So Happy New Year everyone, I hope everyone had a fun and safe time last night. I have a new project or should I say new site I launched, IJustFeltLikeRunning.com which will track my running goals and other things. Check it out it's fun, and follow the RSS or subscribe if you want to keep up with my progress. I say Ray Camden's New Year resolutions, pretty cool stuff good luck Ray.
If anyone wants to share their resolutions please let me know. Hope everyone has a great year I know I'm working hard for one.
Happy Thanksgiving everyone I hope you all have a great day and everyone is safe. I just want to say I am very thankful for having such a great family, my wife who takes care of my three boys is amazing, with out her I would fall apart. My three boys who drive me to keep being a kid, and to enjoy life. Finally I'm thankful to have such a great job with a great company, although I must say I love what I do and it never feels like work.
Be safe everyone and if you drink please don't drive!!!
As you can see in the screen shot I selected 2 states and display a list of cities in my db for those states. Code attached enjoy!
So next week an "Information Security and Compliance Company" is doing a 16 hour "Application Penetration Test" on an application we developed. It's on a dedicated server with all the latest patches and is on lock down with IP address validation through the firewall. We have made sure every query is protected from SQL injection attacks and made sure any file uploaded to the application is uploaded outside the root and can not be called from a URL. We think we have covered all the bases, here is a list of what the application will go through.
Input Validation
Buffer Overflow
Cross Site Scripting
URL Manipulation
SQL Injection
Hidden Variable Manipulation
Cookie Modification
Authentication Bypass
Code Execution
Now some of these are basic security 101, and ColdFusion has lots of tools to address the attacks. Has anyone ever gone through this? If so what type of things were found? Can anyone give me any suggestion of things to check?
If your one of the cools kids and have a Mac (sorry windows guys) and you need to connect your development environment to a MSSQL server it's really easy. There are lots of guides out there on connecting ColdFusion to MSSQL but if your connecting from OS X server to Windows server there are 2 settings you need to check.
First once you log in to your development server under Object Explorer right click on the server name and click Properties. Under Security make sure "SQL Server and Windows authentication mode" is checked. Next click Connections and make sure "Allow remote connections to this server". If you setup you users and DB correctly you should be able to connect.
Two times this year I have wiped windows box and 2 times I wasted hours connecting to MSSQL from my iMac. I'm going to be adding more tips to help me and anyone else in the future.
Anyone know a better way to break out of XML mode so HTML can run in a ColdFusion Builder Extension.
cgi.http_host and server_name don't always work for what I need. My test app runs great on my Mac but fails if I install on my Windows box. Any suggestions would be great.
I was working on a project today and ran into this error
[Macromedia][SQLServer JDBC Driver]Value can not be converted to requested type
I did a quick search found a lot of theories on why and how it was caused. So it turns out it's a caching error, by default ColdFusion data sources pool 1000 statements, but how to fix. Almost all suggested restarting CF, which I cannot do, change the dsn name open page to error and then change back, or my favorite: "When in doubt kick it in the guts (restart JRUN)". They all work but not the best way to handle the error.
Easiest and best way to get rid of this error is to log in to CF Admin, click Data Sources, find your data source and click it then click Show Advanced Settings. Update "Max Pooled Statements" to zero, click submit, then run page. Now you can change it back. This removes the cached SQL select statements with out resetting connections to users.
