Basic Steps: June 2013

Wednesday, June 26, 2013

Serious security threat for #ColdFusion servers [now covered by a hotfix]

copied from: http://www.carehart.org/blog/client/index.cfm/2013/1/2/serious_security_threat

A Quick Overview

There's quite a bit that you should (and will want to) understand about the hack, which you can learn more in a thread on the Adobe CF Admin forum, where a poster first pointed it out on Friday, and I found that I too had been hit.

See the specific thread for more details, including a fairly substantial reply I offered (which he's marked as "the answer"), where I explain more I'd found about it, including how how it got there, how to confirm how it got there for you, how to rectify things, how one might already be protected against it, etc.

The upshot is that a file is put on your server which gives a hacker pretty much unfettered access to a lot of things including reading/downloading/uploading/renaming and creating files, accessing datasource information, and more. The file to look for is called h.cfm and is placed in the CFIDE directory (at least in the current rendition of the hack, which may very likely change when the hacker learns that it's being publicized.) See the forum thread for more on what specifically to look for.

Fortunately for some, the degree to which the hacker would have access to things may be limited by how careful you've been in other protections, such as explained in the various lockdown guides for CF (here for CF10, CF9, and CF8).

I also explain how, despite my own efforts to protect the AdminAPI folder through which the exploit happened, I still fell victim. Perhaps it could happen to others. And it will certainly likely happen to those who have not implemented any protection against that folder (whether blocking access to it by IP address, requiring additional authentication, or otherwise). More in the forum thread.

Monday, June 24, 2013

Add Apache Derby Embedded Database To ColdFusion 10 Server

This tutorial guides the reader how to add an Apache Derby Embedded Database to ColdFusion 10 server.

1) The database used for this exercise is based on http://www.forta.com/books/032166034X/owsdata.zip. Download the zip file, extract it to C:\ColdFusion10\cfusion\db as follows:

2) Browse Admin page at http://127.0.0.1:8500/CFIDE/administrator/
Enter your admin password.

3) In the left Panel, click Data & Services/Data Sources.

4) Type the Data Source Name=ows, select Driver=Apache Derby Embedded, click Add.

5) Browse for the location.
Click Submit.

6) You should get success message.

Saturday, June 22, 2013

Create CFML Project Folder on cfmldeveloper.com

1) Log into your account at http://store.cfmldeveloper.com/LoginUser.aspx (To create an account, click here, http://setup-steps.blogspot.com/2013/06/free-cfml-hosting-at-cfmldevelopercom.html)

2) In the Account Top Menu, Click My Subscriptions

3) In the My Subscriptions Page, click CF FREE

4) In the CF CREE Page, Click File Manager.

5) A new window pops up.
5.1)Click the website name.

5.2) Click on wwwroot folder

6) Create New Folder.
6.1) Click Create Folder.
6.2) Type a name, e.g. cfproject101

6.3) A new folder cfproject101 has been created. Click the folder's name.

7) Create 101-helloworld.cfm
7.1) Click Create File
7.2) Type:

<cfoutput>
Hello World!
</cfoutput>

7.3) Browse.

To turn off debugging mode...
Use the following in your Application.cfm/Application.cfc to effectively turn off the debug output:

<cfsetting showDebugOutput="No">

(from: https://groups.google.com/forum/#!topic/cfmldeveloper/gpuvzQ40oaA )

Tuesday, June 18, 2013

Prezi: How To Collaborate On Presentation

1) Browse URL http://prezi.com/your/

2) Click New Prezi.

3) Choose a Template.
e.g., click "Explain A Topic" and then click "Use Template".

4) Edit the presentation.
e.g. Type a question "Favourite Food?"

5) Invite collaborators.

5.1) Click Share/Invite to edit...

5.2) A Dialog pops up.

5.3) Send your link to your friend, e.g. post the link in FB.

5.4) Wait for collaborators to edit the document.

Prezi: How To Create Remote Presentation

1) Browse URL http://prezi.com/your/

2) Click New Prezi.

3) Choose a Template.
e.g., click "Journey" and then click "Use Template".

4) Edit the presentation.
e.g., tell the viewer about your journey from home to college or workplace.

5) Once you are done, Click Share/Online presentation.

6) Remote Presentation.

6.1) Following the Step 5, a dialog will pop up.

6.2) Copy the link and give it to your remote audience.
e.g.http://prezi.com/g_nrvlqafuro/present/?auth_key=z4bhqkl&follow=7gtmumnmb71j

6.3) Your audience will paste the link to their Web Browser.
e.g.

6.4) Back in your computer, get ready to present.
Notice that the notification message tells you that 1 person is waiting.
Click Start Online Presentation.

6.5) The moment you click the button, your audience will notice it.

6.6) As you navigate the frames, your audience will automatically see the effect.
Notice that there could be a slight lagging between your browser and your audience's browser.

6.7) You can click your avatar and stop the presentation.

6.8) You can also click your guest's avatar to handover the presentation.

If you choose to handover...

6.8.1) Prezi transfer the control to the guest.

6.8.2) The guest then leads the presentation.

7) Once presentation is over, guest will see the ending image.

Prezi: Creating Prezi Sample Presentation

Prezi.com provide an official video at YouTube, https://youtube.googleapis.com/v/ScjACjRUd2A. The screenshot of the video is available athttp://basic-steps.blogspot.com/2013/06/prezi-getting-started.html. This tutorial is an approach to guide the reader to re-create the sample presentation featured in the video. It is applicable to both Desktop and Online version of Prezi application.

1) Create New Prezi.

1a) Go to your Prezi.com account, http://prezi.com/your/
The Online version is as shown below.

Click "New Prezi".

Choose "Challenges, Success". Click "Use Template".

1b) Run your Prezi Desktop software.
The Desktop version is as shown below. Choose "Challenges, Success". Click "Choose".

2) The main application window appears.

3) Save your presentation.

3a) The Online version will save without prompting a file name.

3b) The Desktop version will prompt for a file name, which you may save as "prezi-challenge-success".

4) Prezi Presentation Canvas will fill up the screen.
4.1) Click Allow to allow full screen mode.
4.2) The navigation bar is at the bottom of the Presentation Screen.
4.3) Click the Right Arrow or Left Arrow to move between frames. (Left Arrow is dimmed at the start of the presentation.)
4.4) If you pause for a long time time, the navigation bar will disappear.

5) Navigate the frames.
5.1) Press Right Arrow to go forward to the last frame.

5.2) Press Left Arrow to go backward to the first frame.

5.3) Hover your mouse over the navigation bar, and the slider knob will appear.

5.4) Use the slider to move between the slides.

5.5) Use the Toggle Full Screen button to switch presentation container between computer screen and web browser window.

5.6) Use Autorun button to run the frames automatically.

Select appropriate time interval period.

A setting message information appears for few seconds.

6) View Control Bar.
Hover your mouse towards the right border of the presentation window. A View Control Bar appears.

6.1) Click Zoom-In and Zoom-Out to see the Zoom Effect.

6.2) Click Home to see the Home Effect.

6.3) Click the Close Button to close presentation.

The Presentation Screen is closed and replaced by the Main Application Window.

7) Next Step: Edit your presentation to resemble the sample file as shown at http://basic-steps.blogspot.com/2013/06/prezi-getting-started.html.

7.1) Insert Arrow
7.1.1) Click "Frames & Arrows"/Draw arrow.

7.1.2) Click two points to connect the two cartoon objects
Change the color to match the example at http://imageshack.us/a/img833/4191/p976.jpg
Select the other arrows and delete them.