Recent Activity
Recent Heroes of the BenNadel.com Community
-
Posted 240 comments since October 23, 2012
-
Posted 44 comments since January 15, 2014
-
Posted 361 comments since December 11, 2008
-
Posted 24 comments since August 12, 2021
-
Posted 87 comments since December 11, 2008
-
Posted 3 comments since November 15, 2024
-
Posted 2 comments since October 28, 2024
-
Posted 25 comments since December 11, 2008
-
Posted 22 comments since December 11, 2008
-
Posted 448 comments since October 5, 2014
-
Posted 3 comments since May 9, 2022
Recent Comments
Cutter replied to a post Formatting Dates In The Local Timezone With Alpine.js
Comment posted November 21, 2024
I've moved to using the Intl.DateTimeFormat for all of my date/time formatting. Native in all modern browsers, and can handle timezone conversions for me when needed. Plus the formatting that the Temporal API will use is the same under the hood.... read entire comment from Cutter.
Ben Nadel replied to a post Using fileGetMimeType() To Determine File Type In ColdFusion
Comment posted November 21, 2024
@James, When it comes to mime-types validation, I think there are two camps of people: Good actors who just happen to upload the wrong file (ex, they have a PDF that is actually a .pdf.zip or something they just don't realize what they're doing). Bad actors who are trying to do something malicious (... read entire comment from Ben Nadel.
Ben Nadel replied to a post Considering A Secure Encoding Technique Inspired By JWT In ColdFusion
Comment posted November 21, 2024
@Will, The session stuff is always tricky. But, I think a lot of my emotional baggage also comes from back in the day before I had ever learned about storing session info in a database (which is much more scalable than storing it in RAM on a single server). Plus, with something like Redis, you can e... read entire comment from Ben Nadel.
Will Belden replied to a post Considering A Secure Encoding Technique Inspired By JWT In ColdFusion
Comment posted November 21, 2024
So, I couldn't find all the code(mostly because I didn't write it), but we have an in-house cache and all the servers involved in that cache (usually a user server and a scheduled server) talk to each other to say "hey, I've updated this database record so clear any CFC's that represent it". This ha... read entire comment from Will Belden.
Ben Nadel replied to a post Rebuilding Incident Commander As A ColdFusion App
Comment posted November 21, 2024
I'm tinkering with a JWT-inspired "lite" encoding technique. It uses HMAC under the hood, like JWT; but, it less flexible and has fewer moving parts: https://www.bennadel.com/blog/4731-considering-a-secure-encoding-technique-inspired-by-jwt-in-coldfusion.htm Mostly, it just fun to think about this s... read entire comment from Ben Nadel.
Will Belden replied to a post Rebuilding Incident Commander As A ColdFusion App
Comment posted November 21, 2024
@Ben Nadel, You could look at JSON web tokens, too. But encrypted to a single, URL-safe string. IIRC JSON web tokens are plain-text, but there's a signature or something on them that your server can verify. Been a while since I've looked at them. You know... since we're brainstorming! Heh. One of th... read entire comment from Will Belden.
James Moberg replied to a post Using fileGetMimeType() To Determine File Type In ColdFusion
Comment posted November 20, 2024
After your article, I've started comparing my UDF's static configuration of extensions & MIME types. One the first mismatches was the .ai extension for Adobe Illustrator. My UDF returns application/postscript and Adobe's BIF returns application/illustrator. This article from 2022 states that the cor... read entire comment from James Moberg.
Ben Nadel replied to a post Rebuilding Incident Commander As A ColdFusion App
Comment posted November 20, 2024
@Danilo, Right now, this is primarily just a fun experiment (and would be something that I would personally use but might not appeal to anyone else). That said, you mention adding something like a GUID - so, I'm kind of exploring something a little bit along those lines right now. The "incident toke... read entire comment from Ben Nadel.
Ben Nadel replied to a post Formatting Dates In The Local Timezone With Alpine.js
Comment posted November 20, 2024
Yeah, especially with scheduling workflows. That's part of why I'm so drawn to the 3 hours ago kind of label where it makes sense; you don't have to worry as much about relative dates because it's more fuzzy. Of course, that doesn't make sense for something like a conference.... read entire comment from Ben Nadel.
Chris G replied to a post Formatting Dates In The Local Timezone With Alpine.js
Comment posted November 20, 2024
@Ben, @Ray, Ray makes a really great point. I agree that where schedules are concerned, it makes sense to render the dates in the timezone that in-person event will take place. If it were a virtual event, then local time makes sense. Either way, it probably makes sense to add the timezone designatio... read entire comment from Chris G.
Ben Nadel replied to a post Formatting Dates In The Local Timezone With Alpine.js
Comment posted November 20, 2024
@Raymond, That's a good point, especially in contexts that deal with scheduling where a misunderstanding could become a problem. For more passive contexts (like the date a comment was made or the date a PR was opened), the risk a problem is considerably less. In the case of a physical world scheduli... read entire comment from Ben Nadel.
Raymond Camden replied to a post Formatting Dates In The Local Timezone With Alpine.js
Comment posted November 20, 2024
One word of caution for this approach. I was on a trip to CA once, attending a conference, and looking at their schedule. The web page automatically changed the times to my tz, and since it was very close (2 hours difference), I didn't know, and, I assumed the times were in PST as it was a CA confer... read entire comment from Raymond Camden.
Danilo Celic replied to a post Rebuilding Incident Commander As A ColdFusion App
Comment posted November 19, 2024
@Will Aware that code is available...Ben's reading audience extends beyond those that can (or able to) run ColdFusion within their environments. Actually had a thought about taking a stab at implementing this in .NET, before I remembered the extent of my work backlog, much less my own personal backl... read entire comment from Danilo Celic.
Ben Nadel replied to a post Building A Moment-Inspired .fromNow() Date Formatting Method In ColdFusion
Comment posted November 19, 2024
No worries - it's still interesting stuff. I'll have to look deeper into it. I haven't historically given much thought to internationalization (I'm still struggling to make my code accessible - it's a learning journey). Will just add it to the list of things I need to learn.... read entire comment from Ben Nadel.
Raymond Camden replied to a post Building A Moment-Inspired .fromNow() Date Formatting Method In ColdFusion
Comment posted November 19, 2024
Yeah, I shoulda been more clear. Both the relative and duration features of Intl are cool, but require you to specify values, and it can be tricky. For example, if my web site is doing a countdown till Christmas, I'd use a relative time unit of days, as that's common ("X days till Christmas!"), but ... read entire comment from Raymond Camden.
Raymond Camden replied to a post Building A Moment-Inspired .fromNow() Date Formatting Method In ColdFusion
Comment posted November 19, 2024
@Ben Nadel,... read entire comment from Raymond Camden.
Ben Nadel replied to a post Rebuilding Incident Commander As A ColdFusion App
Comment posted November 19, 2024
@Danilo, 100% this is mostly just a tool that I use to run incident triage at work. And, since we've embraced feature flags, our number of incidents have all but stopped. So, it's probably not something I'll have to use much anyway. That said, it's a nice playground to be able to think about problem... read entire comment from Ben Nadel.
Ben Nadel replied to a post Building A Moment-Inspired .fromNow() Date Formatting Method In ColdFusion
Comment posted November 19, 2024
@Raymond, So, I'm looking at the Intl module, and I'm not sure how much mileage I'm going to get out of it. It seems that you have to be very specific with what you want to get out of it. Meaning, with the .fromNow() method, I'm using different units (seconds, hours, days, months, etc) based on the ... read entire comment from Ben Nadel.
Will Belden replied to a post Rebuilding Incident Commander As A ColdFusion App
Comment posted November 18, 2024
@Danilo Celic Ben has the code available on Github: View this code in my Incident Commander project on GitHub. That's in the OP.... read entire comment from Will Belden.
Danilo Celic replied to a post Rebuilding Incident Commander As A ColdFusion App
Comment posted November 18, 2024
@Ben Nadel, And I'm sure there's much more to Teams that I'm not aware of, I haven't even touched adding apps yet. Given the current implementation, I think that Incident Commander could be added as a Web page within Team, but not sure I'd be able to use it for more than testing. While I do personal... read entire comment from Danilo Celic.
Ben Nadel replied to a post Rebuilding Incident Commander As A ColdFusion App
Comment posted November 18, 2024
Ahh, very interesting. I had no idea. I know that one our dev-teams built a login flow that could be used by MS Teams; but, that's as much I know about it (other than that they had a heck of time getting it to work consistently - some cookie persistence issue that was causing them much grief). It's ... read entire comment from Ben Nadel.
Danilo Celic replied to a post Rebuilding Incident Commander As A ColdFusion App
Comment posted November 18, 2024
@Ben Yes, Teams is more than chat, you can have meetings (voice calls, video/screen sharing), file/document storage (with versioning), "tabs" that are web pages, Word document, Excel spreadsheet, etc., and you can add apps (assume that there are many paid options).... read entire comment from Danilo Celic.
Ben Nadel replied to a post Rebuilding Incident Commander As A ColdFusion App
Comment posted November 18, 2024
@Chris, Have you been sent from the future?! 😉 Yeah, this is an issue on my end - the dates are just coming out of the database in UTC time, so it's like 8-hours ahead of your and 4-hours ahead of me. But that gives me an idea... let me work on that. Glad you like the video - I used to do videos al... read entire comment from Ben Nadel.
Chris G replied to a post Rebuilding Incident Commander As A ColdFusion App
Comment posted November 18, 2024
I love it when you provide a video version of the article. I'd much rather listen to you walk me through it than read it myself. I think I retain it better too. Thanks 🙏 Also...head's up! I think there's something off on your commenter timestamps. It says your last message was posted on "Nov 18, 20... read entire comment from Chris G.
Ben Nadel replied to a post Rebuilding Incident Commander As A ColdFusion App
Comment posted November 18, 2024
@Danilo, Oh that's a cool idea as well. To be honest, I've very little experience consuming ChatGPT (or any AI models) from an API standpoint—I've only used the chat interfaces to ask questions. But this seems like it would be something that speaks very much to the strength of the current AI ecosyst... read entire comment from Ben Nadel.
Danilo Celic replied to a post Rebuilding Incident Commander As A ColdFusion App
Comment posted November 18, 2024
I can imagine being able to run this as an app within MS Teams Adds a bit of complexity, but if you run your incident through a ChatGPT, maybe you can get a starting point for a summary/report for the incident.... read entire comment from Danilo Celic.
Ben Nadel replied to a post Rebuilding Incident Commander As A ColdFusion App
Comment posted November 18, 2024
@Will, ha ha, I know what you mean - I feel like I'm sprinting from one task to another! I know we have done Slack integration at work before - I think it's an OAuth workflow. But, I've only consumed it, never implemented it before. If you have any pointers, I'd be all ears!... read entire comment from Ben Nadel.
Will Belden replied to a post Rebuilding Incident Commander As A ColdFusion App
Comment posted November 18, 2024
Sounds like it'd be fun to add Slack integration. If I could ever get two nickel's worth of time to rub together, I'd be glad to chip in!... read entire comment from Will Belden.
Brian replied to a post Inspecting The Form Upload File Field Metadata In ColdFusion
Comment posted November 17, 2024
Thanks for the shoutout! Glad it was helpful!... read entire comment from Brian.
Ben Nadel replied to a post Using fileGetMimeType() To Determine File Type In ColdFusion
Comment posted November 17, 2024
@James, I suppose this stuff isn't an exact science. But, I agree that it seems strange that you should need a physical file to test this stuff, especially when you the loose/non-strict mode is just looking at the file extension. That said, I mostly deal with image files, and it seems to be decent a... read entire comment from Ben Nadel.
James Moberg replied to a post Using fileGetMimeType() To Determine File Type In ColdFusion
Comment posted November 16, 2024
"Trust, but verify." -Russian proverb My mime type unit test contains 409 different file extensions, but I don't use any physical test files. The fileGetMimeType function requires a physical file even when the 2nd parameter is false. (If false & detection is based solely on the file name, why does C... read entire comment from James Moberg.
Ben Nadel replied to a post Inspecting The Form Upload File Field Metadata In ColdFusion
Comment posted November 16, 2024
This is great - I did a little exploration of the fileGetMimeType() function: https://www.bennadel.com/blog/4727-using-filegetmimetype-to-determine-file-type-in-coldfusion.htm Many thanks to Brian!... read entire comment from Ben Nadel.
Ben Nadel replied to a post Inspecting The Form Upload File Field Metadata In ColdFusion
Comment posted November 16, 2024
WHOA WHOA! There's a function called fileGetMimeType() 😮 WTF!? And it's been there since CF10 - how am I just finding out about this! Good sir, you just blew my mind!... read entire comment from Ben Nadel.
Brian replied to a post Inspecting The Form Upload File Field Metadata In ColdFusion
Comment posted November 16, 2024
@Ben - There are probably many ways to avoid this, and I have no idea which way is best. The perennial issue of needing to carefully validate user-supplied input! In Lucee you can do something like GetPageContext().formScope().getUploadResource(arguments.formField).getName() to get the filename of t... read entire comment from Brian.
Ben Nadel replied to a post Building A Moment-Inspired .fromNow() Date Formatting Method In ColdFusion
Comment posted November 16, 2024
Somewhat on track, somewhat off track, I just ran into an interesting edge-case in my application (where I'm formatting dates in this manner). The datetime field in which I'm storing a date in the database only has seconds precision. Which means, when I go to insert the date, some rounding / truncat... read entire comment from Ben Nadel.
Ben Nadel replied to a post Building A Moment-Inspired .fromNow() Date Formatting Method In ColdFusion
Comment posted November 16, 2024
@James, Ha ha, classic Adam! And looking at his implementation, he's using dateDiff(), which is what I was saying I could use if I did things in seconds instead of milliseconds. Though, he's using it with various dateparts. More or less we're doing the same thing - finding the smallest grouping of t... read entire comment from Ben Nadel.
Ben Nadel replied to a post Building A Moment-Inspired .fromNow() Date Formatting Method In ColdFusion
Comment posted November 16, 2024
@Raymond, It's very cool! I've heard of the International stuff on various podcasts, but I haven't tried it out myself. Believe it or not, I've been living in a world where I had to support IE11 until only like 2 years ago! And, at that point, you live in an application that has so much existing cod... read entire comment from Ben Nadel.
Ben Nadel replied to a post Inspecting The Form Upload File Field Metadata In ColdFusion
Comment posted November 16, 2024
@Brian, I can't believe that the server will request a URL if you're just trying to normalize the path. That's bananas! Feels like the Log4j issues we had a few years ago, where libraries become too flexible for their own good and then people figure out how use them maliciously. I like you're idea o... read entire comment from Ben Nadel.
Brian replied to a post Inspecting The Form Upload File Field Metadata In ColdFusion
Comment posted November 15, 2024
Great article! I'll add that getCanonicalPath() behaves a little differently on Lucee vs. ACF. On ACF, getCanonicalPath() will return an error if you pass in Virtual Filesystem paths, and not fetch the path. But Lucee will accept local filesystem paths or VFS paths, so you need to worry about Server... read entire comment from Brian.
James Moberg replied to a post Building A Moment-Inspired .fromNow() Date Formatting Method In ColdFusion
Comment posted November 15, 2024
Are you interested in more moment.js functionality for ColdFusion? Check out the 7yr old momentcfc library (from Adam Tuttle) that's still compatible w/CF10 & 11. It has a fromNow method. I'm not sure about millisecond support (that something that I care about too.)... read entire comment from James Moberg.
Raymond Camden replied to a post Building A Moment-Inspired .fromNow() Date Formatting Method In ColdFusion
Comment posted November 15, 2024
Did you know this was baked into the web platform and you don't need a library? https://developer.mozilla.org/.../Intl/RelativeTimeFormat I've got a few CodePens that show this. I presented on Intl at the Mid-Michigan CFUG. Video will be live soon. That isn't quite the same as doing it server-side o... read entire comment from Raymond Camden.
Ben Nadel replied to a post VARCHAR(Length) Limit Refers To Characters, Not Bytes, In MySQL
Comment posted November 11, 2024
Over on Facebook, Seb Duggan had a good point to watch out for the multi-emoji patterns. Where two or more emojis are combined to visually represent a single glyph. I don't know much about these - if they're the same behavior as special ligature behaviors? But, regardless, if I were to replace my em... read entire comment from Ben Nadel.
Ben Nadel replied to a post Using jSoup To Sanitize Untrusted HTML In ColdFusion
Comment posted November 9, 2024
@All, here's a fast-follow that looks at how to use JSoup's Safelist API to report on the untrusted HTML elements and attributes: https://www.bennadel.com/blog/4723-using-jsoup-to-report-untrusted-html-elements-and-attributes-in-coldfusion.htm This is something that I will need to do on this blog wh... read entire comment from Ben Nadel.
Ben Nadel replied to a post Using jSoup To Sanitize Untrusted HTML In ColdFusion
Comment posted November 8, 2024
@Dan, OMG! I can't tell you how long I stared at that code trying to figure why the syntax highlighting wasn't working! I just couldn't see it. I was 2 seconds away from deleting it and rewriting it, but then I had to get up from the desk. Thanks for seeing the issue and letting me know. It's been f... read entire comment from Ben Nadel.
Dan LeGate replied to a post Using jSoup To Sanitize Untrusted HTML In ColdFusion
Comment posted November 8, 2024
Is that 3 quote syntax really correct? .addTags([ "strong", em" ])... read entire comment from Dan LeGate.
Ben Nadel replied to a post Using The OWASP AntiSamy 1.5.7 Project With ColdFusion 10 To Sanitize HTML Input And Help Prevent XSS Attacks
Comment posted November 7, 2024
On a related note, I just tried using JSoup's sanitization workflow for the first time. Instead of using XML configuration files, it uses a jQuery-like fluent API to define the allow-list of elements, attributes and protocols: https://www.bennadel.com/blog/4722-using-jsoup-to-sanitize-untrusted-html... read entire comment from Ben Nadel.
David Levin replied to a post Turning Off "InvalidTag" ScriptProtect Safely In ColdFusion 2021
Comment posted November 5, 2024
I didn't know about the scopes feature of scriptprotect. That is very cool! Just so people know, you can pass a comma separated list of scopes you want to protect, like this: this.scriptProtect="url,cookie,cgi"; The above code would protect the URL, Cookie, and CGI scopes, but not the Form scope. Do... read entire comment from David Levin.
Ben Nadel replied to a post Building An Angular App For ColdFusion Using Docker Compose
Comment posted November 2, 2024
One issue that I've stumbled across with this approach is the package-lock.json file generation. Since the package.json is being copied in via the Dockerfile and then the npm install is executed as part of the image compilation, the package-lock.json file never makes its back back into the source-co... read entire comment from Ben Nadel.
Ben Nadel replied to a post Safe-Navigation Operator Swallows Method Errors In Adobe ColdFusion 2023
Comment posted November 2, 2024
Ha ha, ah, what can you do :)... read entire comment from Ben Nadel.
Chris G replied to a post Safe-Navigation Operator Swallows Method Errors In Adobe ColdFusion 2023
Comment posted November 1, 2024
@Ben Nadel, Thanks for the explanation, that makes sense. Unfortunately, now your explanatory comment references thing.init() and thing.$init() which the article no longer references. Fortunately, it all still makes sense. Appreciate your time, your patience, and most of all...your generosity in cal... read entire comment from Chris G.