pf » 100 Most Recent Comments

Recent Comments

Installing PHP on Apache 2

Thanks buddy It really works. This issue had wasted my 3 days. Again thanks

How to add RSS Autodiscovery to your site

I am using feedburner, what should add it? Original blog feed or feedburner?

Tips for Secure File Uploads with ColdFusion

(sorry forgot to subscribe, I'm way interested in feedback)

Tips for Secure File Uploads with ColdFusion

Extending the sandbox design: We protect uploads from getting downloaded, without the application running more CFMX code to authorize: Having Enterprise on *IX, we build a sandbox, where * doc, a directory outside the Apache directories, allows read, write, delete for CFMX. OS permissions allow only j2ee to write, any can read. * backend, another directory outside Apache, allows only read for CFMX. OS permissions allow only the project owner to write, any can read. Now CFMX code can scan the backend directory and authorize what the user can see. Meanwhile Apache can't leak the files on its own. Application code must decide whether to read from those directories, and decide what to send to who. (And it's late, so I'm too tired to clean the grammar.) Anyway, dittos on all the rest, and THANKS! Hope it helps.

How to add RSS Autodiscovery to your site

Thanks for this very useful tip, i will be implementing this over at www.usbcompany.co.uk/blog Merci!

LIMIT and OFFSET SQL Pagination

What would be LIMIT clause to select the first 25 records of a table then the next 25?

FTP Scripts on windows

I need to append the date/time to a file I'm FTP'ing to another server. my current script is: ftp -i -s:d:\Apps\Myfile\Scripts\Send_Approvals.ftp "IP Address">> c:\Apps\Myfile\Archive\ApprovalsSendFTPLog.txt move "c:\Apps\Myfile\Files\Approvals.csv" "c:\Apps\Myfile\Archive" My question is do I need to write a seperate script to append the date/time to the file? Or can I include it in the above? Thanks Sam

Ajax Same Origin Policy No More with Firefox 3.5

@William - I would hope not, but I haven't tested it. I'll test that when I have a chance.

Ajax Same Origin Policy No More with Firefox 3.5

Can the value be overwritten by anyone sending a custom header? e:g xhrObject.setRequestHeader("Origin","foo.com")

Tips for Secure File Uploads with ColdFusion

@Sean - They don't necessarily have to be able to predict it, the application may disclose it in an image tag, or link. Adding Application.cfc/cfm is a good idea, but it can only block ColdFusion requests, I could upload a .jsp file instead, or some other file type that might be executed server side.

SQL to Select a random row from a database table

I have database of having 20000 rows, I would like to display all the reocords but in random order. The scenario is like this when people search they should get diffrent set of records in first page. I am using MS .sql2005. Suggest the optimized SQL statement for the above scenario.

Gravatar's not showing up?

testing for first time

Tips for Secure File Uploads with ColdFusion

Just so I'm clear: the problem isn't really that they can upload a CFML file, it's that they can predict the URL afterwards in order to execute it, right? If so, placing an Application.cfc / Application.cfm file in your images directory that blocks requests would be sufficient to prevent execution? Or am I missing something?

Apple 30 Inch Cinema Display Boosts Productivity up to 73%

Just wanted to say that though this is an thread, it's still very useful! Cheers :) /Doug

Ajax Same Origin Policy No More with Firefox 3.5

@Tom - Yes it is enforced in the client's browser, and specified server side in the http response.

Ajax Same Origin Policy No More with Firefox 3.5

Pete, how is the Access-Control-Allow-Origin header enforced? Is it enforced in the client's browser?

Tips for Secure File Uploads with ColdFusion

@Jamie thanks, yes that is worth noting. I didn't intend to suggest that S3, or some third party CDN was the only way.

Tips for Secure File Uploads with ColdFusion

Great tips, thanks for sharing, Pete. I'm comforted by the fact that I tend to follow all suggestions you've made, with the exception of a static content server. I really do like that idea and intend to leverage Amazon S3 for static content whenever possible in the future. It's worth noting that you could achieve similar security on your own server, if needed, by leveraging Apache and creating a static content virtual host. You can have that virtual host limit file extensions and/or mime types and rewrite to 403-forbidden any suspicious requests.

Tips for Secure File Uploads with ColdFusion

@jason olmsted - Make sure you sanitize the customer supplied file name before sticking it in the db, as they could potentially include something to trigger XSS, you can use this regex: ReReplace(fileNane, "[^a-zA-Z0-9_-]", "", "ALL"), and ofcourse still use cfqueryparam (always use it :) @jason dean - glad you found it useful, feel free to post about this on your blog as well. The more people who read about it the better. @mike letson - Using JavaScript validation is good for user experience but doesn't have any effect on security.

FTP Scripts on windows

Hi, I want to write script to open ftp with user and password in one script echo off ftp ftp.server.com username password doesnt work help me please how with one comand to get in ftp

Looking for Java Blogs?

If you're looking for a blog about java, check out this one: http://javablogging.com

Ignore Files and Directories in Subversion

Thanks so much to all, and especially Max William's comment about files already in the repository: he helped me avoid pulling the rest of my hair out!

Tips for Secure File Uploads with ColdFusion

When I upload files, there are two things I always to before it gets to the action page (or code block). First, I use JavaScript to inspect the file extension and act accordingly. Second, I do the same extension validation on the server side. If all is well, then the suggestions offered here would be good!

Tips for Secure File Uploads with ColdFusion

Pete, great post. Thanks for the tips. I've been meaning to blog about this myself. You beat me to it. But you also covered quite a lot that I didn't know, so thank you for that. Very enlightening.

Howto Create an RSS 2.0 Feed

Thanks, very efficient.

ColdFusion Garbage

I have just posted a new blog entry which shows how you can do programmatic garbage collection if your memory gets below a certain threshold.. Hope it helps:- http://www.beetrootstreet.com/blog/index.cfm/2009/6/25/Clearing-ColdFusion-memory-using-garbage-collection-when-memory-gets-low

Using Subversion Hooks to send out build emails

The title already says all... just download my <b><u>F.R.E.E. 5-page ebook</u></b> and start using the strategies explained here: http://bit.ly/sell-hosting

SQL to Select a random row from a database table

how to delete top n records in terdata?

SQL to Select a random row from a database table

Does anyone know how to "remember" a random selection so i can preform a second action on the same records? Using MS-SQLserver 2000

Tips for Secure File Uploads with ColdFusion

I'm revisiting an app that allows customer file uploading, and one approach I'm considering is using CreatUUID() to generate a server side file name and stick the customer provided filename in a related database entry (going through cfqueryparam, of course).

Tips for Secure File Uploads with ColdFusion

@Tom Great tip, thanks for posting

Tips for Secure File Uploads with ColdFusion

Thanks Ben!

Tips for Secure File Uploads with ColdFusion

Great set of tips; I'd also suggest that if you have Apache, watch out for any uploaded files that have multiple file extensions (e.g., file.php.html). By default, Apache will run the file with the PHP handler even though the last extension is something else. See http://www.mollerus.net/tom/blog/2009/02/watch_out_for_apache_handling_of_files_with_multip.html

Tips for Secure File Uploads with ColdFusion

Pete, excellent tips. Disabling execute permissions on uploads directory is really nice.

Tips for Secure File Uploads with ColdFusion

I think the browser may be able to send the appropriate mime type if there is no file extension (I would have to look into that further), but remember you can't trust what the browser sends anyways, it could be spoofed.

Tips for Secure File Uploads with ColdFusion

This may be a silly question, but if someone is uploading from a Mac, will it still be able to verify from the extension if there isn't one?

SQL Server Express 2005, Finally Installed

thank u yaar i was also havin the same problem...hope this works for me.

Cheat Sheet Roundup - Over 30 Cheatsheets for developers

Great article, thanks for the cheatsheet!

Using Apache Bench for Simple Load Testing

hello pete, while i was trying to use the ab cmd,i could not get my ip addr either by ipconfig or /sbin/ifconfig -a the problem is i get different ip addr's.. how should i check the performance?

Styling input based on their type with CSS

I am using IE 8.0.6001.18783 I created a style that used your input.text and put the class reference. That worked. However, I did the same (copy paste) to input.button and that did not work. In the html, I used 'class="text"' and that worked. but 'class="button"' did not work. I also added input:button, input#button, input->button and anything else I could think of for future parsing approaches to the CSS file. Help?

CSS Techniques Roundup - 20 CSS Tips and Tricks

Whats the difference between the real apple iphone and this fake one pictured below http://321ce99b.thesegalleries.com Can they do everything an iphone can? or are they just rubbish.. anyone know?

Simple Flex Tutorial

I have written more on the power of Flex and handling browser links with Flex here: http://groups.adobe.com/posts/6bca8cb2e9

How to add RSS Autodiscovery to your site

Sorry, but i still don't understand it....

Ignore Files and Directories in Subversion

Throwing my few cents in on the osx svn front end: SmartSVN Foundation edition is the most full featured, free SVN client I've found for OSX yet. There's a SmartSVN Professional edition with a few more bells and whistles but for any of the unsupported tasks you can always drop back down to the command line.

Ignore Files and Directories in Subversion

Hi Pete, thanks for this post, i just googled to it. It's worth pointing out (i discovered from painful experience), in shouty caps, this fact: ONLY FILES WHICH ARE NOT IN THE REPOSITORY ALREADY CAN BE IGNORED! IF YOU WANT TO IGNORE SOMETHING THAT IS IN THE REPOSITORY THEN SVN DELETE IT FIRST!

How to add RSS Autodiscovery to your site

Wounder why mine was not working not sure it was the problem from blog catalog or form my this blog http://www.prime-targeting.com

New Poll: Do you use RDS?

Hi, gr8 post thanks for posting. Information is useful!

Web Form Security and the Middle Man

why is it necessary to secure a webform from webbots?

Have a good firefox extension idea?

Hey How About Mute Sound for the Browser.. Just for the Browser not mute the whole PC..

ColdFusion 7 Strong Encryption

can anyone help me out in writing the sample code for TRIPLEDES encrytion.

Stopping Pre Approved Credit Card Offers

If you don't want to give your SS number you don't have to. Just wait and let the system prompts try to capture the information twice. If it cannot "hear" you SSN, it will move on to the next and final question (your birth date). If it cannot "hear" your birth date, it will still attempt to remove your name from the list. However, I would say that if you a "John Smith" you might want to help the system remove your information by providing more specific information.

Simple Flex Tutorial

How would you make the button cycle through different RSS feeds? I've been working at this for hours now and can't quite figure it out. I'm sure it's a quick fix for someone who knows what they're doing.. Thanks so much in advance!

Gravatar's not showing up?

Hey! Its showing up here, then why not on my blog...

Gravatar's not showing up?

Me too testing...

SQL to Select a random row from a database table

Thank you- Very helpful. Exactly what I needed for SQL Server.

Deal Shopping Sites Roundup

Need to had Dealbrothers.com of all your Mac and PC needs

FTP Scripts on windows

Once more with more newlines :) To get this to work for me, my script had to look like this: open ftp.server.com user name passwd bin get filename filename bye and my ftp invocation needed the -n ftp -n -s:script.txt

FTP Scripts on windows

To get this to work for me, my script had to look like this: open ftp.server.com user name passwd bin get filename filename bye and my ftp invocation needed the -n ftp -n -s:script.txt

Finding Duplicates with SQL

I have a list of duplicates that I am trying to mark the first occurence of the duplicates as active and the remaiing as inactive. does anyone know how I can do this?

Setting up public key authentication over SSH

This works... Thank you, it used to be soo complex for me before, now I can login all my servers.

MySQL Command Line Help

Thank u Anonymous

AJAX Tutorial with Prototype

simple and understandable tutorial.. http://www.allergycheckpoint.com Thanks

Finding Duplicates with SQL

Thanks a lot

DateFormat for SQL Server

Now there is a FormatDate function as well as other formatting functions for SQL Server 2005 and SQL Server 2008 at www.westclintech.com

Google Calculator

hate this

Finding Duplicates with SQL

Thanks...great help

Styling Your forms with CSS and Labels

The article code works well, but I cannot figure out how to format using the same technique as the top comment. I cannot seem to get the boxes to left-align like the presented in this article. Has anyone been able to get this version to display the same: "I've found I prefer myself to nest the form element inside the label tag and and style the labels like block elements, without using break tags."

How to add RSS Autodiscovery to your site

Very Nice post indeed.I will use it for my blog http://www.mygr8blog.com Cheers, Sandy

How to add RSS Autodiscovery to your site

What's nice is that Blogger includes this RSS autodiscovery functionality by default, like in this blog - http://al3ashek2.blogspot.com/

Finding Duplicates with SQL

Great and simple solution good work ....

SQL: Distinct values from two tables

I have 2 tables, One have 2 rows and another have 3 row. I want to see the both of two table in one table. But the desire table show SIX row. But I want to see the three rows. But How?

How long does it take to get a Google PageRank

i think 3 months check http://www.thegetpr.com quality links matter for backlink

How to add RSS Autodiscovery to your site

What's nice is that Blogger includes this RSS autodiscovery functionality by default, like in this blog - http://redheadedkids.blogspot.com

Finding Duplicates with SQL

Thank you so much for the valuable information on removing redundancy from a table. Please follow the link below to get more information on Deleting duplicate records from a table efficiently. http://www.sqllion.com/2009/05/delete-duplicate-records/

SQL to Select a random row from a database table

how can i select or delect a particular row from a table in my database using sql*plus

CFML on Google App Engine for Java

I agree with Pete, free certainly got my attention. With SDK for Java 1.2.1 is out, I hope there is a solution soon for CF

Parsing, Modifying, and outputting XML Documents with Java

By www_vigshakri_com

Parsing, Modifying, and outputting XML Documents with Java

The above example is by krishnan@vigshakri.com

Parsing, Modifying, and outputting XML Documents with Java

XML File for the above sample <?xml version="1.0" encoding="UTF-8" standalone="no"?><Personnel> <Employee type="permanent"> <Name>KRISHNAN</Name> <Id>1005</Id> <Age>37</Age> </Employee> </Personnel>

Cheat Sheet Roundup - Over 30 Cheatsheets for developers

Here is an emacs cheatsheet: http://grok-code.com/207/51-insanely-useful-emacs-shortcuts/

Parsing, Modifying, and outputting XML Documents with Java

Below is the Example of creating XML file using Java and simple understanding of root and element import java.io.StringWriter; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.transform.OutputKeys; import javax.xml.transform.Transformer; import javax.xml.transform.TransformerFactory; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; import org.w3c.dom.Document; import org.w3c.dom.Element; public class vsktestXML { public vsktestXML() { try { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); DocumentBuilder builder = factory.newDocumentBuilder(); Document doc = builder.newDocument(); // Setting the ROOT Element results = doc.createElement("KOKO"); doc.appendChild(results); //Setting the First ELEMENT Element row = doc.createElement("ITDEPT"); results.appendChild(row); //Setting the CHILD 1 String columnName = "SERVER"; String val = "VSKSERVER"; Element node = doc.createElement(columnName); node.appendChild(doc.createTextNode(val)); row.appendChild(node); //Setting the CHILD 2 String columnName2 = "PC"; String val2 = "VSKPC"; Element node1 = doc.createElement(columnName2); node1.appendChild(doc.createTextNode(val2)); row.appendChild(node1); //Setting the CHILD 3 String columnName3 = "NETWORK"; String val3 = "VSKLAN"; Element node2 = doc.createElement(columnName3); node2.appendChild(doc.createTextNode(val3)); row.appendChild(node2); DOMSource domSource = new DOMSource(doc); TransformerFactory tf = TransformerFactory.newInstance(); Transformer transformer = tf.newTransformer(); transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); transformer.setOutputProperty(OutputKeys.METHOD, "xml"); transformer.setOutputProperty(OutputKeys.ENCODING, "ISO-8859-1"); transformer.setOutputProperty(OutputKeys.INDENT, "yes"); StringWriter sw = new StringWriter(); StreamResult sr = new StreamResult(sw); transformer.transform(domSource, sr); System.out.println("<?xml version=\"1.0\" encoding=\"UTF-8\"?> " ); System.out.println(sw.toString()); } catch (Exception e) { e.printStackTrace(System.out); } } }

Simple Flex Tutorial

Hi - most of your textboxes are too small in IE 7.0 to display the content.

Web Services Problems with ColdFusion 8 on a Mac

on a mac, to get: java -version producing the same as: ./CurrentJDK/Home/bin/java -version or ./Current/Home/bin/java -version Open /Applications/Utilities/Java/Java Preferences.app Drag and drop the versions and osx adds/removes some aliases/symlinks.

How to add RSS Autodiscovery to your site

hi i can't use it, it just show some error, and now my post doesn't show up! please look here, and give me some respons: http://killer-generation.blogspot.com

Seinfeld's Productivity Tip

> Now think of Seinfeld screaming > Don't break the Chain!. Seinfeld? Sounds more like a Fleetwood Mac reference.

Simple Flex Tutorial

Hey - I changed his code to make it work with Flex 3. Here it is ! <?xml version="1.0" encoding="utf-8"?> <mx:Application xmlns:mx="http://www.adobe.com/2006/mxml" creationComplete="httpRSS.send(null)"> <mx:Script> <![CDATA[ import mx.rpc.events.ResultEvent; import mx.collections.ArrayCollection; [Bindable] private var dataFeed:ArrayCollection; private var theEvent:ResultEvent; private function feedHanlder(event:ResultEvent):void{ theEvent = event; dataFeed = event.result.rss.channel.item as ArrayCollection; } private function fillBody(event:Event):void{ var item:Object; item = dataFeed.getItemAt(entries.selectedIndex, 0); body.htmlText = item.description; } ]]> </mx:Script> <mx:HTTPService id="httpRSS" url="http://www.petefreitag.com/rss/" result="feedHanlder(event)" /> <mx:Panel id="reader" title="Pete Freitag's Blog Reader" width="500" height="100%"> <mx:Box verticalAlign="middle" horizontalAlign="center" width="100%"> <mx:DataGrid id="entries" width="100%" dataProvider="{dataFeed}" itemClick="fillBody(event)"> <mx:columns> <mx:DataGridColumn dataField="title" headerText="Title" width="200" /> <mx:DataGridColumn dataField="pubDate" headerText="Date" /> </mx:columns> </mx:DataGrid> <mx:TextArea id="body" editable="false" width="85%" height="300" /> <mx:Button label="Load Blog Entries" click="{httpRSS.send()}" /> </mx:Box> </mx:Panel> </mx:Application>

How long does it take to get a Google PageRank

I had a pagerank of 4 on www.alpinebusinessbrokers.com and now it's zero. Any suggestions would be appreciated.

The Proper Content Type for XML Feeds

Hi, can any one guide me, i have created an rss feed, which displays perfectly in text/xml content type, but on application/rss+xml or application/atom+xml it does not display any thing in my browser, what would be the problem. i am not able to directly click and subscribe to the created rss feed using outlook.

Web Services Problems with ColdFusion 8 on a Mac

Oops, forgot to subscribe to the thread. Thanks to anyone out there who can help! Mark

Web Services Problems with ColdFusion 8 on a Mac

Ok, I know this is about a year later for this post but I cannot get CF8 to register or use webservices. I've tried several different ones that I am able to display using a browser and a SOAP client so I know they are good. Any help would be appreciated. Below is my environment and settings Thanks, Mark Server Product ColdFusion Version 8,0,1,195765 Edition Developer Serial Number Developer Operating System Mac OS X OS Version 10.5.7 JVM Details Java Version 1.6.0_07 Java Vendor Apple Inc. Java Vendor URL http://www.apple.com/ Java Home /System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home Java File Encoding MacRoman Java Default Locale en_US File Separator / Path Separator : Line Separator Chr(10) User Name Mark User Home /Users/Mark User Dir /Applications/ColdFusion8/runtime/bin Java VM Specification Version 1.0 Java VM Specification Vendor Sun Microsystems Inc. Java VM Specification Name Java Virtual Machine Specification Java VM Version 1.6.0_07-b06-57 Java VM Vendor Apple Inc. Java VM Name Java HotSpot(TM) 64-Bit Server VM Java Specification Version 1.6 Java Specification Vendor Sun Microsystems Inc. Java Specification Name Java Platform API Specification Java Class Version 50.0

Expose for Windows

Hi! COOL SITE! NICE CONTENT! I WISH YOU SACCESS!. I am from Colombia and also now am reading in English, tell me right I wrote the following sentence: "Blog entry about cheap turbo tax dymo twin turbo." Thank you so much for your future answers :-(. Ion.

Java 1.5 for FreeBSD Patchset Released

i want to run mig33 jar file in my pc

Simple Flex Tutorial

Excellent Pete.This is very good example for a starter like me.Thanks...

Setting up public key authentication over SSH

Many thanks for the tutorial. It was easy to follow and to the point.

Simple Flex Tutorial

how do i use this rss feed example while running on a server like Tomcat 5.5?

Serializing CFC's in ColdFusion 8

I found this CFC for creating XML objects from CFCs (and vice versa)in the meantime. It DOES work with Arrays, etc: http://www.celticinternet.com/blog2/post.cfm/cfc-serialisation-with-coldfusion-8

How to Comment Code Better

?fgdgdg s?erdercenes is fresh in your mind. </quote> has writing pseudocode beforehand fallen out of favour? do ppl no longer map out what they want to do (in pseudocode), use that as comments in the source and then add real code around it?

Have a good firefox extension idea?

uTorrent throttle addon preset values, for example high and low. How it works: When you try to load a webpage, download, etc, it should throttle utorrent via the web interface and set it to minimum bandwidth so that firefox can load webpages fast. After the page is loaded, it should set utorrent throttle to the way it was.

Returning TOP N Records

Thanks Pete. Helped me with a CFC that's querying MSSQL and Sybase.

Finding Duplicates with SQL

Dear friends,, I m new in sql how to create a table..