Quantcast
Channel: Adobe Community: Message List - ColdFusion

Re: Coldfusion 9 - prevent SQL injection while using dynamic table/view name

I hate to be "that guy", but dynamic table names are never a good idea.  Period.  Same with dynamic column names. The SQL injection risk is real.  You _could_ lose everything.  With a keystroke.  Your...

View Article


Re: Coldfusion 9 - prevent SQL injection while using dynamic table/view name

Useful additional point, of course.

View Article


Re: Coldfusion 9 - prevent SQL injection while using dynamic table/view name

Thanks Charlie, that was my though initially unfortunately emp id can be a varchar.What are the other ways coldfusion let to query dynamic sql object names without using store proc approach ?  I read...

View Article

How do I add an XML tag that has a period in it?

I have been using XmlElemNew to build my XML document, like this: <cfset RCPOS.ACORD.InsuranceSvcRq = XmlElemNew(RCPOS,"InsuranceSvcRq")><cfset RCPOS.ACORD.InsuranceSvcRq.RqUID =...

View Article

Re: Coldfusion 9 - prevent SQL injection while using dynamic table/view name

The cfqueryparam works by creating a prepared statement on the database. It will not wrap the value in quotes.  The actual implementation of prepared statements differs depending on which DB engine you...

View Article


Re: Understanding SOLR behaviour

Insofar as understanding why the two differ (between your dev and std implementations), you may want to consider a few things. I hope one or more may help you:could it be you've hit some unexpected...

View Article

Re: Can two IIS Websites with nearly Identical Code Basis be sent to the same...

Just to add a fine point to what's been said already, you ended your first message with a concern specifically about the impact of use of CFML caching functions. There's an interesting point to be made...

View Article

Re: How do I add an XML tag that has a period in it?

I don't think CF can do it.  Regardless of whether or not it's valid XML, I'd avoid using any special characters/punctuation in XML tag names. I'd suggest using an HTML entity to represent the period,...

View Article


Re: Coldfusion 9 - prevent SQL injection while using dynamic table/view name

pete_freitag  wrote You can avoid the risk of SQL Injection by sanitizing the variable, for example something like this: <cfparam name="empid" type="regex" pattern="^[a-zA-Z0-9]+$" default="0">...

View Article


Re: Adobe ColdFusion license bait and switch for SaaS companies

I only used those terms because Adobe used them to us. I would have explained our application in exactly the way you just explained yours. Adobe classified it differently.

View Article

Re: Understanding SOLR behaviour

Thank you Charlie for your response. >>> could it be you've hit some unexpected difference in the CF Developer edition vs Standard?  This issue had occurred to me and I did check the Adobe web...

View Article

Image may be NSFW.
Clik here to view.

Re: How do I add an XML tag that has a period in it?

<cfset RCPOS.ACORD.InsuranceSvcRq.PersAutoPolicyQuoteInqRq["com.AssuranceAmerica_QuoteRequestSeq "] = XmlElemNew(RCPOS,"com.AssuranceAmerica_QuoteRequestSeq")>

View Article

Re: How do I add an XML tag that has a period in it?

Thank you kazu98296633! That worked. You are a life saver!

View Article


Image may be NSFW.
Clik here to view.

Re: Understanding SOLR behaviour

Understood. Still, don't miss out on my proposal that FR could help, even just the free trial. Perhaps better (or until you do), I just remembered (and am now at my computer to confirm) that Solr DOES...

View Article

ISAPI Connector keeping stale connections inside Windows Container

I have containerized a ColdFusion application with IIS in a distributed mode. We need the distributed mode with IIS to set up the Windows Authentication. The issue I am running into is that when the...

View Article


Re: ISAPI Connector keeping stale connections inside Windows Container

Fahee, the issue may not really have to do with containerization, but rather a common problem that can happen when the CF web server connector is not properly tuned, for the number of sites you are...

View Article

Re: ISAPI Connector keeping stale connections inside Windows Container

I have done several tuning tests but none has worked. The site should come up at least once. We can't do reverse proxy since we HTTPRewrite occurs before Windows Auth. Let me test with the BonCode...

View Article


Re: Adobe ColdFusion license bait and switch for SaaS companies

Our company runs ColdFusion Standard licenses on AWS instances which we use to serve up websites we have developed for our clients.  We purchase a license for each individual AWS instance we have...

View Article

Re: Adobe ColdFusion license bait and switch for SaaS companies

My expectation would be that it will have no effect. You're already effectively buying one license per client, which is what Adobe is trying to get people to do. However, I am not a lawyer and this is...

View Article

Re: Adobe ColdFusion license bait and switch for SaaS companies

Digitoxin - I'm not sure if Dave Watts was interpreting your stated environment correctly.  If you have one AWS instance per client, each with its own CF license, then yes, I'd guess you are fine.  But...

View Article

Re: Adobe ColdFusion license bait and switch for SaaS companies

This is what I am concerned about.  We do have servers where we are hosting multiple sites for multiple clients.  Now, we develop and host the websites.  The clients themselves do not have access to...

View Article


Re: Adobe ColdFusion license bait and switch for SaaS companies

Digitoxin - "clients themselves do not have access to the source code or have the ability to do development on their own sites" - same in our case but that didn't matter.  Adobe sees it as missing out...

View Article


Re: ISAPI Connector keeping stale connections inside Windows Container

Do you really have a line in your uriworkermap.properties for /hello/*.cfm? This is suggested by the log line: Found a wildchar match '/hello/*.cfm=cfusion0'  If you do, why do you? What other sort of...

View Article

Image may be NSFW.
Clik here to view.

Re: Understanding SOLR behaviour

Thank you again Charlie for your wonderful help. I do have a plan B but I don't give up that easy being a big CFML fan and trying to get SOLR working on this is just a miles better solution any day. My...

View Article

Re: cfPdf Watermarking issue

Dave,Just to confirm that the essence of your suggestions above appear to has completely solved the problem I described. Thanks again for your input - most helpful!

View Article


Re: Understanding SOLR behaviour

kpakrp, the outputs you've just shown are different. Which gives me an idea: caching. That is certainly a setting which may differ between development and production environments. The usual practice is...

View Article

Re: cfc appending sql to return

Strange.Please mark your answer as correct. it will help someone else.

View Article

Re: How can ı start program

Hi nurcanb61753314, I am glad to see that you have solved the problem. Could you please share your solution here, and mark it as the correct answer? It will help someone else who has a similar problem.

View Article

Re: ISAPI Connector keeping stale connections inside Windows Container

Hi Charlie, The IIS container can reach the CF container. Both are on the same network. I have the worker file pointing to the correct host and port. URI Mapping is also working. The fact that...

View Article



Re: ISAPI Connector keeping stale connections inside Windows Container

Ugh, I hate distributed mode. I've never had good long-term success with it. If you can't get BonCode to work for you, you can still use IIS as a reverse proxy through Application Request Routing....

View Article

Re: Adobe ColdFusion license bait and switch for SaaS companies

Digitoxin, if you have more than one business customer web site on a CF license, Adobe claims that you are violating the "service bureau arrangement" of their perpetual license, section 2.6.4. It...

View Article

Re: Adobe ColdFusion license bait and switch for SaaS companies

On a related note, I would recommend using anonymous accounts if you want to comment on this thread with your own configuration, and haven't already been approached by Adobe (unlike cemerdem and a few...

View Article

Image may be NSFW.
Clik here to view.

Re: Adobe ColdFusion license bait and switch for SaaS companies

Yes, I agree with Dave. Do not use your real identity. They will come after you. AND don't fill out any questionnaire coming from Adobe. This whole thing started with a questionnaire they sent us "to...

View Article


variable is not reading

i Am doing a Page where I want to insert new apartment unit ms into a database along with uploading photos into to folder in the server. I am having an issue with a file path that is not being...

View Article

Re: variable is not reading

In your application.cfc, you are saving webpath without a scope which automatically puts it in the variables scope, but you are trying to reference it in your code under the request scope.  Try...

View Article

Image may be NSFW.
Clik here to view.

Re: Coldfusion 9 - prevent SQL injection while using dynamic table/view name

You know what tables are in your database, so you can essentially whitelist your dynamic query to only allow for queries to your actual tables. You could query your valid tables from your...

View Article


Re: ColdFusion 2018 CFCHART format="html" is not rendering graph

Priyank, Is this issue resolved?  Unfortunately, we are experiencing it in ColdFusion 2018 Update 4. Confused because this indicates resolved but the bug tracker indicates "To Fix". Your guidance would...

View Article


Image may be NSFW.
Clik here to view.

Re: ColdFusion 2018 CFCHART format="html" is not rendering graph

Okay, I see this is a pending issue.  It has been pending for a year.

View Article

Image may be NSFW.
Clik here to view.

Re: Can two IIS Websites with nearly Identical Code Basis be sent to the same...

do you know of official docs that describe this? i'm concerned because my files are hosted by IIS, which AJP's over to tomcat...so how does tomcat even know the filepaths...i'm assuming IIS sends the...

View Article

Re: Adobe ColdFusion license bait and switch for SaaS companies

We do provide custom agreements, all of which are confidential between the customer and Adobe. All of our Hosting Partners listed here can also provide hosted and/or licensed options for SAAS (Software...

View Article

Re: Can two IIS Websites with nearly Identical Code Basis be sent to the same...

I've been reading up on ColdFusion Help | Interoperating with JSP pages and servlets  and application names.  Would my two code bases need distinct application names?  That was suggested at...

View Article


Re: Adobe ColdFusion license bait and switch for SaaS companies

I consider receiving a threat from your sales people a negative experience. First threat came when I mentioned Lucee. Our sales person, Arun, told me that Adobe will sue us for 10 years of back use if...

View Article

Re: Can two IIS Websites with nearly Identical Code Basis be sent to the same...

I don't think IIS sends the contents of the file to Tomcat. It sends the file system location to Tomcat, which then reads the file itself. Dave Watts, Eidolon LLC.

View Article


Image may be NSFW.
Clik here to view.

Re: Can two IIS Websites with nearly Identical Code Basis be sent to the same...

Yes, your two separate applications would need separate application names even if they used the same code base, unless you had explicitly designed it not to - which would be extremely difficult and...

View Article

Re: Can two IIS Websites with nearly Identical Code Basis be sent to the same...

>tedius to doi've seen that application name is used for session and application scope from ColdFusion Help | Interoperating with JSP pages and servlets  so would the tedius being to not have...

View Article


Re: Can two IIS Websites with nearly Identical Code Basis be sent to the same...

Off the top of my head, I expect other features use the application name but don't know what those features are. Is there a reason why you don't want to give these applications separate names? Dave...

View Article

Re: Can two IIS Websites with nearly Identical Code Basis be sent to the same...

no, just trying to understand how it works, knowing how it breaks is a good way to figure out how it works.

View Article

Re: Adobe ColdFusion license bait and switch for SaaS companies

It is not nice to hear that if you use ColdFusion in your business you actually violate license terms automatically. If I put it in other way Adobe sells licenses that actually not can be used in...

View Article

Re: variable is not reading

Or ammarq, you could change the cfset to use request.webpath. Either would work in this case. The choice of which to do depends primarily on whether you have other code that refers to the webpath...

View Article


Image may be NSFW.
Clik here to view.

Re: ISAPI Connector keeping stale connections inside Windows Container

I have it working with both ISAPI and BonCode connectors. ARR method wouldn't work unfortunately since the CF container is running on Linux and can't do WinAuth. It has to be done through these...

View Article



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>