Security Tips - Now in tasty, bite-sized pieces

In the past I have tried to make my blog posts very detailed. As a result, they tend to be long and take a very long time to write, which results in fewer entries. While this is not necessarily a bad thing, I would like to try to post more often. As a result, I have decided to start doing shorter posts that are general "tips" in secure web application development.


A Security Project for CFML

So I thought I would take a few minutes and blog about what I am working on. I don't expect anyone to care. Feel free to stop reading. I just wanted to write about something that does not require hours of research. I also wanted to just write SOMETHING, to get me back into it so that I do not become to lax in my blogging.


This is something that I had not really planned on talking about until it was closer to usable. But it is also something that I was hoping would be closer to usable by now.


Trying Out Balsamiq Mockups

I have been evaluating Balsamiq Mockups this week to see what it is all about and to determine if I want to try to get it at work.

Balsamiq Mockups is a tool (built with Flex and Adobe® AIR) used to mock-up site designs and layouts. It has a really easy-to-use, drag-and-drop interface with a LOT of customization options. It has a huge variety of web site elements for you to drop into your mock-ups. In about 15 minutes I was able to put together this:


I'm using CFFormProtect Now

Just wanted to make a quick post letting my readers know that I am now using CFFormProtect from Jake Munson to protect my blog from spammers without needing to use CAPTCHA.

The main reason I did this is for accessibility. Since LylaCaptcha is not accessible to blind, low vision, and possible color-blind users, I do not feel it is an acceptable solution.

At first I was going to put in reCaptcha, but I tried it out, and the audio CAPTCHA was hard to hear. Then I saw Dan Wilson's post about CFFormProtect, so I thought I would give it a try. I will report my results in a few weeks.

Please let me know if you have any trouble with leaving comments on the blog. Hopefully this will make commenting easier.

Things to Come

As you may, or may not, have noticed. I have been quiet lately. This sucks. So here is what I am planning to blog about over the next few weeks. I am making a commitment to myself to get back on track.

1. The ColdBox projects I am working on right now (3 of them). I am really enjoying ColdBox, but I am not sure what to write about. Is anyone interested in reading about the basics? The docs are great, but maybe some would like to read about how I am doing it? Anyone? I don't want to write about ColdBox Event Handlers or Layouts & Views if no one is going to read it

2. My generic Transfer decorator. I have, with the guidance of Mark Mandel and Bob Silverberg, created a Transfer decorator for use with business objects to help me validate and populate my beans while still managing my user input and error message feedback cleanly

3. Ajax Security, got some reading to do on this, but it's got to be done.

4. My journey into Flex. With so much else going on, I can't imagine making time for Flex, but I am going to bFlex/bFuson this weekend, and I am not going to let it go to waste.

5. Encryption. I have been putting this one off for some time.

6. An idea for an open source project about which I am too shy to discuss just yet. I will probably be e-mailing some of the gurus to see if it seems like a good idea, or a waste of time.

Thanks everyone for reading, I appreciate you taking the time to read about what I am working on. I hope to continue delivering content (quality or otherwise).

Deadlines, Vacations, and Kids

So I have been quiet the last week or so. I'm not happy about it, but things happens. I wish I did not need excuses, but I will offer them, if only to assure myself that this is a temporary situation and that I will begin blogging again soon.

Right now I am working under deadline for a medium-sized side project that needs to be done before Comic-Con starts this week. It is also my first medium-sized ColdBox/ ColdSpring/ Transfer project, so there is a lot of learning and do-overs associated with the project. It is taking a lot longer than I had originally hoped. I am hoping I can get some good blog material out of it.


Launched a new Site. Not ColdFusion, but still cool

So about a year ago the Minnesota Valley Humane Society put out a call for people to help them with their website. I was one of those that answered.

We had several planning meetings, did some research, looked at hosting options, etc, etc and decided to go with a Drupal Site. At the time I had used Drupal on a few other sites and I felt that building a custom CF site would take too long.


For whatever it's worth, I'm on twitter now

So I am still not sure about this whole Twitter thing. But I thought I would give it a go. I have been using it for almost a week now, been following a few people, making a few posts, etc.

It's weird. I guess that is all I can say about it. But I am going to give it a try and see if it grows on me.

If anyone cares (I'm not even sure if I care), I am at

New web host, security series update, and feed change

Well, I think I have finally worked out most of the kinks with my web host change. All said, it went pretty smoothly.

I spent most of the day working on it today and I got a lot done. Please note that all of my links and feeds have changed. I have set up 301 redirects for most everything that was on the old site, but please update your bookmarks and feed readers to the new link. I will keep the redirects around indefinitely, but having the real link is better.

I have had several projects going this weekend and I have been crazy busy. I am working on a site for one of the Humane Societies here in MN that has been taking up a lot of time, I have been doing my blog migration, and I have to prepare a presentation to be shown to 2 CFUG in the next 2 weeks. So I have had little time for the security series. I still plan to have an entry out soon, but it probably won;t be tomorrow. We'll see. It's a good thing I have tomorrow off.

That's all for now. I have to get back to the Humane Society site. We are hoping to launch later this week and I have a lot of work to do on it. I will post an announcement when we launch so readers can check it out. It is a Drupal site and we have been working on it since October of last year. It is a volunteer effort and it has been a huge project.

I want to give money to open source projects!

So why don't I just give them money? Well I have, just not in the way that I want to.

Here is how I see it. Open-source projects are usually on-going efforts. And on-going efforts need on-going support. Some of the open source projects ask for donations, but very few, if any, of them ask for recurring donations. Why is that? They have on-going expenses. Hosting costs, conference fees, travel expenses, etc.


More Entries

BlogCFC was created by Raymond Camden. This blog is running version 5.9.1. Contact Blog Owner