New, unofficial MuraCMS channel (chatroom) on IRC Freenode

Internet Relay Chat (IRC) has been around for a LOOONG time. I have fond memories of logging into IRC (for embarrassing amounts of time) when I first logged onto the internet in 1995. I have been using IRC ever since.

The are many server choices on IRC, but the one I keep finding myself coming back to is Freenode.

"freenode provides discussion facilities for the Free and Open Source Software communities, for not-for-profit organizations and for related communities and organizations."

Seems like a perfect place for a Mura channel.


Stopping web crawling bots from causing errors in BlogCFC

So I have been using BlogCFC for 970 days, and I love it. But one problem I have had since the beginning is when my site gets hammered with web crawler, I get a ton of errors. They usually hit between 2:00 AM and 6:00 AM and crawl my blog looking for new content. I appreciate what they do, but sometimes they can be VERY aggressive and start to cause timeout errors.

The result is that I wake up to dozens, or hundreds, of error emails and, very rarely, a crashed ColdFusion application server. Since I am on an Awesome VPS, I rarely have problems with the crashing, even less so since I upgraded the JVM from the CF8 default. But I would rather not have my server brought to its knees every morning by bots. Especially since I know that my worshippers from across the pond are just arriving at work and desire nothing more than to see if I have anything new to say.

So, finally, after 3 years, I decided to look into this problem. I've noticed that more often than not, the timeout errors are occurring when the web crawler tries to hit the "print" link on every post. So I said to myself, "Self, do web crawlers need to index my 'print' page?"


Adding more resource navigator filters to ColdFusion Builder (Eclipse)

One thing that has always bugged the crap out of me is our inability to add additional resource filters to the navigator view in Eclipse. Specifically, I mean these:

Resource filters are very useful little tools that will hide anything that matches the filter from the navigator view. Which is great for things like .svn folders or any other crap you don't feel like you need distracting you at the moment. Like if you want to hide all the images in a project so that it is not as cluttered. But for some reason, we have never been able to add our own filters. So I can't, for example, hide the stupid Settings.xml file that CFB likes to add to my projects or the .settings folder. Grrrrr!!


Enabling Access to the Adobe AIR Tools in ColdFusion Builder

I was talking to Charlie Arehart today after his "Hidden Gems in ColdFusion Builder" presentation at CFUnited 2010 and I mention that, for some reason, ColdFusion Builder has the Adobe AIR packaging features of the application hidden by default. So I thought I would write a post on how to enable them for those that would like to use CFBuilder for developing AIR applications.


Security Tip: Google's Advice on Cleaning up a Compomised Site

Google's Anti-Malware team is running a series of blog posts as part of Cyber-Security Awareness Month to help educate users (and webmasters) about the malware threat. One of their posts highlights some best practices for webmasters to use should their site become compromised and flagged as containing malicious code.


AIR Tip: Cookie Sharing between AIR and Web Browsers

This is something I came across at work that I thought I would share, because at first, it had me scratching my head.

Internally, Adobe AIR uses webkit as a "browser" which is great, and as expected, it actually behaves like a browser, including cookie support for access to external resources. Which means that when you are making remote calls to resources, you can use cookies to maintain sessions, or for information tracking.


Security Tip: User Education Doesn't Work

So let's be honest. Users are users. If they knew what they were doing, we would not need to grumble about them and make fun of them under our breath. But they don't know what they are doing. And they never will. NEVER.


Security Tip: Client side security cannot be enforced

The use of JavaScript is becoming increasingly popular with the availability of incredible JavaScript libraries. These libraries make creating Ajaxified web application easy, and fun! We can use them to create interactive and beautiful applications that rarely, if ever, require the page to refresh.

A lot of the JavaScript libraries also have helpful tools and plugins to implement form validation. These tools are great, and I don't want to discourage their use, but I do want to point out that these tools ARE NOT for security and should not be used to prevent malicious data from getting to your application.


Security Tip: Code reviews are good for security too

It seems like a no-brainer to me, but I will say it anyway. Code reviews are a good thing. Some people may shy away from them because it may make them feel inadequate or like they are being judged. But the idea behind a code review is to learn.

Code reviewing is a great way for a developer (novice or otherwise) to track down inefficiencies or architectural problems with their code by using the experience of other developers as a tool. We all know that two heads are better than one, right?


Security Tip: Fail securely

Failing securely is one of those things where, when you think about it, you say "duh". But I, for one, did not realize until it was pointed out to me that I was not always doing it. Let's look at an example of failing insecurely.

In this example, we have an application that has three types of user roles. The three roles are "admin", "superuser" and "user". Let's say we have a piece of content that we don't want regular users to access, so we do this:


More Entries

BlogCFC was created by Raymond Camden. This blog is running version 5.9.1. Contact Blog Owner