Display information for a specified date range

•May 12, 2008 • 1 Comment

Use a cfif statement and a couple of functions so you can have information appear/disappear based on the date:

Functions used:

  • now()
    the date and time right now.
  • createdate ( year, month, day )
    The date with the supplied year, month and day.
  • createDateTime (year, month, day, hour, minute, second)
    get specific with the date and time.

Example: show information as long as the current date is before June 1st 2008. (until 11:59pm 5/31/2008).
There’s a deadline for the published information.

<cfif now() LT createdate(2008,6,1)>
Show this information
</cfif>

Example: show information only during the first seven days of June 2008
The information isn’t valid until a future date, and there’s a time limit on the information.

<cfif now() GT createdate(2008,5,31) AND now() LT createdate(2008,6,8)>
Show this information
</cfif>

Posted in ColdFusion

Vista SP1

•February 25, 2008 • No Comments

YueFan Lam provided a nice list of links related to SP1 for Windows Vista via the ResNet listserv. I’m holding my breath, but it sure looks like “fun-filled” future.

Full of I.T. : I can’t do WHAT?! Why can’t I create my own slipstreamed installation of Windows Vista SP1?
http://blogs.technet.com/kevinremde/archive/2008/02/09/i-can-t-do-what-why-can-t-i-create-my-own-slipstreamed-installation-of-windows-vista-sp1.aspx

How to Integrate and Slipstream SP1 Into Windows Vista RTM http://www.mydigitallife.info/2008/02/15/how-to-integrate-and-slipstream-sp1-into-windows-vista-rtm/

Trick to Download and Install Standalone Offline Vista SP1 RTM with WU .CAB Files http://www.mydigitallife.info/2008/02/22/trick-to-download-and-install-standalone-offline-vista-sp1-rtm-with-wu-cab-files/

Microsoft yanks Vista SP1 update causing endless reboots
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9063479

Microsoft: Here’s how to stop Vista update’s endless reboot
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9064158

http://support.microsoft.com/kb/949358

Microsoft lists apps Vista SP1 will break
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9064239

http://support.microsoft.com/kb/935796

Posted in Uncategorized
Tags:

2007 Computer Security Awareness Video Contest Winners

•August 3, 2007 • No Comments

http://www.researchchannel.org/securityvideo2007/

Have fun watching these student made videos while improving your computer security awareness.

Posted in security

Preventing an SQL Injection Attack

•February 13, 2006 • No Comments

Ben Forta’s blog has an entry about SQL injection attacks when using ColdFusion. Manuals and tutorials never talk about preventing these types of attacks, so I’m not surprised that there are still vulnerable sites.

In short, the vulnerability occurs when a site uses data in the URL to dynamically alter the SQL statement. Using a semicolon, allows a hacker to append another sql statement. This vulnerability occurs mostly with non-text fields. So anytime you’re referring to a key field which is usaually numeric.

The solution: (1) use cfparam to define the variable’s type, (2) the page should check that the url variable exists and makes sure it’s the expected type and (3) use cfqueryparam to explicitly define the varaiable’s value.

Resources:
Ben’s Post: SQL Injection Attacks, Easy to Prevent, But Apparently Still Ignored.
CF Cookbook post: How can I prevent SQL injection attacks?
Macromedia Security bulletin ASB99-04 Multiple SQL statments in dynamic queries.

Posted in ColdFusion, WebDevelopment

Data Integrity with MySQL 5.0

•December 27, 2005 • No Comments

MySQL 5 lets you define how the database engine reacts to bad data via the sql_mode variable.

By default, bad data is converted to “good” data (0-filled, or turned into a string) and inserted into the database. Adjusting sql_mode to strict_all_tables, causes the engine to rejected the data and to stop processing.

The recommendation for new installations of MySQL 5 is to make server-enforced data integrity the default (this involves modifying my.cnf file).

Originating Source: MySQL AB :: Guaranteeing Data Integrity with MySQL 5.0
MySQL Reference: http://dev.mysql.com/doc/refman/5.0/en/server-sql-mode.html

Posted in mySQL