Henry Ho
Member since Dec 11, 2008
- Profile: /members/2528-henry-ho.htm
- Comments: 55
Recent Blog Comments By Henry Ho
-
OWASP Encoder.cfc - A Java Encoder Proxy For ColdFusion
Posted on Dec 29, 2015 at 1:29 PM
Interesting use of getFunctionCalledName() but seems like it'd be easier to just use onMissingMethod()? :)... read more »
-
Generating Random Binary Values Using randRange() In ColdFusion
Posted on Dec 17, 2015 at 1:05 PM
Awesome, javacast from array to byte[] makes so much sense!... read more »
-
Trying To Generate "Cryptographically Strong" Random Tokens In ColdFusion
Posted on Dec 16, 2015 at 3:15 PM
@Henry, bug fixed: padding for hex byte : http://trycf.com/gist/1df3c3b39c0d86f7b278/... read more »
-
Trying To Generate "Cryptographically Strong" Random Tokens In ColdFusion
Posted on Dec 16, 2015 at 3:01 PM
Interesting problem Ben, this is what I come up with using good old RandRange() with SHA1PRNG. to generate a random byte at a time in hex, then base64url with toBase64 & replaceList(). What do you think? http://trycf.com/gist/e84899e553af4152b6ce/... read more »
-
Experimenting With RSA-Encrypted Signature Generation And Verification In ColdFusion
Posted on Dec 15, 2015 at 1:52 PM
@Ben Btw, it is Bouncy Castle. you wrote "BounceCastle". No big deal. :) With your provided private key in your test case, I did some investigative work: == Without BouncyCastle, getInstance in CF Developer edition == getInstance() returns a RSA Signer provided by JsafeJCE version 6.0 ... read more »
-
Experimenting With RSA-Encrypted Signature Generation And Verification In ColdFusion
Posted on Dec 11, 2015 at 9:57 PM
Actually, CF Standard may not be out of luck, SunRsaSign Provider should still work w/o BC: https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunRsaSignProvider I dumped the provider name and it returns "SunRsaSign version 1.8".... read more »
-
Experimenting With RSA-Encrypted Signature Generation And Verification In ColdFusion
Posted on Dec 11, 2015 at 9:46 PM
Huh, doing some digging and guess what CF10 comes with a super old Bouncy Castle lib at /cfusion/lib/bcprov-jdk14-139 and that's why it works! And you're right, without adding Bouncy Castle as a provider, CF Developer & Enterprises edition can use Bsafe Crypto-J but CF Standard is out of luck. ... read more »
-
Experimenting With RSA-Encrypted Signature Generation And Verification In ColdFusion
Posted on Nov 3, 2015 at 8:52 PM
BouncyCastleProvider? Do we need to load some jar file before using your cfc? bcprov-jdk15on-153.jar from https://www.bouncycastle.org/latest_releases.html?... read more »
-
JSONWebTokens.cfc - A Small ColdFusion Module For JSON Web Tokens
Posted on Oct 29, 2015 at 12:57 PM
This is awesome, Thanks Ben! How did you figure it out?... read more »
-
JSONWebTokens.cfc - A Small ColdFusion Module For JSON Web Tokens
Posted on Oct 21, 2015 at 1:28 PM
Very nice! Maybe you should add a link to your project at http://jwt.io/.... read more »
-
Testing Which ASCII Characters Break JSON (JavaScript Object Notation) Parsing
Posted on Jan 13, 2014 at 3:26 PM
We encountered the same problem and we had to use rereplace to get rid of the illegal characters... read more »
-
ColdFusion 10 Beta - Closures And Function Expressions
Posted on Jan 9, 2014 at 2:26 PM
Wonderful Ben, thanks for the code! Would you please consider posting these codes, especially reReplaceAll to CFLIB.org?... read more »
-
ExpandPath() Works With ColdFusion's Per-Application Mappings
Posted on Sep 5, 2013 at 9:34 PM
What surprises me the most is it works with IIS's virtual directory as well!... read more »
-
Streaming Secure Files Efficiently With ColdFusion And MOD XSendFile
Posted on Mar 18, 2013 at 10:28 PM
Hi Ben, did you get APE's mod_xsendfile to work successfully? According to Helicon Tech's engineer, CF is not supported because jrun_iis6_wildcard.dll is at fault? http://www.helicontech.com/community/mod_xsendfile_problems-8-1090.html Is this true? Thank you.... read more »
-
What The Heck Is Business Logic Anyway?
Posted on Dec 16, 2012 at 1:48 PM
@Ben, handler layer == controller layer in Coldbox.... read more »
-
What The Heck Is Business Logic Anyway?
Posted on Dec 16, 2012 at 1:47 PM
@Ben, handler layer == controller layer in Coldbox. http://henrylearnstorock.blogspot.ca/... read more »
-
What The Heck Is Business Logic Anyway?
Posted on Dec 14, 2012 at 7:18 PM
Here are what would go through my mind for deciding where to implement the business logic. Purely manipulating properties of the object itself? > Implement in a method of the object class. Front-end dependent? > Implement in the handler layer of your MVC framework. Complex task that needs... read more »
-
Creating Base64-Encoded Data URLs For Images In ColdFusion
Posted on Nov 8, 2011 at 2:19 PM
Use toBase64(imageGetBlob(myImg)) instead of just toBase64. see: http://blog.dkferguson.com/index.cfm/2010/4/27/All-your-base64-are-not-equal... read more »
-
Parsing CSV Data With An Input Stream And A Finite State Machine
Posted on Aug 16, 2011 at 2:17 PM
"ColdFusion may run out of memory when parsing ginormous files" ? You mean the file IO part? You can loop a file by line in CF8+ to avoid running out of memory. Or do you mean you're running out of ram constructing the data structure? Then FSM or not you're going to run out of memory.... read more »
-
Branching Logic vs. Guard Logic When It Comes To Function Control Flow
Posted on May 17, 2011 at 3:05 PM
I guess it's fine as long as your function is short. However, multiple return points are not encouraged when I was in college. They prefer a short if block for guards and long if block for actual "Branching Logic", and then follow by a single return statement.... read more »