Community Member Profile

Eric Stevens
Member since Dec 11, 2008

Recent Blog Comments By Eric Stevens

  • Creating A "Remember Me" Login System In ColdFusion

    Posted on Jan 25, 2012 at 4:10 PM

    I would recommend, if you can swing it, to avoid <cfntauthenticate> and configure IIS to require Integrated Windows Authentication. This is WAY more secure, and actually quite a lot easier. If you have IIS configured for IWA, authentication happens before ColdFusion even begins to ex... read more »

  • Cleaning High Ascii Values For Web Safeness In ColdFusion

    Posted on Jan 9, 2012 at 12:15 PM

    It's probably considered bad practice by some, but we've globally sanitized data in Application.cfc's onRequestStart() method. We update the values of URL and FORM directly so that these values are sanitized for anything downstream which might want them. We have the policy that anything th... read more »

  • Cleaning High Ascii Values For Web Safeness In ColdFusion

    Posted on Dec 28, 2011 at 9:17 PM

    @vector, for PHP, I recommend looking into either iconv() or mb_convert_encoding() http://php.net/mb_convert_encoding. For example: $text = mb_convert_encoding($text, 'UTF-8', mb_detect... read more »

  • Using ColdFusion To Stream Files To The Client Without Loading The Entire File Into Memory

    Posted on Nov 13, 2010 at 12:41 AM

    @Jay, I don't know of any reason that reading a file will screw up locks on the same file by other processes. But it sounds like you're using a file as an intermediary between stream processing software (eg, ffmpeg) and ColdFusion. I haven't done this directly, but as far as I'm aware those pro... read more »

  • Using ColdFusion To Stream Files To The Client Without Loading The Entire File Into Memory

    Posted on Nov 11, 2010 at 1:43 PM

    @Chad, yes, but only under a 64-bit OS. if you're running 32-bit, your limit is 1024. If you upgrade to 64-bit, you need to do a fresh install of CF - don't even just install overtop of your existing CF install or else CF will still be running in 32-bit mode.... read more »

  • Using ColdFusion To Stream Files To The Client Without Loading The Entire File Into Memory

    Posted on Oct 26, 2010 at 12:44 PM

    @Mike, that's expected behavior. If you've used <cfcontent> to send content to the browser, that is not buffered for memory reasons (there is no practical limit to how much data you could stream down with this approach). The response being committed means that ColdFusion has already instr... read more »

  • Cleaning High Ascii Values For Web Safeness In ColdFusion

    Posted on Oct 25, 2010 at 9:50 AM

    Oops, said "email me" and didn't give my address. mightye~gmail.com Also, &reg; isn't self referential in our code like I said in my last paragraph, it's actually this: <!ENTITY reg "<sup>&#174;</sup>"> Don't know what would happ... read more »

  • Cleaning High Ascii Values For Web Safeness In ColdFusion

    Posted on Oct 25, 2010 at 9:33 AM

    The reason you're having difficulties with named entities like &rsquo; not being recognized when parsing as XML is that unlike HTML, XML only comes with three built in named entities (&lt;, &gt;, and &amp;) What you're doing is actually double-escaping those entities when you do... read more »

  • Cleaning High Ascii Values For Web Safeness In ColdFusion

    Posted on Dec 30, 2009 at 9:56 PM

    David, you might try out the "setEncoding" function in ColdFusion: http://livedocs.adobe.com/coldfusion/7/htmldocs/wwhelp/wwhimpl/com... read more »

  • Creating A "Remember Me" Login System In ColdFusion

    Posted on Oct 1, 2009 at 9:11 AM

    You're right, there is no way you can guarantee that the user is unable to view the old pages in their browser history (eg if you're trying to protect against a different user snooping their browser history). If it's a security concern to have old pages accessible (eg, they contain sensitive inf... read more »

  • Creating A "Remember Me" Login System In ColdFusion

    Posted on Oct 1, 2009 at 8:39 AM

    No, jQuery is purely client side scripting. Users running the NoScript plugin or who otherwise have javascript disabled would not receive notification. The only option I'm aware of for such users is the cache controls. Such users are likely to be more savvy users though (for what that's... read more »

  • Creating A "Remember Me" Login System In ColdFusion

    Posted on Oct 1, 2009 at 8:27 AM

    There are various tricks you can use to get around the back button letting a user think they're logged in when they're not. Some of them are better than others. Using cache control headers is a popular one, but doesn't always succeed (as there are corporate proxies, and even public ISP transpar... read more »

  • Cleaning High Ascii Values For Web Safeness In ColdFusion

    Posted on Aug 7, 2009 at 11:12 AM

    So that the data in the SQL is not the HTML entity encoded format? There is much to learn about character encodings to adequately debug where character encoding may be going wrong. The first thing you might consider checking though is that you have "String Format: Enable High ASCII characters a... read more »

  • Cleaning High Ascii Values For Web Safeness In ColdFusion

    Posted on Aug 7, 2009 at 10:55 AM

    bah, with the &#123; equivalent! Ben, get us a comment preview function ;-)... read more »

  • Cleaning High Ascii Values For Web Safeness In ColdFusion

    Posted on Aug 7, 2009 at 10:54 AM

    Robert, Ben's code replaces any character over U+007F (anything over the first 128 characters) with the { equivalent. Your à character is one such character, and encodes as à CFDumping a string is essentially equivalent to outputting the HTMLEditFormat() for the same string. The char... read more »

  • Learning ColdFusion 9: CFScript Updates For ColdFusion Components

    Posted on Jul 24, 2009 at 4:48 PM

    Just curious, is there something about traditional syntax (heredoc indicator followed by token identifier, such as <<<TOKEN from PHP, <<'TOKEN'; from Perl, <<TOKEN from Ruby, etc) which makes them infeasible for doing the same from ColdFusion script context? It seems to me t... read more »

  • Learning ColdFusion 9: CFScript Updates For ColdFusion Components

    Posted on Jul 24, 2009 at 9:36 AM

    CFScript style syntax is definitely my preferred modus operandi. I'm extremely excited that you'll be able to build a site soup-to-nuts with CFScript. Does anyone know if CF will support a HEREDOC syntax? Eg: text = <<<FOO I can be casual about my use of " and ' marks... read more »

  • Do Remote CFC Method Calls Add Any Value In ColdFusion?

    Posted on Jul 20, 2009 at 4:37 PM

    1) I'm only recommending that data be sent back, none of the visual markup. XML, JSON, etc. The framework I refer to here is purely the server-side functionality that establishes your runtime environment when your CFC's aren't stand-alone. 2) Make sure the CFC you're invoking is the one y... read more »

  • Do Remote CFC Method Calls Add Any Value In ColdFusion?

    Posted on Jul 17, 2009 at 4:29 PM

    One CFC for all products may be using objects, but it's not object oriented programming, it's procedural programming using objects as a namespace. (Sidenote, ColdFusion doesn't support namespaces) There's nothing wrong with that, it's just not OOP. And it's all still irrelevant to th... read more »

  • Do Remote CFC Method Calls Add Any Value In ColdFusion?

    Posted on Jul 17, 2009 at 3:57 PM

    It's less about the database call and more about component instantiation. If you go with a purely OO model, you have one instance of a Product CFC for every product being displayed on the screen. If you have 300 products on the screen that starts to hurt. If you have 300 products on the screen... read more »

Member Account Kinky Solutions Shop
  • Help Wanted - Find Your Next ColdFusion Job
InVision App - Prototyping Made Beautiful With Prototyping Tools