chipster

Back in 07 a hurricane was bearing down on the islands right around the time students were scheduled to move-in. Thankfully it dissipated and we had a nice weather for move-ins. 

At that time, I had created a twitter account alvinatuhmsh to share news and status of check-ins. I didn’t push it to hard because it was unofficial and I didn’t really want to add it to the list of things I _have_ to do.

But with Twitter hitting mainstream and having someone actually follow the account (albeit a friend who’s closely tied to UH) I guess I’ll give it another go.

I’ll start posting my work related updates there and at this blog. Follow if you like, or just check http://twitter.com/alvinatuhmsh every so often. Just remember this is all unofficial.

There seem to be a bunch of errors that appear to be session expirations. When this happens, the application loses data and throws an error.

I finally got a call from someone who experienced this. Unfortunately I haven’t been able to replicate the problem.  I added some tracking code and it seems that people who are encountering the error are eventually getting a successful submission.

I’ll be keeping an eye on things, but without any solid leads, this may take a while to resolve.

The application is up.

I hope this application is able to meet your expectations and simplifies the overall application process. Your feedback is welcome and improvements will be made as issues arise. You can post comments to this blog, direct message me on twitter (chipster621), AIM (alvinatuhmsh), email (cabating@hawaii.edu) or through the Student Housing Office.

The housing application for 2009-2010 terms will be an on-line application.  I’m finalizing payment processing piece of the application. Once that piece is done, we’ll do some final testing and release the application to students with valid UH numbers.

A link to the application (as well as a PDF copy of the brochure) will appear on http://www.housing.hawaii.edu/apply. A notice and link to this page will also appear on the housing’s site’s home page.

Use a cfif statement and a couple of functions so you can have information appear/disappear based on the date:

Functions used:

• now()
  the date and time right now.
• createdate ( year, month, day )
  The date with the supplied year, month and day.
• createDateTime (year, month, day, hour, minute, second)
  get specific with the date and time.

Example: show information as long as the current date is before June 1^st 2008. (until 11:59pm 5/31/2008).
There’s a deadline for the published information.

<cfif now() LT createdate(2008,6,1)>
Show this information
</cfif>

Example: show information only during the first seven days of June 2008
The information isn’t valid until a future date, and there’s a time limit on the information.

<cfif now() GT createdate(2008,5,31) AND now() LT createdate(2008,6,8)>
Show this information
</cfif>

YueFan Lam provided a nice list of links related to SP1 for Windows Vista via the ResNet listserv. I’m holding my breath, but it sure looks like “fun-filled” future.

Full of I.T. : I can’t do WHAT?! Why can’t I create my own slipstreamed installation of Windows Vista SP1?
http://blogs.technet.com/kevinremde/archive/2008/02/09/i-can-t-do-what-why-can-t-i-create-my-own-slipstreamed-installation-of-windows-vista-sp1.aspx

How to Integrate and Slipstream SP1 Into Windows Vista RTM http://www.mydigitallife.info/2008/02/15/how-to-integrate-and-slipstream-sp1-into-windows-vista-rtm/

Trick to Download and Install Standalone Offline Vista SP1 RTM with WU .CAB Files http://www.mydigitallife.info/2008/02/22/trick-to-download-and-install-standalone-offline-vista-sp1-rtm-with-wu-cab-files/

Microsoft yanks Vista SP1 update causing endless reboots
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9063479

Microsoft: Here’s how to stop Vista update’s endless reboot
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9064158

http://support.microsoft.com/kb/949358

Microsoft lists apps Vista SP1 will break
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9064239

http://support.microsoft.com/kb/935796

http://www.researchchannel.org/securityvideo2007/

Have fun watching these student made videos while improving your computer security awareness.

Ben Forta’s blog has an entry about SQL injection attacks when using ColdFusion. Manuals and tutorials never talk about preventing these types of attacks, so I’m not surprised that there are still vulnerable sites.

In short, the vulnerability occurs when a site uses data in the URL to dynamically alter the SQL statement. Using a semicolon, allows a hacker to append another sql statement. This vulnerability occurs mostly with non-text fields. So anytime you’re referring to a key field which is usaually numeric.

The solution: (1) use cfparam to define the variable’s type, (2) the page should check that the url variable exists and makes sure it’s the expected type and (3) use cfqueryparam to explicitly define the varaiable’s value.

Resources:
Ben’s Post: SQL Injection Attacks, Easy to Prevent, But Apparently Still Ignored.
CF Cookbook post: How can I prevent SQL injection attacks?
Macromedia Security bulletin ASB99-04 Multiple SQL statments in dynamic queries.

MySQL 5 lets you define how the database engine reacts to bad data via the sql_mode variable.

By default, bad data is converted to “good” data (0-filled, or turned into a string) and inserted into the database. Adjusting sql_mode to strict_all_tables, causes the engine to rejected the data and to stop processing.

The recommendation for new installations of MySQL 5 is to make server-enforced data integrity the default (this involves modifying my.cnf file).

Originating Source: MySQL AB :: Guaranteeing Data Integrity with MySQL 5.0
MySQL Reference: http://dev.mysql.com/doc/refman/5.0/en/server-sql-mode.html