Re: Coldfusion 9 - prevent SQL injection while using dynamic table/view name
I hate to be "that guy", but dynamic table names are never a good idea. Period. Same with dynamic column names. The SQL injection risk is real. You _could_ lose everything. With a keystroke. Your...
View ArticleRe: Coldfusion 9 - prevent SQL injection while using dynamic table/view name
Useful additional point, of course.
View ArticleRe: Coldfusion 9 - prevent SQL injection while using dynamic table/view name
Thanks Charlie, that was my though initially unfortunately emp id can be a varchar.What are the other ways coldfusion let to query dynamic sql object names without using store proc approach ? I read...
View ArticleHow do I add an XML tag that has a period in it?
I have been using XmlElemNew to build my XML document, like this: <cfset RCPOS.ACORD.InsuranceSvcRq = XmlElemNew(RCPOS,"InsuranceSvcRq")><cfset RCPOS.ACORD.InsuranceSvcRq.RqUID =...
View ArticleRe: Coldfusion 9 - prevent SQL injection while using dynamic table/view name
The cfqueryparam works by creating a prepared statement on the database. It will not wrap the value in quotes. The actual implementation of prepared statements differs depending on which DB engine you...
View ArticleRe: Understanding SOLR behaviour
Insofar as understanding why the two differ (between your dev and std implementations), you may want to consider a few things. I hope one or more may help you:could it be you've hit some unexpected...
View ArticleRe: Can two IIS Websites with nearly Identical Code Basis be sent to the same...
Just to add a fine point to what's been said already, you ended your first message with a concern specifically about the impact of use of CFML caching functions. There's an interesting point to be made...
View ArticleRe: How do I add an XML tag that has a period in it?
I don't think CF can do it. Regardless of whether or not it's valid XML, I'd avoid using any special characters/punctuation in XML tag names. I'd suggest using an HTML entity to represent the period,...
View ArticleRe: Coldfusion 9 - prevent SQL injection while using dynamic table/view name
pete_freitag wrote You can avoid the risk of SQL Injection by sanitizing the variable, for example something like this: <cfparam name="empid" type="regex" pattern="^[a-zA-Z0-9]+$" default="0">...
View ArticleRe: Adobe ColdFusion license bait and switch for SaaS companies
I only used those terms because Adobe used them to us. I would have explained our application in exactly the way you just explained yours. Adobe classified it differently.
View ArticleRe: Understanding SOLR behaviour
Thank you Charlie for your response. >>> could it be you've hit some unexpected difference in the CF Developer edition vs Standard? This issue had occurred to me and I did check the Adobe web...
View ArticleRe: How do I add an XML tag that has a period in it?
<cfset RCPOS.ACORD.InsuranceSvcRq.PersAutoPolicyQuoteInqRq["com.AssuranceAmerica_QuoteRequestSeq "] = XmlElemNew(RCPOS,"com.AssuranceAmerica_QuoteRequestSeq")>
View ArticleRe: How do I add an XML tag that has a period in it?
Thank you kazu98296633! That worked. You are a life saver!
View ArticleRe: Understanding SOLR behaviour
Understood. Still, don't miss out on my proposal that FR could help, even just the free trial. Perhaps better (or until you do), I just remembered (and am now at my computer to confirm) that Solr DOES...
View ArticleISAPI Connector keeping stale connections inside Windows Container
I have containerized a ColdFusion application with IIS in a distributed mode. We need the distributed mode with IIS to set up the Windows Authentication. The issue I am running into is that when the...
View ArticleRe: ISAPI Connector keeping stale connections inside Windows Container
Fahee, the issue may not really have to do with containerization, but rather a common problem that can happen when the CF web server connector is not properly tuned, for the number of sites you are...
View ArticleRe: ISAPI Connector keeping stale connections inside Windows Container
I have done several tuning tests but none has worked. The site should come up at least once. We can't do reverse proxy since we HTTPRewrite occurs before Windows Auth. Let me test with the BonCode...
View ArticleRe: Adobe ColdFusion license bait and switch for SaaS companies
Our company runs ColdFusion Standard licenses on AWS instances which we use to serve up websites we have developed for our clients. We purchase a license for each individual AWS instance we have...
View ArticleRe: Adobe ColdFusion license bait and switch for SaaS companies
My expectation would be that it will have no effect. You're already effectively buying one license per client, which is what Adobe is trying to get people to do. However, I am not a lawyer and this is...
View ArticleRe: Adobe ColdFusion license bait and switch for SaaS companies
Digitoxin - I'm not sure if Dave Watts was interpreting your stated environment correctly. If you have one AWS instance per client, each with its own CF license, then yes, I'd guess you are fine. But...
View ArticleRe: Adobe ColdFusion license bait and switch for SaaS companies
This is what I am concerned about. We do have servers where we are hosting multiple sites for multiple clients. Now, we develop and host the websites. The clients themselves do not have access to...
View ArticleRe: Adobe ColdFusion license bait and switch for SaaS companies
Digitoxin - "clients themselves do not have access to the source code or have the ability to do development on their own sites" - same in our case but that didn't matter. Adobe sees it as missing out...
View ArticleRe: ISAPI Connector keeping stale connections inside Windows Container
Do you really have a line in your uriworkermap.properties for /hello/*.cfm? This is suggested by the log line: Found a wildchar match '/hello/*.cfm=cfusion0' If you do, why do you? What other sort of...
View ArticleRe: Understanding SOLR behaviour
Thank you again Charlie for your wonderful help. I do have a plan B but I don't give up that easy being a big CFML fan and trying to get SOLR working on this is just a miles better solution any day. My...
View ArticleRe: cfPdf Watermarking issue
Dave,Just to confirm that the essence of your suggestions above appear to has completely solved the problem I described. Thanks again for your input - most helpful!
View ArticleRe: Understanding SOLR behaviour
kpakrp, the outputs you've just shown are different. Which gives me an idea: caching. That is certainly a setting which may differ between development and production environments. The usual practice is...
View ArticleRe: cfc appending sql to return
Strange.Please mark your answer as correct. it will help someone else.
View ArticleRe: How can ı start program
Hi nurcanb61753314, I am glad to see that you have solved the problem. Could you please share your solution here, and mark it as the correct answer? It will help someone else who has a similar problem.
View ArticleRe: ISAPI Connector keeping stale connections inside Windows Container
Hi Charlie, The IIS container can reach the CF container. Both are on the same network. I have the worker file pointing to the correct host and port. URI Mapping is also working. The fact that...
View ArticleRe: ISAPI Connector keeping stale connections inside Windows Container
Ugh, I hate distributed mode. I've never had good long-term success with it. If you can't get BonCode to work for you, you can still use IIS as a reverse proxy through Application Request Routing....
View ArticleRe: Adobe ColdFusion license bait and switch for SaaS companies
Digitoxin, if you have more than one business customer web site on a CF license, Adobe claims that you are violating the "service bureau arrangement" of their perpetual license, section 2.6.4. It...
View ArticleRe: Adobe ColdFusion license bait and switch for SaaS companies
On a related note, I would recommend using anonymous accounts if you want to comment on this thread with your own configuration, and haven't already been approached by Adobe (unlike cemerdem and a few...
View ArticleRe: Adobe ColdFusion license bait and switch for SaaS companies
Yes, I agree with Dave. Do not use your real identity. They will come after you. AND don't fill out any questionnaire coming from Adobe. This whole thing started with a questionnaire they sent us "to...
View Articlevariable is not reading
i Am doing a Page where I want to insert new apartment unit ms into a database along with uploading photos into to folder in the server. I am having an issue with a file path that is not being...
View ArticleRe: variable is not reading
In your application.cfc, you are saving webpath without a scope which automatically puts it in the variables scope, but you are trying to reference it in your code under the request scope. Try...
View ArticleRe: Coldfusion 9 - prevent SQL injection while using dynamic table/view name
You know what tables are in your database, so you can essentially whitelist your dynamic query to only allow for queries to your actual tables. You could query your valid tables from your...
View ArticleRe: ColdFusion 2018 CFCHART format="html" is not rendering graph
Priyank, Is this issue resolved? Unfortunately, we are experiencing it in ColdFusion 2018 Update 4. Confused because this indicates resolved but the bug tracker indicates "To Fix". Your guidance would...
View ArticleRe: ColdFusion 2018 CFCHART format="html" is not rendering graph
Okay, I see this is a pending issue. It has been pending for a year.
View ArticleRe: Can two IIS Websites with nearly Identical Code Basis be sent to the same...
do you know of official docs that describe this? i'm concerned because my files are hosted by IIS, which AJP's over to tomcat...so how does tomcat even know the filepaths...i'm assuming IIS sends the...
View ArticleRe: Adobe ColdFusion license bait and switch for SaaS companies
We do provide custom agreements, all of which are confidential between the customer and Adobe. All of our Hosting Partners listed here can also provide hosted and/or licensed options for SAAS (Software...
View ArticleRe: Can two IIS Websites with nearly Identical Code Basis be sent to the same...
I've been reading up on ColdFusion Help | Interoperating with JSP pages and servlets and application names. Would my two code bases need distinct application names? That was suggested at...
View ArticleRe: Adobe ColdFusion license bait and switch for SaaS companies
I consider receiving a threat from your sales people a negative experience. First threat came when I mentioned Lucee. Our sales person, Arun, told me that Adobe will sue us for 10 years of back use if...
View ArticleRe: Can two IIS Websites with nearly Identical Code Basis be sent to the same...
I don't think IIS sends the contents of the file to Tomcat. It sends the file system location to Tomcat, which then reads the file itself. Dave Watts, Eidolon LLC.
View ArticleRe: Can two IIS Websites with nearly Identical Code Basis be sent to the same...
Yes, your two separate applications would need separate application names even if they used the same code base, unless you had explicitly designed it not to - which would be extremely difficult and...
View ArticleRe: Can two IIS Websites with nearly Identical Code Basis be sent to the same...
>tedius to doi've seen that application name is used for session and application scope from ColdFusion Help | Interoperating with JSP pages and servlets so would the tedius being to not have...
View ArticleRe: Can two IIS Websites with nearly Identical Code Basis be sent to the same...
Off the top of my head, I expect other features use the application name but don't know what those features are. Is there a reason why you don't want to give these applications separate names? Dave...
View ArticleRe: Can two IIS Websites with nearly Identical Code Basis be sent to the same...
no, just trying to understand how it works, knowing how it breaks is a good way to figure out how it works.
View ArticleRe: Adobe ColdFusion license bait and switch for SaaS companies
It is not nice to hear that if you use ColdFusion in your business you actually violate license terms automatically. If I put it in other way Adobe sells licenses that actually not can be used in...
View ArticleRe: variable is not reading
Or ammarq, you could change the cfset to use request.webpath. Either would work in this case. The choice of which to do depends primarily on whether you have other code that refers to the webpath...
View ArticleRe: ISAPI Connector keeping stale connections inside Windows Container
I have it working with both ISAPI and BonCode connectors. ARR method wouldn't work unfortunately since the CF container is running on Linux and can't do WinAuth. It has to be done through these...
View Article