.michaels.me.uk/post.cfm/securing-your-coldfusionmx-installation-on-windows On Wed, Jan 2, 2013 at 7:47 PM, Larry Lyons larrycly...@gmail.com wrote: A new CF security issue was just discovered a few days ago. You may want to forward this information to whomever is your CF Admin. http://www.carehart.org/blog/client/index.cfm/2013/1/2/serious_security_threat To make a very long story short, the exploit allows a hacker to upload a file is put on the server. This gives a hacker pretty much unfettered access to a lot of things including reading/downloading/uploading/renaming and creating files, accessing datasource information, and more. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353738 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF10 and IIS
It hasn't needed any II6 extensions for the installations I've done. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Dec 20, 2012, at 2:13 PM, Chad Gray cg...@careyweb.com wrote: Does CF10 needs the IIS 6 Metabase? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353570 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: JRUN Version
That last update was for the separate download of JRUN that used to be available. The one shipped with ColdFusion was being updated well beyond that date. At least thats what I was told by persons at Adobe. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Nov 16, 2012, at 2:53 PM, Steve LaBadie slaba...@po-box.esu.edu wrote: From what I see on the Adobe site the last updater was October 2007. Steve LaBadie, Web Manager East Stroudsburg University 570-422-3999 slaba...@esu.edu -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Friday, November 16, 2012 3:47 PM To: cf-talk Subject: Re: JRUN Version Is jrun's version specific to the version of CF running on the server. Not necessarily, but usually, yes. Recent versions of CF all have JRun 4, with different patch levels. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353217 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: latest Adobe-approved 1.6 JDK ?
Adobe no longer Approves minor point versions. ALL 1.6.0_nn versions are supported. Make sure you have something past 1.6.0_24. Enjoy Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Nov 9, 2012, at 12:10 PM, Chris 0404tow...@gmail.com wrote: Hi, our security folks have asked for something more recent that the Adobe approval for JDK 1.6.0_24 here http://helpx.adobe.com/coldfusion/kb/oracle-security-alert-cve-2010.html We haven't found anything yet, and am attempting to contact Adobe. What is the most recent version of 1.6 that Adobe has documented approval for? many thanks Chris ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353110 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: efflare cfx image cr 3
Yes, we do it here at CF Webtools for a VERY large client site that processes tons of images. One of our guys has blogged about setting it up - http://christierney.com/2011/02/01/installing-imagecr3-on-64-bit-multi-instance-coldfusion-server/ I hope this helps. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Nov 5, 2012, at 12:45 PM, Terry Troxel terry.tro...@gmail.com wrote: Has anyone tried to use CFX_IMAGECR3 with windows server 64 bit and CF9 64 bit successfully? Terry ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353064 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: encrypt / decrypt question
Which encryption method are you using? The stronger ones require that you also install the Java Cryptography Extension. http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Nov 4, 2012, at 7:32 PM, Eric Bourland e...@ebwebwork.com wrote: Greetings. I have what is probably a very basic question, about which I have done a lot of reading - I still need some help. I am trying to use the encrypt function to encrypt a credit card number. I am placing the key as a variable in application.cfc, thus: cfset request.encryptionKey = 128-bit character string To encrypt the credit card number, I use this line in my insert statement: CreditCardNumber = cfqueryparam cfsqltype=cf_sql_varchar value=#encrypt(form.CreditCardNumber,request.encryptionkey,AES)#, ColdFusion returns this error: An error occurred while trying to encrypt or decrypt your input string: '' Can not decode string (encryption key).. How would you handle this? I simply want to: 1) Encrypt the credit card number that is placed in the database - so that even if someone compromises the database, the data is encrypted 2) Decrypt the credit card number when it is displayed on a secure administration page Should I not place the 128-bit key in application.cfc - but instead use the generatesecretkey function? Thank you for any advice. Eric *** Eric Bourland Internet Project Development Washington DC email: mailto:e...@ebwebwork.com e...@ebwebwork.com web: ebwebwork.com mobile: 202-390-0185 fax: 202-315-5809 Skype: ericbourland1968 Yahoo IM: eab_68 AOL IM: ebwebwork ICQ IM: 23780065 MSN IM: ebwebwork Google IM: ebwebwork ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353051 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: encrypt / decrypt question
Eric, A while back I was testing all the encryption and decryption types and wrote a short cfm page that let me do the testing. The code there is a good example of how it all works. Instead of trying to write it up and post here I created a very short and sweet blog post about this. http://www.trunkful.com/index.cfm/2012/11/4/Encryption-and-Decryption-in-ColdFusion I hope this helps. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353053 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: encrypt / decrypt question
Sure thing. The best way to know the correct one is to open your jvm.config file in c:\ColdFusion9\runtime\jre\bin and looking at the java path. From the options you gave below I would guess, based on experience, that this is the correct folder. c:\ColdFusion9\runtime\jre\lib\security\ For those with Multi-instance installs the paths will be different. For those that have updated their Java versions the paths may be different. That's why I say look in your jvm.config file(s). Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Nov 4, 2012, at 9:37 PM, Eric Bourland e...@ebwebwork.com wrote: c:\ColdFusion9\runtime\jre\lib\security\ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353056 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: encrypt / decrypt question
Yes, somewhere in the code you need to do generateSecretKey(Form.encryptType); This is line 44 of the example code in my blog post. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Nov 4, 2012, at 10:23 PM, Eric Bourland e...@ebwebwork.com wrote: Making progress on this task. I'm getting an error about decoding. Here is my current insert statement: CreditCardNumber = cfqueryparam cfsqltype=cf_sql_varchar value=#encrypt(form.CreditCardNumber,request.encryptionkey,AES,UU)# When I submit my update form, I get this error: An error occurred while trying to encrypt or decrypt your input string: '' Can not decode string (string value from request.encryption key) So, in application.cfc, I think I need to set up a value for #request.encryption# that the AES / UU method is able to decode. What do you think is a good way for me to derive a value for #request.encryption# that the AES / UU method will understand? I hope this question makes sense. Thank you again for your advice. Eric -Original Message- From: Wil Genovese [mailto:jugg...@trunkful.com] Sent: Sunday, November 04, 2012 9:58 PM To: cf-talk Subject: Re: encrypt / decrypt question Eric, A while back I was testing all the encryption and decryption types and wrote a short cfm page that let me do the testing. The code there is a good example of how it all works. Instead of trying to write it up and post here I created a very short and sweet blog post about this. http://www.trunkful.com/index.cfm/2012/11/4/Encryption-and-Decryption-in-Col dFusion I hope this helps. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353059 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
ColdFusion Love on Slashdot
ColdFusion getting some love on Slashdot http://developers.slashdot.org/story/12/10/12/023206/ask-slashdot-best-approach-to-reenergize-an-old-programmer Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352896 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Issue with decrypt in CFMX 9.01
Try downloading and installing the Java cryptography extension. Wil Genovese One man with courage makes a majority. -Andrew Jackson A fine is a tax for doing wrong. A tax is a fine for doing well. On Oct 9, 2012, at 9:33 AM, DeMarco, Alex wrote: I had an old app running on CFMX 9 32bit on Win 2003, We recently started testing it on CFMX 9.01 (fully patched) Windows 2008 r2 64bit. We are getting this error: An error occurred while trying to encrypt or decrypt your input string: The input and output encodings are not same.. I do understand what the error means however, I do not understand why it is happening with all things relatively equal between the old and new server. Does CFMX 9.01 handle encryption of cookies differently than 9 did? Here is the snippet that is failing: CFSET UserInfo = Decrypt(Cookie.pwdEncryptedID, Attributes.ENCRYPTKEY) Any ideas or suggestions are appreciated. Thanks! - Alex ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352871 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF10 Update Errors
Yes - You will get that if you DID NOT do this update. http://blogs.coldfusion.com/post.cfm/coldfusion-10-mandatory-update Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Oct 5, 2012, at 11:20 AM, Chad Baloga wrote: Does anyone else keep getting the below message when trying to update CF10 from the administrator?: Error occurred while installing the update: Failed Signature verification ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352859 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF8 Instance hogs cpu
Perhaps code is the issue. Perhaps a custom tag is the issue. Details are needed before anyone can give any sort of reasonable answer. How much traffic is the site getting? requests/second? What is the code processing? What is the code accessing? Is the database responding properly? These and many more questions need to be answered. ColdFusion iteself does not just suck up all your CPU cycles. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Oct 2, 2012, at 5:32 PM, Richard Steele wrote: We have a problem with one of our CF8 Enterprise instances. Almost daily, it hogs the entire cpu of the server and the service has to be restarted. Over 2.5 gb of memory is dedicated to this instance. It reaches that ceiling within several hours of use. Perhaps garbage collection can't keep up? Is there a way to limit the cpu resources given to an instance? How do we troubleshoot what might be causing this? Thanks! Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352820 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Another weird SQL Injection attempt
Looks like the same attack tried my servers too - too bad for them it failed. Long Live CFQueryParam amongst other little tools. Oh, and running PostgreSQL database :-) Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Sep 30, 2012, at 8:01 PM, Scott Slone wrote: Just battled this today myself Here's some more information on it. https://isc.sans.edu/diary.html?storyid=12127 On 9/30/12 5:58 PM, Les Mizzell lesm...@bellsouth.net wrote: Never seen this before! Script in Application file, as usual, caught it before it got further... Here's what was tried: /index.cfm?action=dance.school%29%29%2F%2A%2A%2For%2F%2A%2A%2F1%3D%40%40ve rsion--40version--=MSOTlPn_View=0MSOTlPn_ShowSettings=False%27%2F%2A%2A% 2For%2F%2A%2A%2F1%3D%40%40version%29--MSOGallery_SelectedLibrary=MSOGall ery_FilterString=MSOTlPn_Button=none__REQUESTDIGEST=MSOAuthoringConsole _FormContext=MSOAC_EditDuringWorkflow=MSOSPWebPartManager_DisplayModeNam e=BrowseMSOWebPartPage_Shared=MSOLayout_LayoutChanges=MSOLayout_InDesig nMode=MSOSPWebPartManager_OldDisplayModeName=BrowseMSOSPWebPartManager_S tartWebPartEditingName=falseASB_TextDT_Props=ASB_DateTimeDT_Props=Write% 23%3B%23CreatedASB_ResType_Query=__VIEWSTATE=PostList%24ctl06%24ctl26%24 ctl01=nochangectl00%24ctl00%24bcr%24bcr%24ctl01%24ctl03%24ctl00%24PostLis t%24ctl07%24ctl26%24ctl01=nochangectl00%24ctl00%24bcr%24bcr%24ctl01%24ctl 03%24ctl00%24PostList%24ctl08%24ctl26%24ctl01=nochangectl00%24ctl00%24bcr %24bcr%24ctl01%24ctl03%24ctl00%24PostList%24ctl09%24ctl26%24ctl01=nochange ctl00%24ctl00%24bcr%24bcr%2 4ctl01%24ctl03%24ctl00%24PostList%24ctl10%24ctl26%24ctl01=nochangectl00%2 4ctl00%24bcr%24bcr%24ctl01%24ctl03%24ctl00%24PostList%24ctl11%24ctl26%24ct l01=nochangectl00%24ctl00%24bcr%24bcr%24ctl01%24ctl03%24ctl00%24PostList% 24ctl12%24ctl26%24ctl01=nochangectl00%24ctl00%24bcr%24bcr%24ctl01%24ctl03 %24ctl00%24PostList%24ctl13%24ctl26%24ctl01=nochangectl00%24ctl00%24bcr%2 4bcr%24ctl01%24ctl03%24ctl00%24PostList%24ctl14%24ctl26%24ctl01=nochangec tl00%24ctl00%24bcr%24bcr%24ctl01%24ctl03%24ctl00%24PostList%24ctl15%24ctl2 6%24ctl01=nochangectl00%24ctl00%24bcr%24bcr%24ctl01%24ctl03%24ctl00%24Pos tList%24ctl16%24ctl26%24ctl01=nochange00%24ContentPlaceHolder1%24FilterAdD efault1%24filterAdCar_ascxControl1%24checkBoxListMakeMore%240=ctl00%24Con tentPlaceHolder1%24FilterAdDefault1%24filterAdCar_ascxControl1%24checkBoxL istMakeMore%241=ctl00%24ContentPlaceHolder1%24FilterAdDefault1%24filterAd Car_ascxControl1%24checkBoxListMakeMore%242=ctl00%24ContentPlaceHolder1%2 4FilterAdDefault1%24filterA dCar_ascxControl1%24checkBoxListMakeMore%243=ctl00%24ContentPlaceHolder1% 24FilterAdDefault1%24filterAdCar_ascxControl1%24checkBoxListMakeMore%244= ctl00%24ContentPlaceHolder1%24FilterAdDefault1%24filterAdCar_ascxControl1% 24checkBoxListMakeMore%245=ctl00%24ContentPlaceHolder1%24FilterAdDefault1 %24filterAdCar_ascxControl1%24checkBoxListMakeMore%246=ctl00%24ContentPla ceHolder1%24FilterAdDefault1%24filterAdCar_ascxControl1%24checkBoxListMake More%247=ctl00%24ContentPlaceHolder1%24FilterAdDefault1%24filterAdCar_asc xControl1%24checkBoxListMakeMore%248=ctl00%24ContentPlaceHolder1%24Filter AdDefault1%24filterAdCar_ascxControl1%24checkBoxListMakeMore%249=ctl00%24 ContentPlaceHolder1%24FilterAdDefault1%24filterAdCar_ascxControl1%24checkB oxListMakeMore%2410=ctl00%24ContentPlaceHolder1%24FilterAdDefault1%24filt erAdCar_ascxControl1%24checkBoxListMakeMore%2411=ctl00%24ContentPlaceHold er1%24FilterAdDefault1%24filterAdCar_ascxControl1%24checkBoxListMakeMore%2 412=ctl00%24ContentP ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352786 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: r2 server (web edition(Can;t get CF installed on windows
I wish I could help, I have not been able to get been able to get 9.0.2 to install and run either. I tried the 64Bit version on Linux. Eventually I had to load 9.0 and then to the upgrade and patch process. Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Sep 3, 2012, at 12:09 AM, Robert Rhodes wrote: I agree. :) I am installing with: ColdFusion_9_WWEJ_win64.exe from the link here: http://www.adobe.com/support/coldfusion/downloads_updates.html#cf9 I have tried deinstalling and reinstalling CF9.02 a few times. I have also tried reloading the OS and starting from scratch a few times. No luck. I guess my next try will be to load from the 9.0 disc and do the updates. That's a pain but at least might get this damn server running. This really should not be this hard. Every other time I have done this it has gone fine. It's something about this particular build. --RR On Mon, Sep 3, 2012 at 12:41 AM, Andrew Scott andr...@andyscott.id.auwrote: Yeah something does seem to have gone wrong. And I have no real solutions to that problem, I can only guess at things to try like you are doing. But some of the things to double check, are you sure it is x64bit ColdFusion, I doubt that the 32bit would have problems installing though. Install as an Administrator, this is something that Adobe don't make it clear enough, but they will tell you it should be. Failing those two, could it be that the machine just needs a reboot before configuration of the connectors? Failing that I am not sure what else to suggest, but the description you give seems to be more of a problem with things not being setup correctly in IIS.. You could uninstall ColdFusion and then manually double check that all has been removed for CF, then try reinstalling CF and see if that fixes things. But failing that I know ColdFusion 9, had problems with running on IIS7.5, and the solution was to install it then install 9.01, and then configure ColdFusion. My thinking is maybe the installer is the 9.0 installer that has issues with IIS7.5? -- Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/113032480415921517411 -Original Message- From: Robert Rhodes [mailto:rrhode...@gmail.com] Sent: Monday, 3 September 2012 2:33 PM To: cf-talk Subject: Re: r2 server (web edition(Can;t get CF installed on windows Each time I have tried running the config tool after installation, it has shown that the server was already configured. I have tried to remove and reinstall the web configuration, and still get the same errors. It's almost as if the 64bit windows 9.0.2 installer just has a problem. (but I am still betting that I screwed something up). ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352404 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Any way to log every call to stored procedures
I didn't find anything in any of the CF Admin API's for this. I do think this
would be a good idea so I added a feature request to the Adobe Bug Base. Voter
for it if you think this is a good idea.
https://bugbase.adobe.com/index.cfm?event=bugid=3322414
Feature 3322414
Title
ColdFusion 11 - more Debug API features
Description
I would like to be able to access the Debug API to do more than just adjust the
Debug settings. I'd like to capture the Debug output data so we can do what
ever we want with it.
A current example is with a massive code base we inherited, there isn't an UML
or documentation anywhere. There are thousands of stored proces. We'd like to
be able to log/record all the SP's and queries called on each page (URL) thus
helping to generate a mapping of things.
I think more features in the Debug API would allow for this.
Example ideas:
Debug.queries();
Debug.stackTrace();
Debug.scope('session');
Debug.scope('application');
Etc
Wil Genovese
Sr. Web Application Developer/
Systems Administrator
CF Webtools
www.cfwebtools.com
wilg...@trunkful.com
www.trunkful.com
On Aug 30, 2012, at 3:06 PM, kbutte...@yahoo.com kbutte...@yahoo.com wrote:
We have a client for whom we are doing a bunch of refactoring of code. As
part of the QA, the client would like to know, for every page, what stored
procedures are called and how that page is accessed.
So what I would like to do is to log the call stack and the stored procedures
called for every page.
That information is in the debug info, so it should be obtainable, but I
can't see how.
Any ideas?
Thanks,
Kathryn
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352381
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: JVM settings question
Do you have any metrics monitoring of the JVM? There can be any number of reason why sites are sluggish at times. Blindly altering the JVM settings may not help you and may hurt your cause. You can enable metrics logging in ColdFusion Standard by editing the JRUN.XML file. http://cfwhisperer.net/post.cfm/10-steps-to-a-stable-and-performant-web-application-step-2 You can download and run CFTracker http://www.cftracker.net You can install the Trial of Fusion Reactor or SeeFusion. All of these will give you greater insight into your server, JVM inner memory spaces and the last two can give you metrics data on the JDBC data. Odds are ColdFusion is keeping just fine. In most cases that I've worked on there are outside factors affecting the server; database, system I/O, backups, network issues, cfhttp calls, over active spiders, unexpected consequences of code when scaled etc. Regards, Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Aug 29, 2012, at 7:38 PM, Robert Rhodes wrote: Yes: Java HotSpot(TM) 64-Bit Server VM How about I try setting min and max heap size to 2gb and see how that goes? Anything else I should tweak? Garbage Collection? On Wed, Aug 29, 2012 at 8:05 PM, .jonah jonah@creori.com wrote: Are you running 64bit Java? You can give the JVM as much RAM as you can spare. On 8/29/12 4:56 PM, Robert Rhodes wrote: Hello to all. I have several Windows 2008 R2 x64 servers running Coldfusion 9 standard. Each has 6 gigabytes of RAM. Each runs about 50 fairly active sites. I have not had any JVM errors I know about but sometimes the sites run slower than they should, as if CF is having trouble keeping up. Any suggestions on JVM settings for this configuration? Currently, I have Min and Max JVM size both set at 1GB. I have changed no other arguments. Thanks for the help. -RR ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352345 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Looking for Homesite+
It would be nice if Adobe would opensource Homesite+ Then someone would have to learn how to program in Delphi. http://en.wikipedia.org/wiki/Macromedia_HomeSite http://en.wikipedia.org/wiki/Borland_Delphi Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Aug 16, 2012, at 11:15 AM, Bill Franklin wrote: It would be nice if Adobe would opensource Homesite+ Freundliche Grüße / Best regards, Bill Franklin Computer Integrated Mfg. Bayer CropScience LP 8400 Hawthorne Road, Room 2447 Kansas City, MO 64120 Tel: +1 816 242 2148 Fax: +1 816 242 2047 E-mail: bill.frank...@bayer.com Web: http://www.bayercropscience.com Vorstand: Sandra E. Peterson, Vorsitzende | Lykele van der Broek, Achim Noack, Rüdiger Scheitza, Michael A. Schulz Vorsitzender des Aufsichtsrats: Werner Baumann Sitz der Gesellschaft: Monheim am Rhein | Eintragung: Amtsgericht Düsseldorf, HRB 46985 -Original Message- From: Michael Muller [mailto:ad...@montaguema.net] Sent: Thursday, August 16, 2012 11:01 AM To: cf-talk Subject: Looking for Homesite+ I recently bought a new laptop and am installing all my apps on it, until I realized I can't find my old Dreamweaver CD anymore. Homesite+ is my editor of choice. I know this is a really old program and everyone has moved on to new tools, but I really like Homesite+ and am used to all the hot key commands. Is there anywhere I can get this app without having to buy a copy of the old DW CD on eBay? I tried looking online but all I see are torrents that want to install all kinds of other crap on your machine. Thanks. Mik ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352176 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
