The Winner of the ColdFusion Builder contest and the charity receiving our donation

Last week I ran a contest for Veterans' Day to try to honor those men and women that defend the U.S. and keep it strong.

[More]

I feel like giving something away for Veterans' Day

It's been a while since I gave something away. I like to give things away, it makes me feel like I am doing something good for our community and, hopefully, for the receiving person. Today, I also want to do something for our veterans.

To start, I would like to give away a copy of ColdFusion Builder 1.0 (Preferably to someone who does not have it already).

I think ColdFusion Builder is a fantastic product. I use it every day and I love it. I use it at work, I use it at home. I recommend it to everyone. For this giveaway, I'd like to know, briefly, what excites you about ColdFusion Builder. Leave me a comment that tells me one or more of the following:

[More]

Recording and slides from MAX 2010 - Securing ColdFusion Applications Presentation

Sorry for the wait. I was delayed getting back from MAX due to weather.

I just got back from Los Angeles and I really had a great time. I was honored to have been asked to speak on Securing ColdFusion Applications, and I think the presentation went very well.

The recordings are up on Adobe TV already (Awesome). You'll find my recording here: http://tv.adobe.com/watch/max-2010-develop/securing-coldfusion-applications/

[More]

Giving more memory to the Tomcat Service in Windows

I've been setting up our super-awesome new server this week and last night I ran into an issue that I thought I should blog about.

This is a Windows Server 2008 R2 64-bit machine with 8GB RAM and I am installing ColdFusion 9 running on Tomcat 6. And, as with everything Tomcat related, it was a pain in the ass and the documentation sucked.

To add Tomcat as a Windows service is pretty easy.

You just run:


<%CATALINA_HOME%>/bin/service.bat install

For those that don't understand the notation above, CATALINA_HOME is the directory where Tomcat is. So in my case, we are going to N:\tomcat\bin and running service.bat.

This sets up Tomcat as a service, but by default it only gives it some tiny bit of memory to work with (256m or something, like it's 2002 again). So, of course, the moment I deployed a second instance of ColdFusion 9 on this container, I started getting "java.lang.OutOfMemoryError: PermGen space" errors.

[More]

What's Possible with XSS? - Security Series #8.1

So now that the hacker has discovered an XSS vulnerability in your site, what can he do with it? A JavaScript alert('XSS') seems pretty harmless, doesn't it?

Once a malicious user has discovered an XSS vulnerability in your web application, the sky is really the limit. The potential damage also goes beyond the scope of just your site and your users.

Here are a few examples of nefariousness that could be perpetrated via XSS in a website. A hacker could:

  • use the credibility of your site to run a phishing scheme
  • steal your users' passwords
  • hijack your users' sessions
  • try to launch an attack against the site administrator (you)
  • redirect your users to another site (gambling, porn, Google, affiliate link, whatever)
  • display inappropriate or mis-informative messages to your users
  • Or anything else that could be done with client-side executable code

How would they do those things? It's actually quite simple.

[More]

Wha sup, yo?

Wow. Things have been busy and I have been neglecting my blog. I feel bad about that. My blog is so important to me, and things have been keeping me away.

I am a teacher at heart. I love to teach. That is why I blog, that is why I present at conferences, and that is why I am going to grad school. So the fact that I have been unable to blog for a while upsets me greatly. But I want to tell you a little bit about why. This is not about making excuses. This is about what is keeping me busy and what I am learning about. It will also motivate me to blog about these things, and that's the important part.

[More]

My Presentation slides from cf.Objective, NCDevCon, and CFUnited

I keep forgetting to do this. Sorry :(

I have given three presentations so far this year, and I will have 2 or three more et before the end of the year. Here are the slides for the first three in both Keynote and PDF formats.

[More]

Adding more resource navigator filters to ColdFusion Builder (Eclipse)

One thing that has always bugged the crap out of me is our inability to add additional resource filters to the navigator view in Eclipse. Specifically, I mean these:

Resource filters are very useful little tools that will hide anything that matches the filter from the navigator view. Which is great for things like .svn folders or any other crap you don't feel like you need distracting you at the moment. Like if you want to hide all the images in a project so that it is not as cluttered. But for some reason, we have never been able to add our own filters. So I can't, for example, hide the stupid Settings.xml file that CFB likes to add to my projects or the .settings folder. Grrrrr!!

[More]

Using Asymmetric Cryptography in your ColdFusion Application - Security Series #16.10

A reader emailed me and asked:

I have a question re asymmetric encryption and the best way to achieve it....

I need to encrypt a CreditCard number on one server and store the encrypted string in a db and then 5 minutes later another server takes the card number off that DB and then needs to decrypt it. Any suggestions gratefully received :)

After an e-mail exchange we determined that we were NOT just talking about using SSL between ColdFusion and the DB and we determined that using a symmetric algorithm would not be acceptable to the credit card service. So it seems that this user really did need asymmetric encryption in his application.

[More]

My 10 ideas to improve security in ColdFusion 10 (Link)

A few weeks ago my buddy Pete Freitag posted his ideas for improving security for CF10 (link) (or whatever they call the next version of ColdFusion). I thought it would be a good idea to post my own ideas.

It's not that I disagree with any of Pete's ideas, I think they are great, I just thought a few more might be good, and I think some of my priorities might be different.

[More]

More Entries

BlogCFC was created by Raymond Camden. This blog is running version 5.9.1. Contact Blog Owner