Code (not sql) injection by hackers via coldfusion
Does anyone have any information on how hackers might inject code into my coldfusion files. I am having a problem with hackers installing javascript links to their trojans inside the actual pages of my site. I run the server with many different sites on it and the injections are ONLY happening on the coldfusion sites. I tried to search for code injection coldfusion information through the search engines and this forum but didn't find anything. What potential holes in my coldfusion code would allow a hacker to inject code into the actual files on the server? I am mainly seeing the code injected into application.cfm itself so that the links are displayed on every page. Guess these hackers are familiar with coldfusion.
The only way that hackers can modify your ColdFusion Code is to get access to your server so that they can actually modify the CFM and/or CFC files that are stored upon it. Unfortunately, on a shared-hosting setup that's not terribly difficult to do. And, most programmers neglect to consider the file access permissions (other than the "x"ecutable bit in Unix/Linux) that they attach to any particular file when they upload them.
You need to be certain that all of the files in your directories, and the directories themselves, are locked-down so that no one can modify them, and so that no one but "you 'n the web server" can see what they contain. (Remember, shared-hosting companies give away shared-hosting accounts like water, and it's sometimes effortless for "the web-site next door" to see much more than it ought to be able to see... and maybe, to modify something!)
If you're running on a Linux host, see if the server appears to support Access Control Lists (ACLs) and whether you as a secure-shell user can establish them. If so, this will allow you to restrict access more thoroughly than the "owner/group/world" permissions-mask system would allow. The equivalent mantra with regards to Windows hosts is different in details only. One way or the other, implement the "principle of least privilege."
The larger problem, of course, remains with us: the end-user's computer, and the shameless reality that the aforesaid user is probably an all-powerful Administrator of a Windows "Home Edition" something-or-other ... whose entire system, therefore, is a sitting duck with no backups. You can't do anything at all about that.
Similar Messages
-
Protect From SQL Injection in ASP
Hi, can anyone tell me different ways of how to protect from
SQL Injection in ASP via DW or other means? I thought there was
something in DW that would automatically do that.
This would be a simple text form field which will allow
visitors to search for a product from a db.
thanksGoogle "SQL Injection ASP".
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go
- DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs,
Tutorials & Resources
==================
"ed19" <[email protected]> wrote in message
news:g9s98d$6nn$[email protected]..
> Hi, can anyone tell me different ways of how to protect
from SQL Injection
> in
> ASP via DW or other means? I thought there was something
in DW that would
> automatically do that.
>
> This would be a simple text form field which will allow
visitors to search
> for
> a product from a db.
>
> thanks
> -
SQL Injection & CF code Attacks
One thing I've noticed with sites using CF is that many, many
programmers do not take into account SQL Injection and CF Form/URL
variable attacks. I've seen SO many CF pages that blow up when the
input varies in the slightest, displaying CF error messages,
datasources, variable names, etc.
Seems not enough programmers use CFTRY/CFCATCH or even know
about it. I've seen where SQL table names and datasources were
being passed in a URL!! It's frightening
Interested in everyone's BEST PRACTICES to avoid these type
of attacks.
I'll start it off with a few I use:
Use CFTRY / CFCATCH.
ALWAYS set the maxlength value on form input text boxes and
make sure the value matches the corresponding column length in your
DB. If you do not, someone can enter a huge amount of data in the
field, causing your CF routine or DB to choke.
Scope all variables, URL, Form, etc.
Use numbers/integers whenever possible for URL variable
values.
Avoid using varchar as the data type in your stored
procedures for passed URL or Form variables. Use INT instead.
Validate user input using CF before passing to your SQL, etc.
queries. Test for allowed/disallowed characters, blanks, length of
input value, etc.
Use stored procedures whenever possible.
Don't make URL or Form variable names too descriptive. ex.
?m=100 is better than ?memberID=100In addition to the things listed above, you should never
expect the values sent from any form submission to be 100% as they
are coded. There are tons of programs out there that can be used to
intercept and alter the submitted data before it hits your server.
It is a slow process, but we are locking down any and all form
variables not just type="text" and textarea's.
If a user has the ability to alter submitted data, they can
change the values for all types of form fields (hidden, radio,
checkbox, select, button, etc...). A lot of our old code did not
take that into consideration and simply allowed the value entered
from a "predefind" (hard coded value) form type (radio, checkbox,
etc...) directly into the database without a check.
Another step is to turn off "Enable Robust Exception
Information" in the CF Administrator. This step will help in not
giving an attacker the complete SQL statement being used in your
code. Note: This is a recomended practice for all production CF
servers as it is, but it never hurts to say it. CFTRY/CFCATCH
blocks work as well to hid that info, but neither way will
prevent an attack.
You also can not rely on client side JavaScript for
validation.
CR -
Sql injection attack - need help changing ASP code
Our web server was attacked yesterday by SQL injection. So I
quickly learned about the holes in the code that was generated by
Dreamweaver MX 2004.
I found the help article on the Adobe website to fix the ASP
code; however I need more information for my particular case. I
don't know how to get my cursor type and location settings into the
new code.
MY ORIGINAL CODE
<%
Dim Recordset1
Dim Recordset1_numRows
Set Recordset1 = Server.CreateObject("ADODB.Recordset")
Recordset1.ActiveConnection = MM_Oncology_STRING
Recordset1.Source = "SELECT * FROM dbo.Oncology_Dir WHERE
Oncology_ID = " + Replace(Recordset1__MMColParam, "'", "''") + ""
Recordset1.CursorType = 0
Recordset1.CursorLocation = 3
Recordset1.LockType = 1
Recordset1.Open()
Recordset1_numRows = 0
%>
THE NEW CODE, WHICH NEEDS TO BE FIXED TO REFLECT CURSOR TYPE
AND LOCATION ABOVE.
<%
Dim Recordset1
Dim Recordset1_cmd
Dim Recordset1_numRows
Set Recordset1_cmd = Server.CreateObject ("ADODB.Command")
Recordset1_cmd.ActiveConnection = MM_Oncology_STRING
Recordset1_cmd.CommandText = "SELECT * FROM dbo.Oncology_Dir
WHERE Oncology_ID = ?"
Recordset1_cmd.Prepared = true
Recordset1_cmd.Parameters.Append
Recordset1_cmd.CreateParameter("param1", 5, 1, -1,
Recordset1__MMColParam) ' adDouble
Set Recordset1 = Recordset1_cmd.Execute
Recordset1_numRows = 0
%>
What exactly is the 5,1,-1 in the code above?
Any help would be very much appreciated as my ASP page
(although secured from SQL injection) is not working properly.
Thanks,
--Jen
--JenThe new snippet is not vulnerable to SQL injection. It uses a
command
object and actual defined parameters, so you're safe. You
cannot change the
cursor type or location on that object.
"jennday" <[email protected]> wrote in
message
news:f85omh$ngg$[email protected]..
> Our web server was attacked yesterday by SQL injection.
So I quickly
> learned
> about the holes in the code that was generated by
Dreamweaver MX 2004.
> I found the help article on the Adobe website to fix the
ASP code; however
> I
> need more information for my particular case. I don't
know how to get my
> cursor type and location settings into the new code. -
SQL Injection analysis report does not work.
I have tried to run the SQL Injection report (Home|Utilities|Object Reports Security|QL Injection but it comes up with the following message.
"SQL Injection analysis is not supported with your current database version. It is only available for Oracle release 10.2 or higher."
I have tried this as both an ordinary user and as system, on both Windows XP and LinuxThis is a bug in the XE Beta. The SQL Injection Analysis will not be accessible for XE production.
Joel -
Hello all-
I've got a server with a huge number of ColdFusion templates
(over 10,000) which I really need to protect agains SQL Injection.
I know that CFQUERYPARAM is the best way to do this. I'd love
to do it that way, but with so many pages, and so many queries it
would take weeks/months to fix the queries, then test to make sure
I didn't screw something up.
So, I've come up with a plan that I wanted to get some input
on.
Currently, I have a page on my server that is included in
almost every page that runs. It is a simple page that I can modify
to change the status of my systems in the event of a database
changeover, or some other sort of failure. (The pages still run,
but no updating is allowed, only reading)
Okay, so on this page which is always included, I was
thinking about analyzing the variables that come over. I was
thinking about looking for things that looked like a SQL injection
attack and blocking the page from running.
I wanted to know if this would work- anyone have ideas? This
would be great because I could protect the entire server in about
an hour. But, I don't want to give myself a false sense of security
if this won't really do the job.First, here are some simple things you can do to protect all
pages before you follow the other advice and plans in this thread:
In CF administrator, click on your datasources and then the
"Advanced" button.
There you will uncheck all but the read and stored procedure
and (possibly) write permissions. "Drop", "Create", etc., are
definite no-nos here.
If you haven't already, make one data source read-permissions
only and refactor your code to use it everywhere except for
carefully segregated updates, inserts and deletes.
Now, in SQL Server itself, remove all permissions from the
users that CF uses except for data_reader and (selectively) data
writer and exec permissions on any procedures or functions you use.
In SQL server, setup at least two CF users. One, should have
only the data_reader permission (plus any read-only stored
procedures).
Find articles, such as this one:
http://www.sqlservercentral.com/columnists/bknight/10securingyoursqlserver.asp,
and follow their advice, start with locking down xp_cmdshell.
These measures require little or no CF code changes but will
block all but the most determined and skilled hackers. You still
need to follow Adam's advice though.
BTW, Dan is very wrong, ALL DB's are vulnerable to SQL
injection.
SQL server is not even the most vulnerable anymore (Studies
show that Oracle now has that "honor"). -
Can SQL injection output rows to hacker?
Can a hacker retrieve rows through SQL injection or simply
just jumble up the data? I wouldn't see how they could get the rows
without coldfusion code that will actually be instructed to output
the query. If not, are there any hot cf/mssql hacking techniques to
steal database rows?chazman113 wrote:
> Can a hacker retrieve rows through SQL injection
Yes, yes they can.
You are correct that there would need to be code to output
the data.
The hackers just use the code you already have built to
output data.
But then use SQL injection tricks to output more data then
the developer
intended for anybody to see.
Here is a blog that describe a real life example of just
that.
http://thedailywtf.com/Articles/Oklahoma-Leaks-Tens-of-Thousands-of-Social-Security-Number s,-Other-Sensitive-Data.aspx -
What is SQL Injection?
SQL Injection is a way to attack the data in a database through a firewall protecting it. It is a method by which the parameters of a Web-based application are modified in order to change the SQL statements that are passed to a database to return data. For example, by adding a single quote (‘) to the parameters, it is possible to cause a second query to be executed with the first.
An attack against a database using SQL Injection could be motivated by two primary objectives:
1. To steal data from a database from which the data should not normally be available, or to obtain system configuration data that would allow an attack profile to be built. One example of the latter would be obtaining all of the database password hashes so that passwords can be brute-forced.
2. To gain access to an organisation’s host computers via the machine hosting the database. This can be done using package procedures and 3GL language extensions that allow O/S access.
There are many ways to use this technique on an Oracle system. This depends upon the language used or the API. The following are some languages, APIs and tools that can access an Oracle database and be part of a Web-based application.
* JSP
* ASP
* XML, XSL and XSQL
* Javascript
* VB, MFC, and other ODBC-based tools and APIs
* Portal, the older WebDB, and other Oracle Web-based applications and API’s
* Reports, discoverer, Oracle Applications
* 3- and 4GL-based languages such as C, OCI, Pro*C, and COBOL
* Perl and CGI scripts that access Oracle databases
* many more.
Any of the above applications, tools, and products could be used as a base from which to SQL inject an Oracle database. A few simple preconditions need to be in place first though. First and foremost amongst these is that dynamic SQL must be used in the application, tool, or product, otherwise SQL Injection is not possible.
The final important point not usually mentioned in discussions about SQL injection against any database including Oracle is that SQL injection is not just a Web-based problem. As is implied in the preceding paragraph, any application that allows a user to enter data that may eventually end up being executed as a piece of dynamic SQL can potentially be SQL injected. Of course, Web-based applications present the greatest risk, as anyone with a browser and an Internet connection can potentially access data they should not.
While second article of this series will include a much more in-depth discussion of how to protect against SQL injection attacks, there are a couple of brief notes that should be mentioned in this introductory section. Data held in Oracle databases should be protected from employees and others who have network access to applications that maintain that data. Those employees could be malicious or may simply want to read data they are not authorized to read. Readers should keep in mind that most threats to data held within databases come from authorized users.
Protecting against SQL Injection on Oracle-based systems is simple in principle and includes two basic stages. These are:
1. Audit the application code and change or remove the problems that allow injection to take place. (These problems will be discussed at greater length in the second part of this series.)
2. Enforce the principle of least privilege at the database level so that even if someone is able to SQL inject an application to steal data, they cannot see anymore data than the designer intended through any normal application interface.
The “Protection” section, which will be included in the second part of this series, will discuss details of how to apply some of these ideas specifically to Oracle-based applications.
[http://www.securityfocus.com/infocus/1644]
how oracle prevent sql injections?mango_boy wrote:
damorgan wrote:
And they do so using bind variables
http://www.morganslibrary.org/reference/bindvars.html
and DBMS_ASSERT
http://www.morganslibrary.org/reference/dbms_assert.html
do you have any suggestion for mysql users??Yes. Install Oracle. -
SQL Injection - cfqueryparam and other techniques to stop abuse?
We have been having a lot of issues with SQL injection lately and so we are trying various methods to secure the data better.
First off we have been utlizing cfqueryparam on the queries that are being hit. I am also optimizing the data tables so that more maxlengths are in place.
What else can be done to improve security? I have looked up everything and anything on the internet and keep seeing the cfqueryparam.
Does changing the variables or table names make any difference? We are trying that, but I want to make sure it is not a waste of our time.
Thanks for any other suggestions.CFqueryparam is a good fist step, though you should note that it will not protect some queries. For example if you have a sort by or order by that is dynamic, cfqueryparam wont help in that case. You will need to review data and validate for that.
You should also be checking for XSS vulnarabilities.
http://www.12robots.com/index.cfm/2008/8/4/Persistent-XSS-Attacks-and-countermeausures-in- ColdFusion
The blog above has a great number of CF sercurity related posts.
Pete Freitag has a nice security scanner that will look at your CF server and highlight any missing patches and some other issues
http://www.petefreitag.com/item/721.cfm
There are some open source projects that will also filter out common sql injection and xss attacks on a code level.
http://portcullis.riaforge.org/
Finally there are several conferences in the CF world coming up, and all surely have some security sessions. You may want to attend. -
SQL Injection and cfqueryparam
I was told to look into <cfqueryparam> to assist in
fighting sql-injection
and it makes perfect sense, up until I thought of a different
scenario...
This tag seems great when you are dealing with numbers or
text that you can
restrict the number of characters, but what if you have a
textarea that
allows for a large amount of text to be entered? I.E. a
search field for
records that uses keywords.
How you stop someone from entering damaging sql into an area
that accepts
this?
Thanks for any education.
Wally Kolcz
MyNextPet.org
Founder / Developer
586.871.4126WebDev wrote:
It works because <cfqueryparam ....> tells the DBMS
that this data is a
value NOT SQL. The DBMS will then never process it as SQL.
When you
write the SQL and Values straight into the code, then the
DBMS does not
know what is what and assumes it all must be SQL.
An Example...
<cfquery ....>
SELECT aField FROM aTable WHERE aField = '#aValue#'
</cfquery>
With this code, ColdFusion process the entire body of the
<cfquery...>
tag into a string and sends that entire string to the DBMS as
SQL. The
DBMS then processes what it was given. If somebody can modify
the
aValue variable to change the SQL string - that is what is
processed.
<cfquery ...>
SELECT aField FROM aTable WHERE aField = <cfqueryParam
value="#aValue#"...>
</cfquery>
With this code ColdFusion process the SQL and the queryParam
as separate
things. It sends the DBMS the SQL with parameters and a list
of values
to be used in those parameters. The DBMS knows the parameters
are not
SQL and will not process it as SQL and if the parameter
contains SQL it
will just be used as a value and not parsed.
FYI... That is how <cfqueryparam...> can improve
performance. By
knowing what parts of the SQL are variables, it can cache the
SQL and
just use different variables when they are passed to the
DBMS.
HTH
Ian -
SQL injection embeded .js file to execute CF hack
I am a programmer sent to investigate suspicious activity at
a client's web application. I cannot attach a file in case of
infection potential. The Coldfusion code is open to SQL injection
attack which is how we believe the Apache web server became
infected. Upon investigation we found javascript files which had
been written with CFML code programatically scripted to fit within
a .js javascript file and write and read data from the server.
Has ANYONE seen this type of attack before? I cannot disclose
the client or specific data as we are under a NDA (Non-Disclosure
Agreement), however, I need help of other Coldfusion programmers to
fully understand this attack. Has anyone seen CFML code programmed
into a .js javascript file and run by calling the .js javascript
file before?
We have found japanese or chinese language within the code
and within files on the server. The client states they have NOT
installed any language packs or anything referencing other
languages than English. There have been japanese characters found
on the database server. There are hundreds of .js and .xml files on
the server which reference japanese. Furthermore, we have found
many XML files on the server,but the client does not use .xml so
these .xml files would then be foreign and potentially
programatically scripted by the server launching code to write
these files under the un-knowing eyes of the client.
So we need to understand the limits or potential threats:
1. Can CFML scripting be embedded into a .js javascript file
2. If database parameters are not locked, what are the
possible attacks available to SQL injection
Any help would be appreciated.
Thank you in advance.
Alex Dove1. Only if the server is set to parse a .js file as CFML
2. A lot!
http://www.forta.com/blog/index.cfm/2008/7/22/For-Goodness-Sake-Use-CFQUERYPARAM-Already
http://www.forta.com/blog/index.cfm/2008/7/23/Hacker-Webzine-Recommends-Use-Of-CFQUERYPARA M
Ken Ford
Adobe Community Expert - Dreamweaver/ColdFusion
Fordwebs, LLC
http://www.fordwebs.com
"ajdove" <[email protected]> wrote in
message news:[email protected]...
>
> I am a programmer sent to investigate suspicious
activity at a client's web
> application. I cannot attach a file in case of infection
potential. The
> Coldfusion code is open to SQL injection attack which is
how we believe the
> Apache web server became infected. Upon investigation we
found javascript
> files which had been written with CFML code
programatically scripted to fit
> within a .js javascript file and write and read data
from the server.
>
> Has ANYONE seen this type of attack before? I cannot
disclose the client or
> specific data as we are under a NDA (Non-Disclosure
Agreement), however, I need
> help of other Coldfusion programmers to fully understand
this attack. Has
> anyone seen CFML code programmed into a .js javascript
file and run by calling
> the .js javascript file before?
>
> We have found japanese or chinese language within the
code and within files on
> the server. The client states they have NOT installed
any language packs or
> anything referencing other languages than English. There
have been japanese
> characters found on the database server. There are
hundreds of .js and .xml
> files on the server which reference japanese.
Furthermore, we have found many
> XML files on the server,but the client does not use .xml
so these .xml files
> would then be foreign and potentially programatically
scripted by the server
> launching code to write these files under the un-knowing
eyes of the client.
>
> So we need to understand the limits or potential
threats:
> 1. Can CFML scripting be embedded into a .js javascript
file
> 2. If database parameters are not locked, what are the
possible attacks
> available to SQL injection
>
> Any help would be appreciated.
> Thank you in advance.
> Alex Dove
>
> -
SQL injection on login system by Adobe?
Hello everybody!
I recently bought a wonderful book "Adobe Dreamweaver CS5 with PHP - Training from the source" by Daivid Powers.
In the book is described how you can create a login system.
What I would like to ask is: Have the dreamweaver server behaviors any kind of protection against SQL injection?
Unfortunately I do not know PHP in order to recognize the code generated by server behaviors and be able to answer this question by myself..
I just want to know how safe is to publish a website based on the dreamweaver server behaviors..
Thank you in advance!Any form values and inbound URL parameters will be sanitized (via the function GetSQLValueString) based on several criteria:
a) generally applied sanitizing functions: stripslashes, mysql_real_escape_string
b) in case of a numeric value (integer, double) the function GetSQLValueString will additionally apply the PHP function intval respectively doubleval -
Sql injection character fields
Is it true that with MSSQL in the background, character fields can't be used for sql injection?
A) One source says that in MSSQL single quotes are escaped into double quotes.
B) Another source says that " SQL injection (within ColdFusion apps) is really only an issue with non textual fields. If a text value is tampered with you'll end up with tampered text, but that text will all be part of the core string (within quotes) passed as a value, and will therefore not be executed as separate statements. Numbers, on the other hand, are not enclosed within quotes, and so extraneous text can be tampered "
Questions about A): How does escaping 's with "s help, by making string literals in MSSQL not valid?
How could A) above be true when names like O'Mally are being stored with a single quote ?
Questions about B) Does it mean code like DELETE * FROM atable would just be stored as a string and not execute ?
If so, is that accurate ?To actually answer your question's.
A) A single quote in SQL is a comment. To store a single quote as DATA one has to escape it by doubling it. So to store O'Mally it would be passed as o''Mally.
The simple SQL injection attack is to end a number value with a random value, that is followed with a ; to end the SQL statment and then another statement can be run, this is then followed by a single quote to comment out any other SQL in the original statement. ColdFusion automatically escapes single quotes in text fields in most situations, so this is harder to do with text fields, but not impossible. -
After an SQL injection attack I followed the advice to use
cfqueryparam in my cfquery statements. Unfortunatley this does not
seem to have worked as many records in my database have again been
appended with scripts linking to javascript files on another
website.
I haven't coded in Coldfusion in a while and would really
appreciate it if someone could take a look at the code of one of my
pages and let me know if I have missed anything or miss coded the
cfqueryparam tag.
Thanks in advance
NeilYou can add the following code to your application file.
<!--- CREATE SQL REGULAR EXPRESSION--->
<cfset sqlregex = "
(SELECT\s[\w\*\)\(\,\s]+\sFROM\s[\w]+)|
(UPDATE\s[\w]+\sSET\s[\w\,\'\=]+)|
(INSERT\sINTO\s[\d\w]+[\s\w\d\)\(\,]*\sVALUES\s\([\d\w\'\,\)]+)|
(DELETE\sFROM\s[\d\w\'\=]+)|
(DROP\sTABLE\s[\d\w\'\=]+)">
<!--- CHECK FORM VARIABLES --->
<cfloop collection="#form#" item="formelement">
<cfif isSimpleValue(evaluate(formelement)) AND
refindnocase(sqlregex, "#evaluate(formelement)#")>
<cflocation url="messages.cfm?message=Invalid Input.
Possible SQL Injection attack.">
<cfset StructClear(form)>
<cfabort>
</cfif>
</cfloop>
<!--- CHECK URL VARIABLES --->
<cfloop collection="#url#" item="formelement">
<cfif isSimpleValue(evaluate(formelement)) AND
refindnocase(sqlregex, "#evaluate(formelement)#")>
<cflocation url="messages.cfm?message=Invalid Input.
Possible SQL Injection attack.">
<cfset StructClear(url)>
<cfabort>
</cfif>
</cfloop>
Good luck
Mamdoh
P.S: The credit for the script go to sys-con.com -
Lightswitch Security, Protection against SQL Injection attacks etc.
Hi all,
I have been hunting around for some kind of documentation that explains how Lightwitch handles typical web application vunerabilities such as SQL injection attacks.
In the case of injection attacks it is my understanding the generated code will submit data to the database via names parameters to protect against such things but it would be good to have some official account of how Lightswitch handles relevant OWASP
issues to help provide assurance to businesses that by relying on a framework such as Lightswitch does not introduce security risks.
Is anyone aware of such documentation? I found this but it barely scratches the surface:
http://msdn.microsoft.com/en-us/library/gg481776.aspx?cs-save-lang=1&cs-lang=vb#code-snippet-1
There is this which describes best practices but nothing to say that these practices are adopte within Lightswitch
http://msdn.microsoft.com/en-us/library/gg481776.aspx?cs-save-lang=1&cs-lang=vb#code-snippet-1
Thanks for any help, I am amazed that it is so difficult to find?LS is a tool built in top of other technologies including Entity Framework.
Here is a security doc about EF.
http://msdn.microsoft.com/en-us/library/vstudio/cc716760(v=vs.100).aspx
LS uses Linq to Entities and therefore is not susceptible to SQL injection.
HTH,
Josh
PS... the only vulnerability that I'm aware of is when a desktop app is deployed as 2-tier instead of 3-tier. In that case, the web.config which contains connection strings is on the client machine, which is a risk. Here is a discussion related
to db security & 2 vs 3-tier.
https://social.msdn.microsoft.com/Forums/vstudio/en-US/93e035e0-0d2e-4405-a717-5b3207b3ccac/can-sql-server-application-roles-be-used-in-conjunction-with-lightswitch?forum=lightswitch
Maybe you are looking for
-
9 cell battery performanc​e on Thinkpad T410
I have just bought new ThinkPad T410 with 9 Cell Lithium-Ion Power 94 Watts/55++. This battery is advivertised to run for 18 hours, but to my laptop it runs for about 6 hours on a single charge for normal use. what is wrong with my loptop because it
-
Trying to retrieve my password, however i forgot the answers to my security questions or entered them wrong when i entered the answer initially. And the email i was using at the time no longer exists.
-
How do I Get To Movies In I-Tunes store?
Hello, I have been wanting to buy movies to put on my new I-pod video. I have dwnloaded I-tunes 7.0.1 and whenevr I try to access the I-tunes store the available list of things I can buy are Animated shorts, Music, Music Videos, Audio Novells, And Po
-
Terminal monitor issue with 3750
I'm having an issue with term mon not displaying messages. I enable term mon on telnet connection and have checked the log settings and monitor is set as debugging. I am mainly interested in seeing line up/down status so I set a couple of interfaces
-
How do I get the CTI line to stop moving when the movie ends?
When I'm viewing the movie I'm editing, the current time indicator keeps moving past the last frame which is the closing title. Is there a way to stop the CTI line at the last frame? Or do I just have to press the space bar to do this?