The first time I looked at the OWASP Top Ten web vulnerabilities, they all made sense to me, save for one. That one was A4 - Insecure Direct Object Reference. At the time I was still pretty new to object-oriented programming and so the first thing I thought was that it was referring to those kinds of objects.

But that is not what they are talking about. The are talking about any direct reference to an "implementation object". Meaning objects like files, folders, database records, or other types of "keys".

[More]

During Bob Silverberg's awesome ORM presentation today the topic of SQL injection came up. There was a question was about whether or not the Hibernate ORM service built into ColdFusion 9 would prevent SQL injection. On the surface it would seem that it does, but just like everything else, there are exceptions.

[More]

Getting back on track with projects I have already started, I want to finish up this series of posts of using SQLite databases with Adobe AIR. This last section will be on using Encrypted SQLite Databases.

Why use Encrypted Databases?

[More]

I think that I have neglected to cover one of the most important parts of working with SQLite databases in Adobe AIR, and that is how to get the results out of the query. We talked about making queries, parameterizing queries, using transactions with queries. But I don't think we have covered getting the data out of the queries.

So let's do that.

[More]

Transactions is SQL statements are something that I have come to love. I'm sure you have too. But for those that don't know what transactional control in a database management system is, we'll start with a definition.

Usually, when doing multiple SQL statements in a row in an application, each SQL statement is handled as a atomic unit and is committed permanently to the database before the next one is run. This can be very problematic when those queries depend on each other to work properly to maintain data integrity.

[More]

On Wednesday, September 2nd, I will be presenting at the Twin Cities ColdFusion User Group meeting. At this meeting we are going to be trying something new (at least for me since I have been going to the CFUG). We are going to do some hands-on work with the technologies we love instead of just doing a lecture-style presentation.

The work we will be doing is with Adobe AIR, JavaScript, jQuery, and SQLite. Here is the description for the session:

[More]

In a previous post we looked at doing simple CRUD with Adobe AIR and SQLite and doing CREATE TABLE statements. But the examples we've looked at are VERY simple. In fact, we have not looked at any dynamically constructed queries.

Today I want to look at properly building dynamic queries in AIR using bind parameters.

[More]

So in case you you've been living under a rock for the last several years, you know that CRUD stands for Create, Read, Update and Delete. Which is what we are going to look at today, doing simple SQL statements with SQLite databases in Adobe AIR using JavaScript.

We saw in my last couple posts how do do simple CREATE statements using both synchronous and asynchronous connections. I will paste them here again so that we have the reference all on one page.

[More]

So in my last AIR and SQLite post we talked about Synchronous Database Connections in AIR.

In many cases, synchronous connections may be all you need. If your queries are fast and a slight applicaiton pause is not a concern, or if you have a need for rigid program flow control, then synchronous connections are great. But there may come a time when you do not want the program to pause during a query, or series of queries. You may want the user to be able to continue working while the queries take place in the background. This is where asynchronous queries come in.

[More]

So as we discussed last time, there are two ways to connect to a SQLite database with Adobe AIR. Today we are going to look at how to make a synchronous connection.

Just as a reminder, when we use a synchronous connection to connect to the database, the program will not move forward in processing until it is done processing a statement. With these small statements, that really shouldn't be noticeable.

[More]