Shaun Mccran

My digital playground

14
J
U
N
2011

Using url rewriting ( .htaccess or httpd.ini ) to block hot linking resources

After my recent move to HostMediaUK I've been able to see more in depth statistics about one of my sites, including traffic and data usage. This also includes having visibility of other domains that are linking directly to my content. This is popularly known as hot linking, and if you haven't asked permission is considered very impolite.

This also uses up your servers bandwidth rather than theirs. This article explores how I use a URL access file, either .htaccess of http.ini depending on your platform, to stop other domains from linking directly to your hosted resources.

[ More ]

23
J
A
N
2011

The Coldfusion Hash() function decoded - kind of

I've always believed that using the hash() function in ColdFusion is a one way process. If I wanted to reverse a string I had to use encode() and decode(). The Adobe documentation states that "It is not possible to convert the hash result back to the source string" - Adobe Docs for Hash().

Strictly speaking this is still true, but some bright spark has decided to host an MD5 string database and provide a lookup service.

[ More ]

02
N
O
V
2010

Permission denied for javascript methods, SSL security error between parent and child windows

I recently integrated a postcode lookup service into a checkout process, it constituted a pop up window, with a Webservice http call to return a JSON object of postcode data.

The data itself was returning successfully, and is output into a select field, so that the user can choose one of the address records from the many returned.

The problem I had arose when I ran a script to write the selected address data back from the pop up window to the parent window. Something like this:

view plain print about
1<s/cript type="text/javascript">
2    $(document).ready(function() {
3
4        $('.submitButton').click(function() {
5
6            var selectedPcode = $('.address').val();
7
8            if (selectedPcode == undefined) {
9                alert('Please select an address')
10            }
11
12            else {
13                //split the string
14                var mySplitResult = selectedPcode.split(",");
15
16                var street = mySplitResult[0];
17                var area = mySplitResult[1];
18                var town = mySplitResult[2];
19
20                street = jQuery.trim(street);
21                area = jQuery.trim(area);
22                town = jQuery.trim(town);
23
24// set the parent form field values
25window.opener.document.form.evAddress1.value = street;
26window.opener.document.form.evAddress2.value = area;
27window.opener.document.form.evTown.value = town;
28window.close();
29
30            }
31
32        });
33    });
34</s/cript>

The code above will just split out the address parts and write them out to the corresponding fields in a form in the parent window. At this point I was seeing an error message:

view plain print about
1Permission denied for javascript.... Line xxx

The problem stems from the fact that the parent window is served under SSL and the pop up was not.

So make sure that your parent and child windows are both served under the same protocol, otherwise I guess it is being stopped as an inject hack, as it appears to be on a different domain.

01
N
O
V
2010

Securing server side Coldfusion code with cfcompile

If you ever need to protect your intellectual property, or you have suspicions that your code maybe be accessed on a server to be tampered with, then your best option is to compile your code base.

This article addresses how to use the cfcompile command, and what it actually does to your code base.

[ More ]