Paul Alkema

Discussions on Web Development and Security

Paul Alkema

Reset Coldfusion Administrator Password

April 19, 2010 · 45 Comments

Sorry hackers, this is not a tutorial on how to hack into someone's Coldfusion administrator that isn't yours. In order to do this, you need access to the Coldfusion server files. Now if you have access to those and your a hacker, well I think the servers administrator has more to worry about than you just changing the Coldfusion administrator password.

Warning!! Once the password has been changed, there's not changing it back to what the previous password was, so make sure you have permission to do this before doing it.

Now that I've warned you, Here's how you do it!

  1. Locate neo-security.xml This file should be located in your lib folder.
    IE; C:/coldfusion8/lib/neo-security.xml
  2. Open file and locate
            <var name="admin.security.enabled">
                <boolean value="true" />
            </var>
        
  3. Change from boolean value="true" to boolean value="false".
  4. Save file and exit
  5. Restart Coldfusion services
  6. Go to the Coldfusion administrator. It should be unlocked.
  7. Expand "security", select "CF Admin Password".
  8. Check the check box for the "Use a ColdFusion Administration password". This will enable the password requirement.
  9. Enter new password twice and hit "Submit Changes".

45 CommentsTags: ColdFusion

How to Create a Button That Looks Like an HTML Link

April 15, 2010 · 8 Comments

I’ve on several occasions ran into issues where I need to submit a form with a link. Now one of the most common way of doing this is by using JavaScript to submit the form. This is done pretty straight forward.

EXAMPLE
Submit Form

One issue that I’ve run into however is in some high traffic area, there are times where I want users to still have the ability to submit the form even if JavaScript is disabled. As a personal rule, I always try to make my front end pages usable if the user doesn’t have JavaScript enabled, however the appearance of things just may not look very nice.

A common method of doing this without JavaScript is by styling a submit button like a link.

EXAMPLE

One of the issue with this however, is that in some cases all of the links in your site may have a mouse over hover effect, like an underline ect. My conclusion, has been to do a mixture of both. I would recommend using javascript to output a link that will create an html/JavaScript based submit button that will submit on click. After that add inside of a NoScript tag, the submit button that's styled like a link.

EXAMPLE
document.write("Submit Form");

8 CommentsTags: CSS

Querying Query of Queries

April 09, 2010 · 1 Comment

ColdFusion have a build in function that allowed you to query structures. A query, in case you don't know is a structure. Basically this can be done by creating a query or structure, then by writing a query but instead of defining a datasource, you define a dbtype which should be set to "query". Then instead of using the name of the table you use the name of the structure that you're trying to query. The reason you would want to do this, is because if you pull a lot of data that relates to a loop normally you would do a query inside the loop, but using QoQ you can create one query above the loop, then while looping use QoQ to query the query that is above the loop. This will increase performance greatly.

EXAMPLE
<!--- THE QUERY --->
<cfquery name="Dude" datasource="#request.maindatasource#">
SELECT dude
FROM iod_dudes
WHERE dudeStatus = 'Awesome'
</cfquery>

<!--- THE QUERY OF QUERIES --->
<cfquery name="dudeQoQ" dbtype="query">
SELECT Dude
FROM Dude
WHERE dudeStatus2 = 'Really Awesome'
</cfquery>

<!--- QUERYING THE QUERY OF QUERIES --->
<cfquery name="dudeQtQoQ" dbtype="query">
SELECT Dude
FROM dudeQoQ
WHERE DudesName = 'Paul Alkema'
</cfquery>

1 CommentTags: ColdFusion