I apologize, Charlie. I did not mean to come off as, in any way, upset with you. I know you do not work for Adobe, and I know the value you bring to the community.  I appreciate your response.    My frustration is purely with Adobe. The fact that they still have Flex/Flash settings enabled in the web.xml in CF 2023 is ridiculous.  I did manage to get a successful deployment by diddling with the web.xml.  I deployed my .war from the cfadmin, unpacked it, replaced the web.xml with the one that was created by installer, repacked the .war and deployed. That worked. It's is ridiculous that one needs to go through all of those steps to deploy a war. Now I will need to script something to perform all of those steps for me, when it should just deploy a war that will work on any servlet container or at least give options to remove things like the Flash/Flex garbage.  I am already in contact with Adobe support.  So far, they have just given me the run around and have yet to offer any real help.  We'll see if that changes.  So far I have gotten back to reponses.  Their first response was "RTFM". The second response was "Please send the logs", which I sent in the first email.  So far, so good.  😞 ... View more

java.lang.ClassNotFoundException: flex.server.j2ee.cache.CacheFilter   You are correct, I am trying to use the method of creating it from the CF admin, which, I don't know, should work without having to unpack the WAR, diddle with the web.xml and then have to repack the war, don't you think? I did get it to work by using the installer WAR, unpacking it, adding my app, then repacking it, but that is dumb. Is that how people need to go about automating their deployments with ColdFusion? It seems like whatever method you go with you need to unpack the WAR, add your code, and repack it.  What's the point of the CFadmin tool if it doesn't work? THis garbage is frustrating.  ... View more

2025, this problem still exists.  ... View more

Forum admin, You censored the comment "ColdFusion is one word"?  Seriously?  I didn't realize that suggesting that someone spell the name of the product correctly was against the forum guidelines.  I guess I could go look it up, but I will just unsubscribe and help out at Stack Overflow instead. Good luck, Jason ... View more

First, ColdFusion is one word. Second, what is a WIndows 8 server? Third, and most important, you have provided ZERO detail. We can't help you if you don't provide something other than "none of our cfm web pages work".  ColdFusion has logs (<coldfusionDir>/logs) JRun has logs (<coldfusionDir>/runtime/logs). Even if the Windows event viewer shows nothing, there should be info in those log files about what is going on. Good luck, Jason Message was edited by: m.m.murphy ... View more

My understanding is: CF8 and CF9 use Xerces for parsing and Xalan for Transformations CF10 uses Saxon9-HE for Parsing. Not sure what for transformations. Jason ... View more

Actually, SQL Server 2012 is not supported in CF10 yet.  That post was about Windows Server 2012.  But eventually SQL Server 2012 should be supported with CF10, maybe CF9, but unlikely CF8. Jason ... View more

It may work with CF12, as carl said, but if you are looking for "official" support, I think that is HIGHLY unlikely. jason ... View more

What is the source of the data?  Is it a text file with the above data?  Is it an LDAP query?  Spreadsheet? Jason ... View more

Why would you expect an ampersand instead of the HTML encoding?  You are dumping the value of the variable, which contains the encoded version.  Just as if you outputted the variable. If you output that variable to the browser you will also get the encoded version, but *the browser* will properly decode it to the ampersand. That is the result you *should* be desiring. Jason ... View more

That's COMPLETELY different then. On a Mac you are not using a JVM that comes with CF, you are using the one built into the operating system. On the Mac you will find the cacerts file at /Library/Java/Home/lib/security So go to that directory and type in: sudo keytool -importcert -file /path/to/cert/file -alias anyName -keystore cacerts -storepass changeit Then restart CF and try it again. jason ... View more

The instructions should be the same. It is happening at the JVM level, which is below Tomcat or JRun. The only difference, possibly, would be where the cacerts file is located. I do not have a CF10 install to check against. This forum post seems to have CF10 specific instructions: http://forums.adobe.com/message/4246821 Jason ... View more

If the certificates from the certificate chain are not listed as trusted in the Java key store, then the request will fail. This is the way the JVM works (which is where CF is running).  If you are using a self-signed certificate or a certificate from a certificate authority that is not trusted by the JVM, then it will fail, every time. There was also a bug in CF9 Enterprise which would sometimes result in a certificate not being accepted, but I believe that has been fixed in CF10. It was acutally a problem with a 3rd party crypto library that was included in CF enterprise. So, chances are that you are goign to need to imort one or more certificates into the JVM keystore. You said you've already found sintructions on how to do that, so I won't rehash.  If it is a self-signed cert, you will need to import that.  If it is a cert with a CA parent, then you should just be able to install the CA root cert. Hope this helps. Jason ... View more

CLFraser wrote: Some developer coded everything he did using jQuery Ajax instead of using the simple to use <cfajaxproxy> or even the cryptic ColdFusion.AjaxProxy.invoke method. Some very wise developer. CF's Ajax tools suck. jQuery doesn't. You don't need to "rework" anything, you just need to add your own client verification to prevent XSRF attack. Note that verifyClient does NOT replace havign proprer authenticated access via proper session management, it only ensures that the request is being made from the place you expect it to be made from. jason ... View more

Actually, thinking about this, since CFID and CFToken are NOT being used for session management when JEE Tokens are enabled, I would think that they could safely be ignored in the PCI scan for session vulnerabilties. They are really just two cookies that happen to have the same name as CF Session Tokens (when JEE Tokens are not enabled) but they have nothing to do with session management.  That said, is the CLIENT scope a secondary form of session management?  If those cookies need to be protected in the same way as session tokens, then you are back to having issues with PCI. I have submitted a request to Adobe to clarifiy if the CFID + CFToken combination are suffiecient for PCI compliance and to find out if CFID can be made into a random LongInt instead of the not-random tiny number that it is. That of course, would not help you know, but perhaps the first part would. jason ... View more

Personally, I think that this warning is a false positive. CF gets flagged because CFID is not randomly generated, however CFToken (in CF9 and higher) is random (at least partly).  I cannot say for certain if the combined to values are random enough for PCI compliance, that is something you would have to ask a PCI expert. But if it is required that there are NO warnings in the automated test, including false positives, then no, you cannot use the client scope and be PCI complaint. Remember that automated tools are stupid. It is only recognizing that the CFID value is not random, even if the CFToekn value is. It does not understand that the two are related and that both pieces are rquired as part of the session token, so even if the two combined are sufficiently random, the test will always fail due to the lack of randomness in the one part of the token. Jason P.S.  You should also keep in mind that the client scope sucks. It may seem convenient, but it has enough drawbacks that it is probably not worth using. http://www.dopefly.com/pages/ColdFusionClientVariablesFinalNail.cfm ... View more

Yes jason ... View more

It doesn't say to "Enable RDS", it says "Enable password protection for RDS" You can disable the RDS by commenting out the servlet mapping in web.xml, but you should still set passwords for RDS on the chance that it ever gets enabled on the server (someone restores the wrong XMl files or something). It is best to enable separate RDS usernames and passwords for this. You should still keep RDS disabled in production, but this is an example of defense-in-depth. Even if RDS were to become enabled, it would alteast be password protected. These documents do not contradict each other. Disabling RDS: http://helpx.adobe.com/coldfusion/kb/disabling-enabling-coldfusion-rds-production.html Jason ... View more

what? ... View more

If I recall correctly, it will be automatically decoded when placed in the URL scope. Try it and find out. jason ... View more

Saying that Chrome is as bloated as IE is a gross overstatement. And saying that Chrome has JS issues while you are using IE is...  I just don't know what that is. Regardless, you're right. getting Chrome will probably not solve the issue. The issue is either withy oru machine or with your network.  Are you sure you can't try it from any other machine?  Preferably two machines, one that is on the same network and one that is not. That may help you narrow down the issue. Also, try disabling anti-virus and firewalls and see if that changes anything. You appear to be the only one having these issues, so clearly something is wrong on yoru end and you need to trouble-shoot.  Despite your Chrome bashing, I wish you luck in fixing this. Bloated... pfft. Jason ... View more

I just tried both examples and they worked fine. This is on an unpatched install of CF10 Developer (10,0,0,282462). What version are you running?  Perhaps a bug was introduced in a patch. jason ... View more

What's your budget? It looks like the next plan up is $13/month and offers unlimited storage. Is that really out of your budget? Is shared hosting really the best option for your site?  Do you care about the success of your site or is it just a simple site on which you expect no more than 2-4 concurrent users? jason ... View more

In this case, I think Adam is right that compare() is the right way to go. As an aside precisionEvaluate() is a way of gettling Long numbers to be treated as accurate decimals instead of frustrating floating-point Doubles. But I believe precisionEvaluate() needs to occur at the time of comparison. This code works for me in this situation. Though when testing with numbers that are closer in value I was getting inconsistent results, so it seems that some rounding is still occuring. <cfset t1 = ToString("00237000000075384848")> <cfset t2 = ToString("00237000000075384887")> <cfif precisionEvaluate(t1) EQ precisionEvaluate(t2)><cfoutput>#t1# equal to #t2#</cfoutput><cfelse><cfoutput>#t1# different to #t2#</cfoutput></cfif> Bottom line, if you want to compare them as strings, use compare(). If you want to be able to use EQ, mix some alpha characters in there jason ... View more

You can use PrecisionEvaluate() to have CF store those numbers as BigDecimal instead of Double. You'll likely then see the behavior you expect. Jason ... View more