Community Member Profile

Recent Blog Comments By Eric Stevens

• Using ColdFusion To Stream Files To The Client Without Loading The Entire File Into Memory

  Posted on Jul 1, 2012 at 3:41 PM

  @Jay, your example of smaller files will trigger the bug. I demonstrated that it's the number of bytes being output that are the problem. Even if you break and disable all possible buffering in CF's JSP context, and even if all you do is output one small piece of data repeatedly, and force flus... read more »

• Using ColdFusion To Stream Files To The Client Without Loading The Entire File Into Memory

  Posted on Jul 1, 2012 at 8:42 AM

  @Spencer, It's still temporarily hijackable. How do you clean up the old temporary files? When you're offering someone a 5GB file, how much time do you give them to finish downloading it before you zap that file? Also copying around huge files like that is a lot of disk I/O. If you're us... read more »

• Using ColdFusion To Stream Files To The Client Without Loading The Entire File Into Memory

  Posted on Jul 1, 2012 at 8:14 AM

  @Spencer, the problem is that if someone shares that link, then anyone can access the file; you can't put any access controls on a direct download like that. @john waddell, mod_xsendfile seems like the best option for you, I think CF has a bug for now that prevents you from using CF as the... read more »

• Using ColdFusion To Stream Files To The Client Without Loading The Entire File Into Memory

  Posted on Jun 27, 2012 at 3:18 PM

  @Jay, That seems to be the case.... read more »

• Using ColdFusion To Stream Files To The Client Without Loading The Entire File Into Memory

  Posted on Jun 27, 2012 at 1:35 PM

  It never gets anywhere near instream.close(); the heap is exhausted inside that for loop. Heap exhaustion is not related to the size of the file on the disk, it's related to how much data you send downstream. For example, here I replaced the for loop from my earlier example. Now... read more »

• Using ColdFusion To Stream Files To The Client Without Loading The Entire File Into Memory

  Posted on Jun 27, 2012 at 12:44 PM

  @Jay, check out my code; I served it up in 4kb chunks, was very sure to flush, and still the JVM heap got exhausted.... read more »

• Using ColdFusion To Stream Files To The Client Without Loading The Entire File Into Memory

  Posted on Jun 27, 2012 at 11:54 AM

  Something might be broken here. I tried to get CF to serve up a large file, and it looks like internally CF is trying to read the entire file into RAM first. My test file is a single line of code: <cfcontent file="/path/to/large/file"> read more »

• Creating A "Remember Me" Login System In ColdFusion

  Posted on Jan 25, 2012 at 4:10 PM

  I would recommend, if you can swing it, to avoid <cfntauthenticate> and configure IIS to require Integrated Windows Authentication. This is WAY more secure, and actually quite a lot easier. If you have IIS configured for IWA, authentication happens before ColdFusion even begins to ex... read more »

• Cleaning High Ascii Values For Web Safeness In ColdFusion

  Posted on Jan 9, 2012 at 12:15 PM

  It's probably considered bad practice by some, but we've globally sanitized data in Application.cfc's onRequestStart() method. We update the values of URL and FORM directly so that these values are sanitized for anything downstream which might want them. We have the policy that anything th... read more »

• Cleaning High Ascii Values For Web Safeness In ColdFusion

  Posted on Dec 28, 2011 at 9:17 PM

  @vector, for PHP, I recommend looking into either iconv() or mb_convert_encoding() http://php.net/mb_convert_encoding. For example: $text = mb_convert_encoding($text, 'UTF-8', mb_detect... read more »

• Using ColdFusion To Stream Files To The Client Without Loading The Entire File Into Memory

  Posted on Nov 13, 2010 at 12:41 AM

  @Jay, I don't know of any reason that reading a file will screw up locks on the same file by other processes. But it sounds like you're using a file as an intermediary between stream processing software (eg, ffmpeg) and ColdFusion. I haven't done this directly, but as far as I'm aware those pro... read more »

• Using ColdFusion To Stream Files To The Client Without Loading The Entire File Into Memory

  Posted on Nov 11, 2010 at 1:43 PM

  @Chad, yes, but only under a 64-bit OS. if you're running 32-bit, your limit is 1024. If you upgrade to 64-bit, you need to do a fresh install of CF - don't even just install overtop of your existing CF install or else CF will still be running in 32-bit mode.... read more »

• Using ColdFusion To Stream Files To The Client Without Loading The Entire File Into Memory

  Posted on Oct 26, 2010 at 12:44 PM

  @Mike, that's expected behavior. If you've used <cfcontent> to send content to the browser, that is not buffered for memory reasons (there is no practical limit to how much data you could stream down with this approach). The response being committed means that ColdFusion has already instr... read more »

• Cleaning High Ascii Values For Web Safeness In ColdFusion

  Posted on Oct 25, 2010 at 9:50 AM

  Oops, said "email me" and didn't give my address. mightye~gmail.com Also, &reg; isn't self referential in our code like I said in my last paragraph, it's actually this: <!ENTITY reg "^&#174;"> Don't know what would happ... read more »

• Cleaning High Ascii Values For Web Safeness In ColdFusion

  Posted on Oct 25, 2010 at 9:33 AM

  The reason you're having difficulties with named entities like &rsquo; not being recognized when parsing as XML is that unlike HTML, XML only comes with three built in named entities (&lt;, &gt;, and &amp;) What you're doing is actually double-escaping those entities when you do... read more »

• Cleaning High Ascii Values For Web Safeness In ColdFusion

  Posted on Dec 30, 2009 at 9:56 PM

  David, you might try out the "setEncoding" function in ColdFusion: http://livedocs.adobe.com/coldfusion/7/htmldocs/wwhelp/wwhimpl/com... read more »

• Creating A "Remember Me" Login System In ColdFusion

  Posted on Oct 1, 2009 at 9:11 AM

  You're right, there is no way you can guarantee that the user is unable to view the old pages in their browser history (eg if you're trying to protect against a different user snooping their browser history). If it's a security concern to have old pages accessible (eg, they contain sensitive inf... read more »

• Creating A "Remember Me" Login System In ColdFusion

  Posted on Oct 1, 2009 at 8:39 AM

  No, jQuery is purely client side scripting. Users running the NoScript plugin or who otherwise have javascript disabled would not receive notification. The only option I'm aware of for such users is the cache controls. Such users are likely to be more savvy users though (for what that's... read more »

• Creating A "Remember Me" Login System In ColdFusion

  Posted on Oct 1, 2009 at 8:27 AM

  There are various tricks you can use to get around the back button letting a user think they're logged in when they're not. Some of them are better than others. Using cache control headers is a popular one, but doesn't always succeed (as there are corporate proxies, and even public ISP transpar... read more »

• Cleaning High Ascii Values For Web Safeness In ColdFusion

  Posted on Aug 7, 2009 at 11:12 AM

  So that the data in the SQL is not the HTML entity encoded format? There is much to learn about character encodings to adequately debug where character encoding may be going wrong. The first thing you might consider checking though is that you have "String Format: Enable High ASCII characters a... read more »