Paul Alkema

Discussions on Web Development and Security

Paul Alkema

Entries Tagged as ColdFusion

Pull a List of All Coldfusion Datasources, Along With Username and Passwords

April 20, 2010 · 64 Comments

There are special times when you may need to get a list of your datasources or retrieve the passwords for your datasources. If this is your case, no problem.

The script below will pull all datasources, along with the username and a decrypted password.


    // Create Data Source Object
    dataSourceObb=createobject("java","coldfusion.server.ServiceFactory").
	getDatasourceService().getDatasources();
    
    // Loop Through DataSources
    for(i in dataSourceObb) {
     if(len(dataSourceObb[i]["password"])){
	 
     // Get username
     username=(dataSourceObb[i]["username"]);
	 
     // Get and decrypt password
     decryptPassword=Decrypt(dataSourceObb[i]["password"],
     generate3DesKey("0yJ!@1$r8p0L@r1$6yJ!@1rj"), "DESede",
     "Base64");
	 
     // Output all datasources along with username and passwords
     writeoutput("" & "DataSource: "  & i & "
" & "Username: " & username & "
Password: " & decryptPassword &"

"); } }

Enjoy!

UPDATE: When this post was originally posted, this worked on 9, however since then 9.0.1 has been released. This version has fixed this issue.

Tags: Coldfusion, Datasource Passwords, ColdFusion Passwords, ColdFusion ServiceFactory, Paul Alkema

64 CommentsTags: ColdFusion

Reset Coldfusion Administrator Password

April 19, 2010 · 45 Comments

Sorry hackers, this is not a tutorial on how to hack into someone's Coldfusion administrator that isn't yours. In order to do this, you need access to the Coldfusion server files. Now if you have access to those and your a hacker, well I think the servers administrator has more to worry about than you just changing the Coldfusion administrator password.

Warning!! Once the password has been changed, there's not changing it back to what the previous password was, so make sure you have permission to do this before doing it.

Now that I've warned you, Here's how you do it!

  1. Locate neo-security.xml This file should be located in your lib folder.
    IE; C:/coldfusion8/lib/neo-security.xml
  2. Open file and locate
            <var name="admin.security.enabled">
                <boolean value="true" />
            </var>
        
  3. Change from boolean value="true" to boolean value="false".
  4. Save file and exit
  5. Restart Coldfusion services
  6. Go to the Coldfusion administrator. It should be unlocked.
  7. Expand "security", select "CF Admin Password".
  8. Check the check box for the "Use a ColdFusion Administration password". This will enable the password requirement.
  9. Enter new password twice and hit "Submit Changes".

45 CommentsTags: ColdFusion

Querying Query of Queries

April 09, 2010 · 1 Comment

ColdFusion have a build in function that allowed you to query structures. A query, in case you don't know is a structure. Basically this can be done by creating a query or structure, then by writing a query but instead of defining a datasource, you define a dbtype which should be set to "query". Then instead of using the name of the table you use the name of the structure that you're trying to query. The reason you would want to do this, is because if you pull a lot of data that relates to a loop normally you would do a query inside the loop, but using QoQ you can create one query above the loop, then while looping use QoQ to query the query that is above the loop. This will increase performance greatly.

EXAMPLE
<!--- THE QUERY --->
<cfquery name="Dude" datasource="#request.maindatasource#">
SELECT dude
FROM iod_dudes
WHERE dudeStatus = 'Awesome'
</cfquery>

<!--- THE QUERY OF QUERIES --->
<cfquery name="dudeQoQ" dbtype="query">
SELECT Dude
FROM Dude
WHERE dudeStatus2 = 'Really Awesome'
</cfquery>

<!--- QUERYING THE QUERY OF QUERIES --->
<cfquery name="dudeQtQoQ" dbtype="query">
SELECT Dude
FROM dudeQoQ
WHERE DudesName = 'Paul Alkema'
</cfquery>

1 CommentTags: ColdFusion