Eric Stevens

Recent Blog Comments By Eric Stevens

• Creating A "Remember Me" Login System In ColdFusion

  Posted on Jan 25, 2012 at 4:10 PM

  I would recommend, if you can swing it, to avoid <cfntauthenticate> and configure IIS to require Integrated Windows Authentication. This is WAY more secure, and actually quite a lot easier. If you have IIS configured for IWA, authentication happens before ColdFusion even begins to execute. ... read more »

• Cleaning High Ascii Values For Web Safeness In ColdFusion

  Posted on Jan 9, 2012 at 12:15 PM

  It's probably considered bad practice by some, but we've globally sanitized data in Application.cfc's onRequestStart() method. We update the values of URL and FORM directly so that these values are sanitized for anything downstream which might want them. We have the policy that anything that goes ... read more »

• Cleaning High Ascii Values For Web Safeness In ColdFusion

  Posted on Dec 28, 2011 at 9:17 PM

  @vector, for PHP, I recommend looking into either iconv() or mb_convert_encoding() http://php.net/mb_convert_encoding. For example: $text = mb_convert_encoding($text, 'UTF-8', mb_detect_encoding($text)); Most browser-submitted content is going to originally be in ISO-8859-1, so t... read more »

• Cleaning High Ascii Values For Web Safeness In ColdFusion

  Posted on Oct 25, 2010 at 9:50 AM

  Oops, said "email me" and didn't give my address. mightye~gmail.com Also, &reg; isn't self referential in our code like I said in my last paragraph, it's actually this: <!ENTITY reg "^&#174;"> Don't know what would happen if you created ... read more »

• Cleaning High Ascii Values For Web Safeness In ColdFusion

  Posted on Oct 25, 2010 at 9:33 AM

  The reason you're having difficulties with named entities like &rsquo; not being recognized when parsing as XML is that unlike HTML, XML only comes with three built in named entities (&lt;, &gt;, and &amp;) What you're doing is actually double-escaping those entities when you do &am... read more »

• Cleaning High Ascii Values For Web Safeness In ColdFusion

  Posted on Dec 30, 2009 at 9:56 PM

  David, you might try out the "setEncoding" function in ColdFusion: http://livedocs.adobe.com/coldfusion/7/htmldocs/wwhelp/wwhimpl/common/html/wwhelp.htm?context=ColdFusion_Documentation&file=00000623.htm, the problem as you've probably discovered is that the browser is most likely submitting data ... read more »

• Creating A "Remember Me" Login System In ColdFusion

  Posted on Oct 1, 2009 at 9:11 AM

  You're right, there is no way you can guarantee that the user is unable to view the old pages in their browser history (eg if you're trying to protect against a different user snooping their browser history). If it's a security concern to have old pages accessible (eg, they contain sensitive inform... read more »

• Creating A "Remember Me" Login System In ColdFusion

  Posted on Oct 1, 2009 at 8:39 AM

  No, jQuery is purely client side scripting. Users running the NoScript plugin or who otherwise have javascript disabled would not receive notification. The only option I'm aware of for such users is the cache controls. Such users are likely to be more savvy users though (for what that's worth),... read more »

• Creating A "Remember Me" Login System In ColdFusion

  Posted on Oct 1, 2009 at 8:27 AM

  There are various tricks you can use to get around the back button letting a user think they're logged in when they're not. Some of them are better than others. Using cache control headers is a popular one, but doesn't always succeed (as there are corporate proxies, and even public ISP transparent... read more »

• Cleaning High Ascii Values For Web Safeness In ColdFusion

  Posted on Aug 7, 2009 at 11:12 AM

  So that the data in the SQL is not the HTML entity encoded format? There is much to learn about character encodings to adequately debug where character encoding may be going wrong. The first thing you might consider checking though is that you have "String Format: Enable High ASCII characters and ... read more »

• Cleaning High Ascii Values For Web Safeness In ColdFusion

  Posted on Aug 7, 2009 at 10:55 AM

  bah, with the &#123; equivalent! Ben, get us a comment preview function ;-)... read more »

• Cleaning High Ascii Values For Web Safeness In ColdFusion

  Posted on Aug 7, 2009 at 10:54 AM

  Robert, Ben's code replaces any character over U+007F (anything over the first 128 characters) with the { equivalent. Your à character is one such character, and encodes as à CFDumping a string is essentially equivalent to outputting the HTMLEditFormat() for the same string. The charact... read more »

• Do Remote CFC Method Calls Add Any Value In ColdFusion?

  Posted on Jul 20, 2009 at 4:37 PM

  1) I'm only recommending that data be sent back, none of the visual markup. XML, JSON, etc. The framework I refer to here is purely the server-side functionality that establishes your runtime environment when your CFC's aren't stand-alone. 2) Make sure the CFC you're invoking is the one you think... read more »

• Do Remote CFC Method Calls Add Any Value In ColdFusion?

  Posted on Jul 17, 2009 at 4:29 PM

  One CFC for all products may be using objects, but it's not object oriented programming, it's procedural programming using objects as a namespace. (Sidenote, ColdFusion doesn't support namespaces) There's nothing wrong with that, it's just not OOP. And it's all still irrelevant to the point I was... read more »

• Do Remote CFC Method Calls Add Any Value In ColdFusion?

  Posted on Jul 17, 2009 at 3:57 PM

  It's less about the database call and more about component instantiation. If you go with a purely OO model, you have one instance of a Product CFC for every product being displayed on the screen. If you have 300 products on the screen that starts to hurt. If you have 300 products on the screen fo... read more »

• Do Remote CFC Method Calls Add Any Value In ColdFusion?

  Posted on Jul 17, 2009 at 3:14 PM

  @Don: as you start to get into more complicated sites, you start to get into CFC's which are not stand-alone. A single service-level CFC may require interactions with as many as 15-20 other CFC's. Some of these CFC's are extremely expensive to instantiate so you don't want to just create them on... read more »

• Eric Stevens On CFContent And Memory Usage In ColdFusion 8

  Posted on Jun 8, 2009 at 10:16 PM

  We use cfcontent to serve product images (from thumbnails through full-sized images) for a high volume ecommerce site with around 4,000 products on it. I'm limited in how many specifics I can go into, but let's just say it's big in terms of volume, revenue, and physical topography. Our images ar... read more »

• Do Remote CFC Method Calls Add Any Value In ColdFusion?

  Posted on May 18, 2009 at 9:07 PM

  @Sean: I guess I have a hard time seeing why the framework cares what sort of data it is serving up. As far as the framework should be concerned, data is data whether it's HTML data, XML, binary, whatever. If it cares what it's outputting past offering certain optional target-specific enhancements... read more »

• Do Remote CFC Method Calls Add Any Value In ColdFusion?

  Posted on May 18, 2009 at 12:51 PM

  @Ray: agreed. It's exacerbated by the livedocs not covering this point, and the examples not testing for CFC's. If LiveDocs warned you of the problem and showed you how to work around it, then I'd probably side with Ben.... read more »

• Do Remote CFC Method Calls Add Any Value In ColdFusion?

  Posted on May 18, 2009 at 12:27 PM

  I got thoroughly thrashed by Sean Corfield a few years back by suggesting something similar (a "remoting" view of some sort which runs through the same framework, whether it be AJAX, JSON, XML, etc) on the Fusebox list. (see: http://tech.groups.yahoo.com/group/fusebox5/message/2305 ) We wanted to... read more »