Wha sup, yo?

Posted At : September 1, 2010 8:07 AM | Posted By : Jason Dean
Related Categories: Tomcat,General,Conferences,Security,ColdFusion,School,Database

Wow. Things have been busy and I have been neglecting my blog. I feel bad about that. My blog is so important to me, and things have been keeping me away.

I am a teacher at heart. I love to teach. That is why I blog, that is why I present at conferences, and that is why I am going to grad school. So the fact that I have been unable to blog for a while upsets me greatly. But I want to tell you a little bit about why. This is not about making excuses. This is about what is keeping me busy and what I am learning about. It will also motivate me to blog about these things, and that's the important part.

[More]

Comments (2) | Print | Send | del.icio.us | Digg It! | Linking Blogs | 248 Views

Session token rotation REVISITED - Security Series #12.3.3 and #6.4.3

Posted At : June 29, 2009 10:02 AM | Posted By : Jason Dean
Related Categories: Tomcat,HTTP,Security,ColdFusion

I posted on Friday about my experimental code for session token rotation and I got some great comments (thanks Peter and Brian). Brian stated in his comment that because I am using a <cflocation>, which is a 302 HTTP redirect, it could cause problems with legitimate deep-linking, plus, using <cflocation> feels like a hack. I agree with the latter. I was not happy with using <cflocation>, but it was all I could think to do at the time.

So I gave it some more thought this weekend and came up with a new way of doing it that uses <cfhttp> instead of a redirect. I am MUCH happier with this method for a couple of reasons.

[More]

Comments (2) | Print | Send | del.icio.us | Digg It! | Linking Blogs | 1736 Views
BlogCFC was created by Raymond Camden. This blog is running version 5.9.1. Contact Blog Owner