Show all feed information | Ping Blog Update
Yesterday I had a chance to get my feet wet with the Alpha 1 release of jQuery Mobile for one of my clients. Prior to yesterday I had been working with jqTouch for mobile UI. Overall I really like the way it's built, you can simply use the data-role attribute to turn markup into mobile widgets. …
keywords ajax, alpha release, attribute, couple hours, jquery, markup, successful project, ui, ul, web, widgets
An emerging standard called Strict Transport Security is starting to gain some traction among web browsers. Google Chrome supports it and Firefox is working on it (currently supported in the noscript FF extension). So what is Strict Transport Security? Strict Transport Security (STS) allows a …
keywords coldfusion, duration, google, handful, http header, response headers, traction, web, web browsers, web server
Internet Explorer pioneered a great security feature for cookies called HTTPOnly , when this flag is set the browser does not allow JavaScript to access the cookie. Now that all modern browsers support this flag it can reduce the risk of session hijacking due to cross site scripting. For that …
keywords attribute, boolean value, cf, cfc, cftoken, coldfusion, coldfusion administrator, config, example application, internet explorer, omission, risk, scripting, security feature, security scanner, session cookies
I am in the process of building some mobile apps for one of my clients, and while I'm pretty familiar with running the iPhone simulator and building iPhone apps , I'm pretty new to the Android development tools at this point. So I thought I would give a quick and easy guide for folks to follow, …
keywords android, development tools, eclipse plugin, google, iphone, iphone apps, linux, misc, mobile apps, platform tools, platforms, sdk, step 1, step 2, step 3, system path
If you are using jQuery UI's Autocomplete control, your IE6 users may experience some issues when the autocomplete suggestions overlay a HTML <select> list. The autocomplete suggestions show up behind the select list in Internet Explorer 6. To fix this you need to simply include the …
keywords ie 6, internet explorer, jquery, script tag, ui, web
Adobe released a security hotfix for a path traversal vulnerability in ColdFusion administrator (CVE-2010-2861, APSB10-18). On the Adobe security bulletin page it lists affected software versions: ColdFusion 8.0, 8.0.1, 9.0, 9.0.1 and earlier versions for Windows, Macintosh and UNIX . Take …
keywords adobe, attacker, coldfusion, directory, macintosh, security bulletin, security hotfix, unix, vulnerability, web server
How do you protect your code from Cross Site Scripting (XSS) when your business requirements state that the user must be able to input HTML? This can be a difficult problem to solve and XSS is very difficult to filter against because there are hundreds of attack vectors. Remember that social …
keywords cfset, coldfusion, jar file, jar files, java classpath, java library, javaloader, lib, mark mandel, markup, social networking site, using java, variables, vectors, xss
As promised I just published the slides for my Writing Secure CFML presentation at CFUnited 2010. You can even watch a recording of the presentation here:
keywords cfunited, coldfusion, slides
The slides for my 2010 CFUnited presentation Locking Down ColdFusion are now available. The presentation is based on the ColDFusion 9 Lockdown Guide whitepaper that I wrote for Adobe. It covers various techniques to make your ColdFusion installation more secure. I also presented on Writing …
keywords adobe, cfml, cfunited, coldfusion, coldfusion installation, presentation, slides
FireFox (3.6.7) released today fixed an interesting security vulnerability called Cross Domain Data Theft using CSS discovered by Google security researcher Chris Evans. It works kind of like JSON Hijacking, but uses a cross domain <link /> tag instead of a cross domain <script …
keywords attacker, background image url, bug report, content type, css file, css files, google, hijacking, interesting security, link rel, link tag, parser, security vulnerability, web
Owner of @Foundeo Inc. a ColdFusion / Java Consulting and Products Company http://www.petefreitag.com/
Slides for my #cfobjective presentation this morning "Writing Secure CFML" have been posted: http://t.co/hxrSvjkvZ1 #coldfusion@pfreitag
Utica, NY
Products and Consulting for ColdFusion Developers http://foundeo.com/
http://t.co/tKZ90rYj5r just helped a customer figure out that he accidentally deleted the jar for CHF4 when installing APSP13-10 #coldfusion@foundeo
