I'm inferring from the use of Access 2007 that this is a customer with
champagne tastes and a beer budget.
One of my favorite - and most effective lines to clients borders on a
mantra: Anything is possible given enough time and money. Followed
closely by How bad do you want it and what are you
There is a robots.txt setting that may be of some use.
User-agent: *
Crawl-delay: 0.5
Tells all bots to only hit two pages per second.
I'm pretty sure Google does not follow this particular command, and I
know from sad experience that there are plenty of rogues out there who
will either pay
On Mon, May 7, 2012 at 4:28 PM, .jonah jonah@creori.com wrote:
Even some judicious just of cfcache will get you a long way.
Yup. For us, the expensive stuff was unique per page, but also part
of the problem that we never seemed to be able to get a handle on was
the concurrency demands
Just spent a fair bit of time getting sent from customer service, to
sales, to another sales guy, to customer service and then back to
sales. All but the last said the next person would be able to handle
this for me:
Late March I buy a CF9 std upgr from CF8. Get it around April 1 and off I go.
On Tue, May 29, 2012 at 2:43 PM, Brian Thornton wrote:
do a charge back and buy it from scratch..
I thought of that. American Express might work with me. I spend a
lot with them and they're pretty aggressive for their good customers,
but I would rather not use a nuclear weapon on a valued
On Tue, Oct 4, 2011 at 2:39 PM, Dave Watts wrote:
That looks like it's fun to maintain. Fortunately, there aren't ever
any new mobile devices.
With any luck its not so bad. That code is the CF version supplied by
http://detectmobilebrowsers.com.. Last updated Feb 28 according to the
site.
My experience with Viviotech has been nothing short of stellar. I
think all told between myself and the people I am still responsible
for, I have maybe 8 VPS' running a variety of things over there,
including CF. I saved a fortune over my former discrete dedicated
servers and paid almost no
Also 3rd party monitors detected no traffic telltales that would
indicate an attack of that magnitude was in progress.
So GD stepped on their own you-know-what and this was due to
incompetence rather than incompetence+malice. Not sure I feel that
much better about it.
On Tue, Sep 11, 2012 at
Thanks for posting. I thought I had my stuff locked down pretty well
but I screwed up and left a door open. The nature of this is almost
unbelievably nasty.
--
--m@Robertson--
Janitor, The Robertson Team
mysecretbase.com
~|
Things must be bad if they are issuing something that ominous-sounding
without a solution.
--
--m@Robertson--
Janitor, The Robertson Team
mysecretbase.com
~|
Order the Adobe Coldfusion Anthology now!
I am running a slew of VPS instances at Viviotech. Each VPS runs CF9
Enterprise. The VPS has 6GB of RAM available, and I have the JVM max
heap set to 2GB. Did some research on this some time ago and (right
or wrong) the consensus I found was that 2Gb was about the max that
you wanted to go.
On Wed, Jan 16, 2013 at 11:56 AM, DURETTE, STEVEN J wrote:
I believe that 2 gig limit was 32 bit OS. I run at much higher on 64 bit OS.
Ah I failed to mention it but I am running on Win 2k8/64
--
--m@Robertson--
Janitor, The Robertson Team
mysecretbase.com
Got it. Thx!
--
--m@Robertson--
Janitor, The Robertson Team
mysecretbase.com
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
Torrent Girl wrote:
Did you have a problem with timeouts or out of memory errors?
I have quite a bit of records
A loop like that shouldn't have any issues. Now, with that said I
haven't used generateSecretKey() for generating salt. Wouldn't
surprise me a bit if it was
Don't have an example handy cuz I don't use Access, but what about
using dbtype 'Other' and manually specifying the strings? the way we
used to have to do when mySQL support was dropped a few years back?
64-bit CF vs. 32-bit is so much more capable I'd do whatever it takes
to NOT go back to
On Wed, Mar 13, 2013 at 9:24 PM, Maureen wrote:
I moved 77 sites from Abode CF
If CF is dying, I wouldn't think that an engine using CFML is going to
be flourishing in its stead.
--
--m@Robertson--
Janitor, The Robertson Team
mysecretbase.com
I would rather keep files out of the web root entirely than risk having an
executable make it 'under the wire' so to speak. If I allow that, then
some other non-CF hack I haven't been savvy or prompt enough to patch - or
which is still unpatched - could let an attacker rename that file and
I need another set of eyeballs on this. I can't see what I'm doing wrong.
I'm building many thousands of static pages. I turned to cfthread to speed
things up. Each thread can output one page or more than one depending on
info retrieved. I use an array to manage the number of threads in use
: Money Pit [mailto:websitema...@gmail.com]
Sent: Friday, July 26, 2013 11:41 AM
To: cf-talk
Subject: cfthread execution slowdown
I need another set of eyeballs on this. I can't see what I'm doing wrong.
I'm building many thousands of static pages. I turned to cfthread to speed
things up
I rolled my own solution with CF coupled to Smartermail's support of
Plus-addressing. If you aren't familar with it, its pretty powerful.
Lets say my email is u...@domain.com. I send mail with CF as usual and set
CFMAIL's FailTo parameter to 'failedmail+1...@domain.com', where 1234 is
the
I've seen and dealt with plenty of CF10 404 issues since my install
yesterday, but this appears to be a new one:
This is my first CF10 installation. I am running with Update 11 in place.
Win2k8 R2/64bit.
1. CF Admin's missing template handler residing in the cfusion wwwroot is
nonfunctional.
Steve 'Cutter' Blades said
And, as a side, you can use an application level CF request 404 handler
by using the onMissingTemplate() method in Application.cfc.
Unfortunately this is a legacy site with an Application.cfm. I've looked
at converting it to a .cfc specifically to take advantage of
debugging marches on...
I took IIS 404 behavior back to default to simplify debugging. So ignoring
the weirdness I described earlier re: the IIS 404 handler, if I just
concentrate on the CF handler, I am saddled with a template that is not
firing.
I put up a thread on Stack Overflow. One
installed to another server (VPS) with identical OS - fresh install of CF
but same win2k8R2/64 and config and identical problem. At this point I'm at
a loss to do anything but downgrade to CF9 and wait for CF11. I hate to
throw away all that work but at some point you just have to cut your
a template per site, at least the functionality remains.
On Thu, Sep 19, 2013 at 1:55 PM, Money Pit websitema...@gmail.com wrote:
installed to another server (VPS) with identical OS - fresh install of CF
but same win2k8R2/64 and config and identical problem. At this point I'm at
a loss to do anything
If you are OK with not building it yourself, I'll put in another vote for
Evernote. I put it on every device I have (home desktop, office desktop,
laptop, phone and tablet). I can update my grocery list on my tablet while
sitting on the couch and when I get to the store, my shopping list is
Years ago I used Cybercon for full on dedicated servers. Then I moved to
CrystalTech for lower cost. THEN I moved to Viviotech and took advantage
of their killer-deal CF Enterprise VPS' (or they'll install Railo if you
ask for $0 monthly).
Recently I went back to Cybercon for some of my big
IMO the worst problem with CFINSERT or CFUPDATE is that you have to
supply the list of all form fields
I'm afraid you can add to that chasing your tail for no reason thanks to
creating a semi-opaque layer between yourself and JDBC/SQL
If you use CFINSERT/CFUPDATE the above seems, sooner or
Perhaps. Every time I flirt with cfinsert/cfupdate I learn to love them
all over again and then some stupid thing like what the OP is experiencing
ruins my afternoon and I remember why I swore them off in the first place.
When I write straight SQL I experience extra wear on my fingertips but my
I've got both Viviotech VPS' and another alternative you should consider -
Cybercon.com - for dedicated hosting. Cybercon was actually my first
dedicated host years ago but - while their uptime and hardware specs were
absolutely top-drawer... so was their pricing. They were very expensive.
Anyone hear anything from them? They've been completely off the air for
about an hour. Fast busy signal on the phone. Was originally just 'busy'
so I'm wondering if someone got thru to them before the phone went down.
--
--m@Robertson--
Janitor, The Robertson Team
mysecretbase.com
Yup sure enough mine just came back up too. I've noticed the same thing
over the years, re: the phones go down when they do as they're all on some
sort of shared platform. I have two VPN's with them and talked to a
colleague; we were all down so whatever it was it was widespread.
--
Jordan,
Thanks for chiming in. I'll pass along the above to my colleague. If
either of us Twitter'd (or chirped or whatever the term is) we'd have known
the score :-). Do want to mention for your own info that I was logged into
my VPS and saw it go down within a couple of minutes of the
Nick you are correct, strictly speaking. That simple example is harmless,
it runs only one time and is 'visible' only to the single client. Consider
what happens if the payload that is executed is nowhere nearly as benign.
At that point, code of some kind is being executed on your server that
To clarify, I was oversimplifying above when I said 'code is being executed
on your server'. Pete's script example would of course need to link up
with some other vulnerability for that to happen (i.e. an unpatched exploit
of some kind).
Since you can't predict such things, you minimize the
New site version running at http://new.lelandwest.com On some older
browsers (XP wkstns w/IE8 are definitely vulnerable) the site will not
maintain state - i.e. cfid and cftoken get new values on every page visit
(they're displayed on screen right now).
It doesn't always happen, even on the
that
will show you this.
see if there are multiple cfid/cftoken cookies set.
if so, that is likely the issues, and deleting all cookies should solve it.
On Thu, Mar 6, 2014 at 10:09 PM, Money Pit websitema...@gmail.com wrote:
New site version running at http://new.lelandwest.com On some older
, 2014 at 4:19 PM, Russ Michaels r...@michaels.me.uk wrote:
so if you check the cookies after running your code, is there only one cfid
and cftoken, or is there still 2
On Fri, Mar 7, 2014 at 12:17 AM, Money Pit websitema...@gmail.com wrote:
Well you were right I had multiple values
Yup I'm doing that. Put together a test page so as to take all of my code
out of the picture... although that back end has been fine for years... The
redesign was just a re-skin. But to be thorough I made this:
cfapplication
name=test_0915
sessionmanagement=Yes
clientmanagement=Yes
I think it was pretty clear that code he listed was being used solely to
diagnose a problem
Precisely. Its the production environment but not the production site.
I'm testing with some old in-office desktops that mimic the problem
reported to us by users when this site was live for roughly 24
I was thinking html code but yes thats a possibility as well. However a)
my test units are plain vanilla XP/IE8 wkstns and b) the CF code in
question has been running fine for years on these same desktops. We use
the web site in-house on a daily basis.
Worth noting: The demo code you were
Are you sure no cfpatches have been installed, specifically the one in the
link I sent earlier.
Well earlier I said
...it is CF9 with all patches.
But I should have said it is *9.01* with all patches. So yes APSB11-04
was definitely one of them. I subscribe to Foundeo's monthly (?)
Speaking of that linked article, I disabled the session fixation patch via
Pete's instructions (-Dcoldfusion.session.protectfixation=false in the JVM)
and so far I've got proper functionality. I've had inconsistent results
before this so I'm not declaring temporary victory just yet but this is
On Tue, Mar 11, 2014 at 11:52 AM, Dave Watts wrote:
No, I think you should only have the one cookie for jsessionid. I'm
not sure why you have the other two.
As you can imagine I did some reading on jsession vars after I opened up
this thread. Look at the comparison table here:
Someone has to say it: I came across my first ColdFusion is dying thread
when I was considering upgrading my server to ... CF 3.1. That was here I
think. Maybe it was the Allaire forum. Too many dead brain cells between
then and now to be sure.
--
--m@Robertson--
Janitor, The Robertson Team
I recently found the reason we were seeing two sets of cfid and cftoken
cookies. We had code similar to this running:
cfif myvars.KillSessionOnClose and IsDefined(cookie.CFID)
cfset variables.LocalCFID=cookie.CFID
cfset variables.LocalCFToken=cookie.CFToken
cfcookie name=CFID
I won't try to re-hash the entirely valid points Dave, Ben and others make
regarding the needed skill set that a server admin should have, nor where
the blame lies if a server is left unprotected/unpatched etc.
Consider this counterpoint: When a situation like the current one
arises... what do
Having been there/done that myself, I would follow Cameron's described
route. You don't want to be debugging so many different issues at once on
an OS you aren't intimately familiar with (and maybe not familiar at all).
You mentioned you are on Win2003. Have you by chance missed out on running
If you let your nephew install a server and don't
bother to double check his work, that is *your* fault, no one else.
What does this matter when the bad juju blows back publicly on the product
itself?
Blaming the customer for problems in other channels typically doesn't tend
to end well for
Dave wrote
But I think there's an important difference in expectations between
providing services and selling tools. My customers expect me to know
how to do things right - to understand how my tools work. When you buy
a tool, you are expected to know how to use the tool, and there is
only
Along the lines of Dave's original recommendation, here is a big leg up on
using StAX (not a spelling error... StAX = same idea as SAX to make long
story short)
http://jochem.vandieten.net/tag/stax/
The thread Jochem is referring to in his post was mine, and I used his code
and example to give
Speaking of learning regexes, Ben Forta's book comes to mind. I used it
myself to get started, and not so long ago bought one for an employee who
needed a Square 1 intro to them.
~|
Order the Adobe Coldfusion Anthology now!
I think the failto address is not used by CF to bounce messages,
only to provide a Return-Path: address in the message header,
and the bounce is generated by the destinee server, not CF.
Thats how I use it as well. Failto is used by the recipient to send back a
failure. I add in plus
Do you have admin control of this server or is it a shared host? If its a
server you control then its a simple matter to lock down the mail server,
right? Require smtp auth for all senders and then use smtp auth in your
cfmail statements in your code. That would be just step 1 of a hardening
To try and directly answer your question: I don't believe there are any
logs that nail down what template a bit of mail is sent from. mailsent.log
only says, for example:
Information,scheduler-3,01/03/14,18:32:18,,Mail: 'Subject Goes
Here' From:'whoe...@wherever.com' To:'vic...@spamworld.com'
Regarding the 'h.cfm' issue, go to the bathroom first (your upholstery will
thank me) and THEN sit down and read this.
http://www.carehart.org/blog/client/index.cfm/2013/1/2/serious_security_threat
and the two follow-on blog entries linked at page bottom. This did quite a
job of rocking many
if sending by CF but not using your code that could mean they are running
cf code you didn't write.
--
--m@Robertson--
Janitor, The Robertson Team
mysecretbase.com
~|
Order the Adobe Coldfusion Anthology now!
Any particular reason you are not using cfscript versions of try/catch?
Old version of CF?
try {
code goes here
}
catch(Any excpt) {
code goes here
}
Given any thought to a different image processor to see if you get a
different result? I'm thinking cfimage, assuming you are using at
Looks like the code you are using is bhImgInfo() from cflib, with only very
slight changes. There's more than one way to skin that cat:
https://gist.github.com/vikaskanani/6256084
looks more robust in the catch department. Maybe a little too robust, but
it also separates out the file read
I went thru this special brand of misery back in March of this year. Here
is the thread:
http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:64982
There's a lot more in that thread than here as to potential causes of this
problem.
--
--m@Robertson--
Janitor, The Robertson Team
Could not agree more with Russ' comments on CF hosting in his blog. I'll
never go back to shared hosting. I've got a couple of Viviotech VPS' that
I'm pretty happy with. One runs my personal stuff and old web site from
when I was a developer. Another runs about 30 low-traffic sites that work
Russ Michaels wrote:
doing debugging and load testing on a live production server is generally
a
bad idea.
On general principles, sure... although I'd say that a diagnostic reporter
like F-R belongs first and foremost on a production box.
To the OP... it sounds like you are stuck, so how good
If you want code samples on the error dumping stuff let me know. I worked
something up for an article years ago but its grown up since. A breadcrumb
array kept in the session scope has been key. Stores everything the user
does and gets dumped to the error file.
--m@--
Russ Michaels wrote:
I think you are incorrectly assuming that FusionReactor is a debugging and
load testing tool,
No not at all. Thats why I called it a 'diagnostic reporter' earlier on.
Something I don't need at all for the most part but need desperately when
things aren't going right and
No I don't. It all sits in memory unused. But if an error occurs this
info gets dumped out via my error handler where it can be used
post-mortem. Generally my error handler loops over a pre-defined list of
scopes and dumps them all out. Depending on the setting I've made, the
dump is either
I run a financial service site that has very complex pathways running
through it. This has saved me an enormous amount of time trying to figure
out how a series of user actions could uncover some sort of hole in the
code.
This thread got me tinkering and I did some tweaking. For starters when
66 matches
Mail list logo
