12Robots.com - Jason Dean - Tip

Adding more resource navigator filters to ColdFusion Builder (Eclipse)

Tue, 10 Aug 2010 12:19:00 -0500

One thing that has always bugged the crap out of me is our inability to add additional resource filters to the navigator view in Eclipse. Specifically, I mean these: Resource filters are very useful little tools that will hide anything that matches the filter from the navigator view. Which is great for things like .svn folders or any other crap you don't feel like you need distracting you at the moment. Like if you want to hide all the images in a project so that it is not as cluttered. But for some reason, we have never been able to add our own filters. So I can't, for example, hide the stupid Settings.xml file that CFB likes to add to my projects or the .settings folder. Grrrrr!! [More]

Enabling Access to the Adobe AIR Tools in ColdFusion Builder

Wed, 28 Jul 2010 16:29:00 -0500

I was talking to Charlie Arehart today after his "Hidden Gems in ColdFusion Builder" presentation at CFUnited 2010 and I mention that, for some reason, ColdFusion Builder has the Adobe AIR packaging features of the application hidden by default. So I thought I would write a post on how to enable them for those that would like to use CFBuilder for developing AIR applications. [More]

Security Tip: Google's Advice on Cleaning up a Compomised Site

Wed, 28 Oct 2009 20:55:00 -0500

Google's Anti-Malware team is running a series of blog posts as part of Cyber-Security Awareness Month to help educate users (and webmasters) about the malware threat. One of their posts highlights some best practices for webmasters to use should their site become compromised and flagged as containing malicious code. [More]

AIR Tip: Cookie Sharing between AIR and Web Browsers

Tue, 22 Sep 2009 18:48:00 -0500

This is something I came across at work that I thought I would share, because at first, it had me scratching my head. Internally, Adobe AIR uses webkit as a "browser" which is great, and as expected, it actually behaves like a browser, including cookie support for access to external resources. Which means that when you are making remote calls to resources, you can use cookies to maintain sessions, or for information tracking. [More]

Security Tip: User Education Doesn't Work

Sun, 05 Jul 2009 22:00:00 -0500

So let's be honest. Users are users. If they knew what they were doing, we would not need to grumble about them and make fun of them under our breath. But they don't know what they are doing. And they never will. NEVER. [More]

Security Tip: Client side security cannot be enforced

Mon, 08 Jun 2009 10:24:00 -0500

The use of JavaScript is becoming increasingly popular with the availability of incredible JavaScript libraries. These libraries make creating Ajaxified web application easy, and fun! We can use them to create interactive and beautiful applications that rarely, if ever, require the page to refresh. A lot of the JavaScript libraries also have helpful tools and plugins to implement form validation. These tools are great, and I don't want to discourage their use, but I do want to point out that these tools ARE NOT for security and should not be used to prevent malicious data from getting to your application. [More]

Security Tip: Code reviews are good for security too

Thu, 04 Jun 2009 10:43:00 -0500

It seems like a no-brainer to me, but I will say it anyway. Code reviews are a good thing. Some people may shy away from them because it may make them feel inadequate or like they are being judged. But the idea behind a code review is to learn. Code reviewing is a great way for a developer (novice or otherwise) to track down inefficiencies or architectural problems with their code by using the experience of other developers as a tool. We all know that two heads are better than one, right? [More]

Security Tip: Fail securely

Tue, 02 Jun 2009 22:25:00 -0500

Failing securely is one of those things where, when you think about it, you say "duh". But I, for one, did not realize until it was pointed out to me that I was not always doing it. Let's look at an example of failing insecurely. In this example, we have an application that has three types of user roles. The three roles are "admin", "superuser" and "user". Let's say we have a piece of content that we don't want regular users to access, so we do this: [More]

Security Tip: (IN)SECURE Magazine

Mon, 01 Jun 2009 15:09:00 -0500

So I recently became aware of (IN)SECURE Magazine from Help Net Security (HNS). (IN)SECURE looks like a high quality PDF publication that covers A LOT of security topics from web application development, to network security, to operating system security. Issue #21 of the magazine was just released. Some of the articles that interest me most, and I think would interest developers in our community are: [More]