Ok, so I'm trying to change the password on my ColdFusion install to something that includes tags (< and >). In the admin it say's the password has been updated ok but when I logout an try it it's still set to the old one. If I remove either of the < or > characters it works. Now here is the best part, I've had a password with both those characters before but I set it on install of ColdFusion when it was accepting the password from a shell prompt (command line for you Windows users). I'm thinking that whatever encryption or validation algorithm is being run in the admin is failing but not actually throwing an error. Does anyone know what's going on or have seen this before?

If you've ever tried to access a site using cfhttp and that site is expecting a cookie from the browser such as a user id you might be supprised to see cfhttpparam has a type="cookie" attribute. You'll probably be even more supprised when you realize that doesn't work.

The other day I was trying to write a script to access a site that, once logged in, sipmly checked the value of a userid cookie. So, I logged in with firefox and grabbed the value of that cookie and threw is in as

<cfhttpparam type="cookie" name="userid" value="01234">

Read more...