Monday, November 30, 2009

GoDaddy's ColdFusion hosting doesn't allow CFDUMP any more?

I use GoDaddy for hosting of one of my websites. Windows, Shared Hosting, with ColdFusion.

I "upgraded" from IIS 6 to IIS 7, which apparently meant my site had to move servers. Fine, all the documentation says it should be a seamless transition. Apparently, despite all the listed "settings" information shown for my account, I was ALSO switched from a ColdFusion 7 box to a ColdFusion 8 box as well without my consent.

Then I discovered that the CFDUMP tag in my code no longer worked. I use this in several administrative emails and debugging reports. It told me "Security: The requested template has been denied access to createobject. coldfusion.runtime.FunctionPermission createobject".

I sent a support ticket to GoDaddy, which should be a joy to receive a response from, so we shall see. Obviously permissions need to be adjusted somewhere, but I dont have a good feeling about a positive outcome for me. May have to do some quick recoding...

Update 12/1/09: The response from GoDaddy was a typical canned response. Brendan H wrote: "We disable the CFObject tag according to Macromedia's guidance on how to securely configure a ColdFusion shared hosting environment. Please see Macromedia's Security Bulletin for more information. If your code is currently using CFObject or the CreateObject function, you might consider changing your code to use the CFInvoke tag instead."

So the core issue, kiddos, is that apparently ColdFusion 8 rewrote how the CFDUMP tag works, and it now requires createObject permissions, which GoDaddy won't turn on. So I wrote an alternate version of the tag and use that in my applications instead.
Posted by The Luxes at 11:04 PM 0 comments
Labels: , ,

Sunday, November 22, 2009

Fraud using deaf relay system strikes again

You may be suprised how often, as owners of a small business, we run into people who want to steal our money or products. Nigerian e-mail scams come and go and seem to target Joe Public. But we have had two recent scam attempts target our business, this time using Deaf Relay systems.

For those that don't know, this is a mainly anonymous, free service that allows hearing impared to communicate with any US phone number using a relay client. Well, scammers also use this service, hiding them from having to speak a word to the targeted business.

Today (November 22 2009), we get a call to our business using this relay service from someone who wanted to order 32 8 inch cakes "for a wedding". He wanted us to take some money as a tip and charge everything to a card. He gave his email address as "peterlawal@yahoo.com" (Google it and you should find this informative post. Ann, already aware of the previous time this happened, challenged him to e-mail us a copy of the front and back of the card as well as ID (to which we never heard from him again).

The link above explains how the scam works. They make a good point -- we are reluctant to accept any calls that use this service. This is not discrimination -- this is business. So if you are one of our deaf customers, please come in to place your order.

Incidentally, the previous time this happened (July 15 2009), it was from Jessica at jessica2710@yahoo.com who wanted us to send 100 chicken gyros and 100 diet cokes via carrier to New York (and "keep $500 for ourselves"). Um.... sure.

More proof that the world is going crazy.
Posted by The Luxes at 4:32 PM 0 comments
Labels: , ,

Tuesday, November 10, 2009

Watch your ATT bills - found fraud charge by BIZZLINKS.COM

So tonight I looked at my latest AT&T bill. It was higher than normal. I found this nice little doozy:


Billed on Behalf of BIZZLINKS.COM, LLC 
 
   Questions?    Call: 1 800 433-4518 
   Itemized Charges and Credits 
   Item 
   No.  Date  Description 
   Charges for xxx xxx xxxx
   3-01 10-06 BIZZLINKS.COM,LLC-WEBHOSTING MTH FEE                          39.95 
                  Provider not affiliated with AT&T 
                  For questions call 1-800-433-4518 
                   or visit www.ildteleservices.com


So I call, and their offices are closed. ATT Billing? Closed. Tomorrow I will try both again.

I never signed up for this service, never heard of them, and don't want them. A quick search on Google shows this company isn't new to the fraud game. This is not right.

Update 11/11/09: I called "ILD Teleservices" (who also use 1-800-637-4009) and was told it will take up to 2 billing cycles for the refund. I received a "confirmation number" for the refund. I then called ATT, who told me they (unlike all other carriers) don't have the option to block 3rd party billing on my phone because "they are a utility company regulated by the FCC". So google these guys and see all the other complaints about them. Watch out.
Posted by The Luxes at 10:26 PM 0 comments
Labels: , ,

Monday, September 14, 2009

Coldfusion 7 CFHTMLHEAD Bug

The following code renders differently in CF 7 vs CF 8. I know everyone is talking about ColdFusion 9 now, but we just ran into this issue on a CF 7.0.2 instance.

It appears that adding the "profile" attribute to the HEAD tag is causing anything added by the CFHTMLHEAD tag to be placed at the very top of the page output, not in the HEAD section of the page.

The code:

<html>
<head profile="http://gmpg.org/xfn/11">
<title>Testing CFHTMLHEAD</title>
</head>
<body></body>
</html>
<cfhtmlhead text="<script>runme() { }</script>">


The result in CF 7:

<script>runme() { }</script><html>
<head profile="http://gmpg.org/xfn/11">
<title>Testing CFHTMLHEAD</title>
</head>
<body>
</body>
</html>


The result in CF 8:

<html>
<head profile="http://gmpg.org/xfn/11">
<title>Testing CFHTMLHEAD</title>
<script>runme() { }</script></head>
<body>
</body>
</html>
Posted by The Luxes at 1:41 PM 0 comments
Labels: , ,

Thursday, June 25, 2009

Using XML to parse strings in SQL

I like finding clever ways to solve problems -- like in a previous post talking about how to parse filenames with T-SQL.

I read an article today by Divya Agrawal that used XML to parse strings in SQL and wanted to try it out in some code we use quite frequently: given a string (a list of values) and a delimiter, return the values in a table.

We have used custom functions like this for some time. Because there is no concept of a "list" in TSQL, we took a string and essentially parsed it to split the values into something we could work with. So the query:

select * from dbo.fn_varCharListToTable('my,name,is,bill',',')

would return 

autoid listitem
1 my
2 name
3 is
4 bill


and you could then join that function's result however you needed.

The custom function you need to do this is very small when you use XML to parse the string:

ALTER Function [dbo].[fn_varCharListToTable] (@varcharlist varchar(max), @delimiter varchar(1)) 
returns @myTable table (autoid int IDENTITY (1,1), listitem varchar(max))
AS
begin

 declare @strAsXML as xml
 set @strAsXML = cast(('<x>'+replace(@varcharlist,@delimiter,'</x><x>')+'</x>') as xml)
 
 insert into @myTable(listitem)
 select N.value('.','varchar(max)') as value
 from @strAsXML.nodes('x') as T(N)

 return
end
Posted by The Luxes at 11:32 AM 0 comments
Labels: ,
Subscribe to: Posts (Atom)