I have a bit of a security design question! I have a form open to the public that can accept files. On submit of the form, I use Javascript to scrape all the data/files that the user would like to submit, and then I use AJAX to save the data/files to my server/database. As this is public, I would like to defend it from being attacked and having tons of bogus files and data being sent to it from black hat hackers. I've made some preparations to limit the numbers of files uploaded by keeping track of the number of files uploaded in the session scope, but I'm still unaware of anything else I could be doing. Any advice for a young dev?

Hi, I am trying to create an appointment in an outlook email a/C through EWS Java API. I could set up a successful connection and also get the total number of emails in the inbox. But my code for creating appointments in the calendar doesn't work, and I can not figure out what i am overlooking ? This is the Java code i am trying to convert to CF- https://github.com/OfficeDev/ews-java-api/wiki/Getting-Started-Guide#appointment-creation Documentaion of Java EWS API - http://officedev.github.io/ews-java-api/docs/releases/api-2.0/apidocs/allclasses-noframe.html Much thanks for any hint.

folderName = createObject("java", "microsoft.exchange.webservices.data.core.enumeration.property.WellKnownFolderName");

mailBox = CreateObject("java","microsoft.exchange.webservices.data.property.complex.Mailbox").init("user@domain","SMTP")

subject = CreateObject("java","java.lang.String").init("test");
MessageBody = CreateObject("java","microsoft.exchange.webservices.data.property.complex.MessageBody").init();
body =  MessageBody.getMessageBodyFromText("test123") 
	
appoitnment = CreateObject("java","microsoft.exchange.webservices.data.core.service.item.Appointment").init(ExchangeService);

formatter = CreateObject("java", "java.text.SimpleDateFormat").init("dd-mm-yyyy hh:mm:ss");
			
appoitnment.setStart(formatter.parse("2023-02-15 01:00:00"));
appoitnment.setEnd(formatter.parse("2023-02-15 02:00:00"));
appoitnment.setSubject(subject);
appoitnment.setBody(body);
							
SendInvitationsMode = 	CreateObject("java","microsoft.exchange.webservices.data.core.enumeration.service.SendInvitationsMode");
			
folderIDCalendar = CreateObject("java","microsoft.exchange.webservices.data.property.complex.FolderId").init(
        folderName.Calendar,
		mailBox);

// appoitnment.save(folderIDCalendar, SendInvitationsMode.SendToNone)
// appoitnment.save(SendInvitationsMode.SendToNone)
appoitnment.save(folderName.Calendar , SendInvitationsMode.SendToNone)

I just discovered something (I think is) interesting. the local scope contains the arguments scope in ACF (but not in Lucee). https://trycf.com/gist/6050f996d30b9dff8f7094ab79d15ff2/acf2021?theme=monokai

Has anyone been doing anything with the OpenAI API? How much time are your spending training the data? How much ongoing time are your spending making sure the results it's returning are reliable? Are you training it on very specific known data? Or are you trying to have it learn from the data in your system?

We're seeing a weird issue where occassionally we're seeing requests come in that have been re-encoded by something outside of our control. For example, the application will generate a link like: /some/endpoint_is_here?a=1&b=2 And what the server receives is: /some/endpoint%5is%5here?a=1%26b=2 I've verified the issue isn't with our application stack and we only see if from two of our clients locations (but mostly from one location). This doesn't happen frequently, like I would say like 0.000001% of all requests (maybe even lower). We see it a few times a week out of millions of requests. What I suspect is happening is that either some software running in the client or site-wide (like a web firewall) is running that is altering the request and for some reason believes the URL needs to be re-encoded (or it's just a bug in the software). I know for a fact that the company we see the issue with most has some kind of outgoing web firewall/proxy inspection tool that they use. Has anyone else seen this behavior? Anyone know what might be causing this? Perhaps it's a bug with CloudFlare (which are production environment uses), but since I've only ever seen the issue from two client locations, I suspect it's more likely related to something in their environments. I've inspected all the HTTP headers of the requests and there's nothing there that help pinpoint to a root cause. I was hoping that if there was a some kind of web firewall re-writing the request that there might be some kind of signature that indicate what it was, but there's nothing there that seems to indicate anything unusual. I'm trying to figure out the best way to resolve the issue.

By any chance is anyone here using kafka with cf-2021? At one point I had a working example in cf-2016 or cf-2018, but I am not finding my old proof-of-concept code and I cannot remember the magic used to get it working. Sigh. https://mvnrepository.com/artifact/org.apache.kafka/kafka-clients

Hi! I'm currently migrating an app from Lucee to Adobe Coldfusion 2018 and I'm working through all of the errors I've generated because of that 😅 An error that I'm having a particularly difficult time with is that I have some javascript code that sends an ajax request:

await $.ajax(

{

type : "POST",

url : "./includes/ajaxColdfusion/formEditor/publishUnpublish.cfc?method=publish",

data : JSON.stringify(sendData),

dataType : "json",

cache : false

}

)

The javascript console keeps returning the following error: jquery-3.6.1.min.js:2 POST http://localhost:9001/includes/ajaxColdfusion/formEditor/publishUnpublish.cfc?method=publish 400 (Bad Request) I've attached screenshots of the error as well. I understand the change that I've made from Lucee to Adobe ColdFusion 2018 must mean that there's something to do with the way cfcs are accessed remotely, as I can access this method and successfully get an output if I copy and paste the address into my browser. I'm curious if anyone knows what mistake I might be making or if there's a resource for devs trying to take a Lucee app and make it work for Adobe ColdFusion.

Adobe’s Mark Takata is going to show us the next version of ColdFusion known as Fortuna at the next meeting of the Mid-Michigan ColdFusion Users Group on Feb 21st at 7 pm eastern time. He will show us examples of the new HTMLtoPDF engine, GraphQL and more. Meeting URL: https://tinyurl.com/2zb633pj A recording will be available on our group’s YouTube channel in a few days at https://youtube.com/@cfml

I need help consuming a SOAP web service. https://beta.ncourt.com/X-Direct/Gateway_Save_Transaction.asmx?op=SaveTransactionInfo

I tried this: https://pastebin.com/sh41VesX

And I get the error: Web service operation SaveTransactionInfo with parameters {request={<?xml version="1.0" encoding="utf-8"?>... cannot be found.

Do I have to write a cfinvokeargument tag for each node of the XML?

There's a discrepancy in config between our staging and prod Lucee, so

<cfscript>
    local.array = [1,2,3]
    local.array.each((struct item, numeric rowNumber) => {
		dump(arguments.item);		
	});
</cfscript>

This errors with

Invalid call of the function [lambda_7o0h], first Argument [item] is of invalid type, Cannot cast Object type [Number] to a value of type [struct]

as expected but no error on our staging env. Anyone know what config controls this?

Or do I just have the name wrong for the variable? I just called it "request" and passed the XML packet in it.

Holy crap, it’s finally happening: https://webkit.org/blog/13878/web-push-for-web-apps-on-ios-and-ipados/ There’s about to be a lot less need for Cordova/Capacitor apps soon and a lot more demand for good PWAs, I think.

Also, lots of demand for those annoying banners to show you how to install a web app on iOS. 😅

I love trying to test a potential bug in Lucee and finding a different bug in CF whilst trying to write the "control" part of the test.

how can i seperate my emails on dev/test environment to be delivered to me instead of actual emails

can i do something in my cfadmin settings so they are always redirected to my account, even the cc and bcc

Hi again! I'm the guy who migrating an app from Lucee to Adobe ColdFusion 2018. There's a part of my app that worked fine in Lucee, but now's it got a weird behavior that it is exhibiting in Adobe ColdFusion.

<cfloop index="i" from="1" to="#rc.tblFormDataForFormFK.recordCount()#">

<cfscript>

// Each row of the submission viewer page is stored in a submission record query object

local.submissionRecord = rc.submissionResponses.filter( function(_submissionRecord)

{

return _submissionRecord.FormDataFK is rc.tblFormDataForFormFK.getRow(i).FormDataPK;

});

</cfscript>

...

So what I'm doing is I'm calling queryFilter at the top of a loop. In Lucee, this worked as expected: The function called stored a query object within

local.submissionRecord

containing all of the rows from

rc.tblFormDataForFormFK

that had the same FormDataFK column. It appears queryFilter iterates on every row of the query it is called for, as placing a writeDump inside of the queryFilter callback function printed a message for each row in

rc.tblFormDataForFormFK

. For every invocation at the start of the loop, this works. Switching over to Adobe ColdFusion, it seems like the queryFilter function doesn't work the same way. The first step the function ran and it worked correctly, producing the same result as Lucee. On the second step of the loop, it only seemed to iterate over several of the rows within the queryFilter function, as the same writeDump statement as I mentioned earlier did not print a number of messages nearly equal to the number of rows in the query being filtered. On the 3rd step of the outer loop, no write dump messages were printed. My question is, is this intentional behavior? What can I do to get queryFilter to filter over the entire query on each step of the outer loop?

Anyone using @bdw429s's amazing Sentry module? Any idea how to get the actual error type to have more verbosity than just "application Error"? I can't see any attribute/param to define this.

anyone ever run into the max limit of the number of list items (numeric) in a queryparam list="true" for sql server? docs suggest a hard limit of 64K items in an IN clause, but i'm more concerned about cf's handling of the bind parameters if i was to pass in a 10,000 item list to a single queryparam

Adobe’s Mark Takata is going to show us the next version of ColdFusion known as Fortuna at the next meeting of the Mid-Michigan ColdFusion Users Group tonight at 7 pm eastern time. He will show us examples of the new HTMLtoPDF engine, GraphQL and more. Meeting URL: https://tinyurl.com/2zb633pj A recording will be available on our group’s YouTube channel in a few days at https://youtube.com/@cfml

I've talked before about apparent cache corruption in a big cf 2018 app, where it starts throwing nonsense errors until we clear the template cache, which fixes them immediately. Of course I'd rather that didn't happen, but we've been unable to nail down a cause. Adobe has pretty much stopped responding, which is unfortunate, but I understand, somewhat anyway, because I don't have steps to reproduce. So my next stop is to try to automate recovering from it. Using <cfcache...> to clear the template cache is one piece, but the other thing that often happens in this case is that some datasources stop working. The fix we do for that is to refresh all the datasource, by verifying them all in cf admin. Here's my question: Is there some procedural equivalent to that action in the admin UI?

rying to figure out if array[1] is undefined or throwing error, want to use a ternary operator using a try catch to see if it has an error, throw as 0 else null, how can it be a one liner,

my try: <cfset x = try { isDefined('array[1]') } ? catch(any e) {0} : array[1]>

is the above right

does not seems to be working thou

Seattle CFUG February meeting is Tomorrow, Feb. 22 @ 5pm Pacific -- Topic: Using oAuth instead of Basic Authentication with CFMail by @leonod -- RSVP at https://www.seattlecfug.org/meetings/

what is the exception type of this kind [Macromedia][SQLServer JDBC Driver]Connection reset by peer: socket write error i do not want to use use any, can i use custom and if yes what i need to pass in the custom

Most likely a dumb question but how do I create a static bearer token that someone can send back to me when using my API?

Tomorrow at 12:00pm (Hawaiian Time) the Hawaii ColdFusion User Group will be presenting, Introduction to Docker for ColdFusion Developers with Jim Priest, please sign up on meetup - https://www.meetup.com/hawaii.../events/290815799/