Show all feed information | Ping Blog Update
For the past two-three months ColdFusion has been increasingly targeted by attackers, as many have found out the hard way. Because my company Foundeo Inc. does a lot of work related to security on ColdFusion we have seen first hand a lot of interest in improving security practices among CF …
I often find myself explaining how the session fixation security hotfix ( APSB11-04 ) might cause session loss under certain circumstances, so I figured it was time for a blog entry explaining it. Ok, first what is session fixation? A session fixation vulnerability exists when an attacker can …
My company Foundeo Inc. released version 2.3 of FuseGuard our Web Application Firewall for ColdFusion (and Railo too) servers. This is a free upgrade for all customers already running version 2.0-2.2, here's a list of what's new in this release: Updates to FuseGuard Manager (our web admin) …
There is now an official CKEditor plugin for Foundeo Spell Checker which you can use to add a spell checker button to the CKEditor toolbar. We've had this unofficially for a while but wanted to put it out there for everyone to get. This plugin has been tested on both CKEditor 3 and 4.
This probably flew under the radar to many but Adobe has recently updated one of their support docs on upgrading JVM in ColdFusion, they now clearly state that you can upgrade to the latest minor release of a supported jvm version in ColdFusion: All ColdFusion users can upgrade Java to the …
I'm a huge fan of the weekly email newsletters: JavaScript Weekly and HTML5 Weekly from Peter Cooper. Keeping up with technology via blogs, twitter, etc is difficult to do, so getting sent an email summary of important or interesting things saves me a lot of time. Being an avid ColdFusion …
Running ColdFusion 10 on Linux you might run into an issue when checking the server status, if your ColdFusion user account has a default shell of /sbin/nologin (this is how your account should be setup for security purposes). So for example when you run: /etc/init.d/coldfusion_10 status You get …
Back in the olden days you might have added code like this to your form onsubmit, or an anchor to do a javascript confirmation box: <a href="delete.cfm" onclick="return confirm('Are you sure you want to delete?');">Delete</a> That works ok, but if you want a better / consistent …
I received a question today about the postParameterLimit that was added to ColdFusion 8,9 by security hotfix APSB12-06 and exists in ColdFusion 10 by default (it is also configurable in the CF10 administrator). The question I was asked about this was: I was wondering your opinion on the maximum …
I've given a couple presentations now on the security enhancements in ColdFusion 10 . The most recent was today at the Adobe ColdFusion Developer 2012, but I've also given it two other times for a Carahsoft webinar, and for the Carahsoft ColdFusion 10 Preview event in Washington DC. The slide …
keywords adobe, carahsoft, cf, checks, coldfusion, coldfusion developer, hash, isolation, mime type, security enhancements, session cookie, slides, strict mode, washington dc, webinar
Owner of @Foundeo Inc. a ColdFusion / Java Consulting and Products Company http://www.petefreitag.com/
Slides for my #cfobjective presentation this morning "Writing Secure CFML" have been posted: http://t.co/hxrSvjkvZ1 #coldfusion@pfreitag
Utica, NY
Products and Consulting for ColdFusion Developers http://foundeo.com/
http://t.co/tKZ90rYj5r just helped a customer figure out that he accidentally deleted the jar for CHF4 when installing APSP13-10 #coldfusion@foundeo
