Skip to main content

Posts

Showing posts from 2006

Authenticating web applications against vpopmail + qmail

We run qmail + vpopmail + spamassassin for email.  it is relatively nice, however the spamassassin config uses qmail-scanner and has a global configuration for multiple domains.  sooo... I wanted to build a web based app where users could manage a whitelist of email addresses to go into the global config.

The first challenge: I dont want to have to add new accounts for everybody that wants access to the whitelist, so I better re-use what security info is available.

Turns out that you can get lots of useful information about a domain in vpopmail by running this command:

/home/vpopmail/bin/vuserinfo -a postmaster@yourdomain.com

This will pull out the postmaster password and a bunch of other useful things.  For now at least, the password is all we need.

Now, choose your technology to write your web app, but use something that can execute local commands.  In this case, we have ColdFusion running on Redhat Enterprise Linux, so we can use the <cfexecute> tag to run the above command, c…

FusionDox coming to .Net

I have been working on a port of our FusionDox development platform to run on BlueDragon.Net.  It seems as though it is a smart next step to move there before making a full blown re-write in ASP.Net.I will be posting some info on this as the process goes.  I have been impressed with what I have seen of BlueDragon.Net in terms of scalability and such.  Lets see how it handles a very large application like FusionDox.

Using NULL characters in a ColdFusion string

The issue:ColdFusion language (CFML) seems to interpret the NULL character (which is 0x00000000, or chr(0)) as an empty string instead of a valid character.  It would be easy to see why most programmers don't care, however this is a significant issue.Take for example, if you are encrypting strings.  Lets say you have a 10-character long string, and you are encrypting it character-by-character.  So loop through all 10 chars, encrypt each one and append it to a new string, right?  Ok, what if one of the encrypted values is null, or chr(0)?  This actually happened to me, so don't think it never happens.So what happened to me?  I looped through 10 times, encrypted each character, built the new string, and then for some unknown reason, my new string was only 9 characters long instead of 10.  Why?Well, one of the characters encrypted to be chr(0), and I appended it to my new string, however it since ColdFusion treats chr(0) as "" (empty string), appending it to my string r…