Followup on ColdFusion 9/Solr Post

This post is more than 2 years old.

Just a very quick follow up to my post yesterday about ColdFusion and Solr. (And by the way - I'm disappointed no one has discovered the security issue with my searchable code. Tsk tsk! :) I ran into issues running Solr when I was testing. Shannon Hicks has posted a nice blog entry on this with Mac-compatible Solr startup scripts:

ColdFusion 9 Solr Startup Scripts for OSX

Thanks Shannon!

Raymond Camden's Picture

About Raymond Camden

Raymond is a senior developer evangelist for Adobe. He focuses on document services, JavaScript, and enterprise cat demos. If you like this article, please consider visiting my Amazon Wishlist or donating via PayPal to show your support. You can even buy me a coffee!

Lafayette, LA https://www.raymondcamden.com

Archived Comments

Comment 1 by Gary Gilbert posted on 8/22/2009 at 6:45 PM

you mean the cfoutput #form.search# thats open to xss attacks?

It's example code demonstrating slor functionality not on how to protect against xss. Anyone who uses example code in a production environment (e.g. cut and paste coding) deserves what he or she gets.

Perhaps a bit harsh but thats my opinion

Comment 2 by Raymond Camden posted on 8/22/2009 at 6:48 PM

Good one, but not it. The flaw is explicitly related to search. You are the only one who tried, so if you want, I can just spill it. :)

Comment 3 by Gary Gilbert posted on 8/22/2009 at 10:35 PM

Ray, other than you not cleaning your url or form variable in search.cfm I don't see any other security problems. I must be losing my edge.

Comment 4 by Raymond Camden posted on 8/23/2009 at 12:37 AM

You know, I made this too obtuse probably. And overblown. I apologize. Really - the issue was simple. The 'old' app used logic to get PRs with a published date in the past. That logic is not respected in search. It is a classic example really of where a security/business rule in one place gets missed in another.