Monthly Archives: November 2008
- November 28, 2008
- Installing a new FarCry 5 project – (Extended) Advanced Mode
There are several installation options for the latest version of FarCry (5.0.2) which makes things nice and flexible for the framework to be used by different people in a variety of setups.
The deployment configurations page has some easy to follow instructions for installing in “Standalone” mode. This is really the best option if you are [...]
- November 25, 2008
- Security reminder – Are you using scriptprotect?
One of our applications had an entry in the ColdFusion exception logs today:
ScriptProtect error replacing insecure tag in scope CGI;
Essentially someone (via an automated process) was trying to find a weakness in our application by trying URL’s like:http://www.mysite.com/?mode=>’><script>alert(40891)</script>
Luckily we use scriptprotect (among many other defensive techniques) to prevent this type of thing from causing any [...]
- November 24, 2008
- Use application.applicationName? Careful when re-initing your app
I’m sure most ColdFusion developers know that the application scope has a built-in variable called application.applicationName which stores the name of the application that you specify in the cfapplication tag or the this.name value if your using Application.cfc. This doesn’t appear when you dump the application scope…but it’s there.
Today I wanted to use this variable, [...]
- November 22, 2008
- cfqueryparam does not work in ORDER BY, what are my options?
For those that don’t know, ColdFusion’s cfqueryparam won’t work on a SQL ORDER BY clause, so the following will not work:
<cfquery name="qGetUsers" datasource="mydsn">
SELECT FirstName, LastName
FROM Users
ORDER BY <cfqueryparam cfsqltype="cf_sql_varchar" value="#arguments.order#" />
</cfquery>This is really nothing new, people have been talking about this for years but with the spate of recent SQL injection attacks (note that I meant to [...]
- November 19, 2008
- Logging all MySQL queries on Mac OSX
We’ve been doing some debugging of a 3rd party application recently where we had some possible performance concerns under a certain load and/or size of data in the database. What we wanted to know was exactly which queries (and how many) where hitting the database on a specific page request.
The simplest method was to turn [...]