Browsed by
Category: CFML

Server-side upload verification with Taffy and Lucee

Server-side upload verification with Taffy and Lucee

I was dismayed to learn recently that every image upload process I had ever developed before now was vulnerable to improper file uploads. Like many developers, I used the HTML <input type=”file”> type form fields to allow users to upload images. I made sure to restrict (I thought) those uploads to just images, but it turns out that a lot of the “security” around image uploads is based on nothing more than the file extension or, even worse, on the…

Read More Read More

Random String Generator for CFML

Random String Generator for CFML

Working on a CFML-based project using components and figured I could document this for my own personal user later. If it helps someone else along the way, even better. Once the method is made, you just invoke the method with the cfinvoke tag. Since I put my component in my /utils/strings.cfc directory, I could use the following: I did not specify the charset, because my default will work for my purposes, but you can customize the characters that the random…

Read More Read More

How to fix Lucee ‘Handler “BonCode-Tomcat-CFM-Handler” has a bad module “ManagedPipelineHandler” in its module list’ Error.

How to fix Lucee ‘Handler “BonCode-Tomcat-CFM-Handler” has a bad module “ManagedPipelineHandler” in its module list’ Error.

For whatever reason IIS likes to set the default version of .NET on some versions of IIS to 2.0. This is generally rediculous since 4.0 has been around for some time and even when 4.0 is installed and working, MS will default to 2.0. If you install Lucee server on to your windows server and get this error, there are several possible causes: 1) You need to use a more recent version of .NET for your application pool. The fix…

Read More Read More

Methods to address a slow Tomcat/Railo/Lucee startup

Methods to address a slow Tomcat/Railo/Lucee startup

Recently my technicians and I encountered an issue with a hosting customer who had an interesting situation between two VPS Accounts that he owns. The first VPS had a relatively quick startup time (under a minute), and the second VPS had an extremely slow startup time (above 5 minutes). Both VM’s were relatively similar, and both served a great number of sites. The following are the two options that corrected the issue: OPTION 1 Set property in TOMCAT_HOME/conf/catalina.properties: org.apache.catalina.startup.ContextConfig.jarsToSkip=*.jar This…

Read More Read More

Railo/Lucee CGI remote_addr/remote_host says 127.0.0.1

Railo/Lucee CGI remote_addr/remote_host says 127.0.0.1

When installed on to a Linux/Apache machine, the Railo installers will install mod_proxy_http as the default connector for Apache to Tomcat/Railo. The result is the same as you’d get with any other proxy, where the remote host is replaced with the address of the proxy (in this case 127.0.0.1) and the original requester’s IP address is placed in the “X-Forward-For” header. If you need to find the original requestors IP address you can accomplish this in one of two easy…

Read More Read More

Making CFIDE Available to all Apache VirtualHosts

Making CFIDE Available to all Apache VirtualHosts

When working with ColdFusion on Linux, you may encounter a situation where you want to make the contents of the CFIDE folder available to all sites that are hosted on that server. The reason you might want to do this is for things like CFFORM to work properly on a host that doesn’t physically have the CFIDE directory located in that site. The solution for this is an Apache Alias. Add an alias to the Apache httpd.conf file similar to…

Read More Read More