This message was deleted.

Talk to me about the pros and cons of doing http > http redirects in code vs in IIS. IIS seems like fewer in-house moving parts, and applies to all file types, for better and worse.

How often does CF Server clear the template cache? Is there a way to set the frequency?

Does anyone use Oracle with ACF and have had issues trying to run MERGE INTO queries in queryExecute/cfquery? I'm on ACF 2021 and Oracle 19C, but it's happened on previous releases as well. Something like this https://www.oracletutorial.com/oracle-basics/oracle-merge/ for the query. Either it works great and executes the query, or it just hangs forever and I can't find any error logs. The same query will run fine directly against the database.

Hi, Is there anyone using Adobe Sign API, in conjunction with CFML? I freely admit I am a novice where API's are concerned, and working with CFHTTP If I copy and paste this URL, I get correct functionality (I think):

<https://secure.au1.adobesign.com/public/oauth/v2?redirect_uri=https://localhost/testsign/redirect.cfm&response_type=code&client_id=myclient> id goes here&scope=user_login:self+agreement_write:account&state=S6YQD7KDA556DIV6NAU4ELTGSIV26ZNMXDSF7WIEEP0ZLQCLDQ89OYG78C3K9SROC8DXCGRVSGKU1IT1

but when I attempt to call the command with CFHTTP it never really works:

<cfhttp result="result" method="post" charset="utf-8" url="<https://secure.au1.adobesign.com/public/oauth/v2>">
	  <cfhttpparam
		type="FORMFIELD"
		name="response_type"
		value='code'
	  />
	  <cfhttpparam
		type="FORMFIELD"
		name="client_id"
		value='myclient id goes here'
	  />
	  <cfhttpparam
		type="FORMFIELD"
		name="redirect_uri"
		value="<https://localhost/testsign/redirect.cfm>"
	  />
	  <cfhttpparam
		type="FORMFIELD"
		name="scope"
		value='user_login:self+agreement_write:account'
	  />
	  <cfhttpparam
		type="FORMFIELD"
		name="state"
		value='S6YQD7KDA556DIV6NAU4ELTGSIV26ZNMXDSF7WIEEP0ZLQCLDQ89OYG78C3K9SROC8DXCGRVSGKU1IT1'
	  />        
</cfhttp>

When I dump cfhttp.FileContent it contains HTML basically saying Invalid_request Hopefully I am doing something obviously incorrect that someone can point out easily? Or better yet a working example! Thanks,

Does anyone have a good argument for not allowing apostrophes (single quotes) in file upload names? I feel that apostrophes should not be used in filenames, but can’t find any definitive rule that tells me if this is valid or not. I have a system that restricts file upload names to be limited to \w characters, spaces, and hyphens, but some of my clients who use the system would like to able to upload files with apostrophes in the filename. Is denying apostrophes just a bias that I have or can someone point me to a valid reason to not allow them?

is there any mysql wrapper for crud, i see there are many for SQL server but none for mysql

CF 2021 security question (I may have more!). The docs say this:

To enhance security for the ColdFusion server on Windows, restrict access to the following files to selected ColdFusion users:
/cfusion/lib/seed.properties
/cfusion/lib/password.properties
/cfusion/lib/license.properties
/cfusion/bin/passwordreset.bat
/cfusion/bin/cf-passwordreset.jar

My understanding is that in general, the user CF runs under needs full access to the files in the ColdFusion install. • Is that right? • But these files are an exception? • I ignorantly assume CF needs to read them at least, yes? • So are they saying CF should have read permissions only, to those files, only, but full access to the rest of the CF directory?

I believe they are saying "only your CF service account should have access to these files"

ACF logging question. Is there a way to add the value of an application variable / request header to the output to all coldfusion-out, webservice, http logs? - any and all logs relevant to a request. Expanding: correlation ids are available on all incoming and outgoing request but unless I explicitly write a log to output the value they are never visible. Exceptions are OK as they can be handled, but not every request is an exception. I hope 😉

IIS question. For lockdown, I've configured some URL patterns to be denied in Request Filtering, and configured a 404.5 Error Page pointing to a local URL on the site, but it still shows this generic but overly specific error message:

HTTP Error 404.5 - Not Found
The request filtering module is configured to deny the URL sequence.

That comes from the 404-5.htm file in the error pages location. Can I not override that error page for some reason?

Does cfdocument handle external stylesheets when generating from HTML, such as tailwind/bootstrap? If not, does Adobe PDF document services? Are they rendered faithfully in either/both cases?

We're not using the Performance Monitoring Toolset, and at least for now, don't plan to, but it's already installed, I think, maybe (I didn't do the install). Rather than go through the risk and effort of having it there but locking it down, I wondered it we could just uninstall or disable it. The agent does show up as installed in the package manager. However, one of the first things the lockdown guide says to do is to update the PMT's jvm, at C:\ColdFusion2021PerformanceMonitoringToolset\jre, but ColdFusion2021PerformanceMonitoringToolset doesn't exist at the root of C, or next to or inside the actual CF install dir. Does that mean it's not actually installed, and I don't need to think about this further?

Hi, I've done some searches without luck then I'm asking here. Our company is using for production sites ACF installed using the Adobe Installer, then we got apache tomcat as JEE Application Server (I'm using the term present in ACF2021 support matrix). We are using CommandBox on dev and qa env, and I would like to suggest to use also in production but I'm not able to understand what JEE App Server is used by CommandBox, and to understand if I will be able to get support from Adobe (we have support contract) . Hope is clear. Regards

anyone successfully using the Adobe CF API Manager? I've been playing around with it and it seems rather clunky and thrown together. I'm having second thoughts about attempting to use it

Anyone have tips or tricks for searching encrypted data in an SQL database? If it was 1,000 rows or less then I would just pull them all into a temp CF query and parse them, but there are 130,000+ rows and that is likely not practical. At least one field would require a partial search so I wouldn’t be able to just search fully encrypted strings.

Is there a function like NumberFormat, but able to format things like phone numbers?

where can I get Mach-II documentation? I need it to fix issues in old application.

Does anyone know of an easy way to embed an ACF CFML page in an iframe? The page loads, but sessions / cookies aren’t. I’ve tried J2EE and Redis sessions. I’ve tried storing session information in memory, in cookies, and in client variables. Nothing seems to work. Am I missing something obvious?

Is the iframe source is using the same protocol and domain as the parent page?

Indeed. Both https.

anyone used phython in cfml or lucee as a custom tag, if yes can anyone please guide or share any piece of code. i read somewhere cfexecute can do it ?

i paced my error.cfm in the

cf_scripts/scripts/error.cfm

directory and now it can seem to find it in cfadmin as site wide error handler, for cf2021

is something wrong, i am using iis for my websites

I've checked docs and can't find what the default applicationtimeout is. So if my applicaiton.cfc is the following, when does onApplicationStart() run again?

component {
   this.name = "test";
   public boolean function onApplicationStart(){
      application.uniqueid = createUUID();
      return true;
   }
}

@Daniel Mejia It doesn't. The application timeout is defined in the cfadmin or in your application code ... this.applicationTimeout = createtimespan (..). Now, in order to get around this, I put some code in the 'onRequestStart()' that says

if ( structKeyExists(url, 'reload') )
{
    // Lock the scope
    lock scope='application' type='exclusive' timeout=10
    {
       // Call onApplicationStart() to reload
       onApplicationStart();
    }
}

Trying to get SAML setup w/ Google and Azure AD. Does anyone have a walkthrough of it, starting with Google and focusing on the SP setup. They don't like the request right now.

i have one site and it has some sub domains and i am trying to use sesions across subdomain, so i have test.mydomain.com which calls the windows authentication to testwindowsauth.mydomain.com and sets some session variables, i want once it is logged or not logged, i should be able to use the sessions being setup on ayth on test so i do not have to write logic to pass the session data throuhg the url, its a security issue which is making a problem