Best of Talk (05/07/04)
By Dina Hess
| Title: | Securing CF Apps Against SQL Injection & Cross-site Scripting |
| Date: | 05/07/04 (43 Posts) |
| Summary: | Concerned about application security? You can prevent SQL injection attacks by always using CFQUERYPARAM and connecting with a database account that does not have permissions to DROP, CREATE, etc. To counter cross site scripting attacks, filter all inputs with CodeCleaner, HTMLEditFormat(), HTMLCodeFormat() or a customized regular expression. Links to more information about cross site scripting attacks are provided. |
| Title: | Grouping Output |
| Date: | 05/07/04 (4 Posts) |
| Summary: | How would you output hierarchical menu data stored in an Oracle table? Use the LEVEL system column with CONNECT BY. Code example included. |
| Title: | Force Refresh |
| Date: | 05/07/04 (4 Posts) |
| Summary: | Need to force a page refresh to generate the image of a random alphanumeric string for form submission authentication? Try passing a randomly generated number in the url. |
| Title: | CFSCRIPT Questions |
| Date: | 05/07/04 (8 Posts) |
| Summary: | Learn about the similarities between CFFUNCTION and CFSCRIPT to define a function or method. You'll also find a compelling argument for the practice of var-scoping function variables, which get stored in the local VARIABLES scope otherwise. |
| Title: | How to Initiate Download Dialog When Downloading JPG File? |
| Date: | 05/07/04 (9 Posts) |
| Summary: | Trying to force a file download via an image link click by opening the Windows "Save As" dialog? Tweak this code for the IE browser solution. |
| Title: | UDF in Components? |
| Date: | 05/07/04 (9 Posts) |
| Summary: | A UDF in a CFC is treated like a method and cannot be defined within another UDF; instead, move your CFSCRIPT block outside the CFFUNCTION. Also, don't CFINCLUDE a UDF within a CFC because all local variables would then be copied to the VARIABLES scope, thereby eliminating the CFC's encapsulation. |
| Title: | CreateUUID() into SQL Server uniqueidentifier Field |
| Date: | 05/07/04 (7 Posts) |
| Summary: | The UUIDs created using ColdFusion's CreateUUID() function are not formatted the same as SQL Server's uniqueidentifier type. But you can still use CreateGUID() from cflib.org or let the database generate UUIDs with the NEWID() function. |
| Title: | Email Problem |
| Date: | 05/07/04 (34 Posts) |
| Summary: | Need to create custom email headers via CFMAIL to send a read receipt? Find a CFMX 6.1 blog solution and a tip about using the MAILERID attribute of CFMAIL rather than CFMAILPARAM to set the x-mailer headers. Header-stripping by mail servers and firewalls is also discussed. |
Latest ColdFusion Talk (CF-Talk)
- cf8 enterprise failover
- cfthread running condition?
- Listing then Deleting Duplicates
- CF8 Dedicated server recommendations
- Details on CF9's "free for academic" licensing?
- Can I Use This CFScript Like This?
- Accessing Sharepoint file
- Pre-filling FileField Values
- cfcalendar and multiple dates
- (ot) How do you preload a SWF file?
Latest ColdFusion Jobs (CF-Jobs)
- ColdFusion MX 7 Server Consultant in/around Hoboken, NJ
- Part Time Coding Job
- Sr ColdFusion Developer Available
- Cold Fusion Flex Developer - PA
- North Bay Application Developer Search
- Contract to HIRE Cold Fusion Developer needed in Wake Forest NC
- Please post this Cold Fusion opportunity Thanks
- ColdFusion Developer - Northern California
- ColdFusion Web Developer - Baltimore, MD
- ColdFusion Web Developer
Want a number like 800-ColdFusion?
My Toll Free 800 Number provides a vanity phone number service to clients who want more than just digits. How would you like 800-coldfusion?