Show all feed information | Ping Blog Update
The new autocomplete widget in jQuery UI 1.8 is a nice addition. While it works great for basic purposes working with ID / value pairs is not so nice out of the box. I wanted to use the autocomplete widget to allow someone to select an employee by typing in an employee name into the text box, …
keywords array, autocomplete, cfparam name, coldfusion, doe, input type text, javascript, jquery, js, json, perspective, query string, server side, true type, type application, value pairs, widget
I do a lot of work related to security in ColdFusion and I've been keeping a list of ideas and features that could make a future version of ColdFusion more secure. Here's 10 ideas in no particular order: Add an allowedextensions attribute to cffile for action=upload and deprecate the accept …
keywords alot of people, cf, cfc, cfml, coldfusion, coldfusion installation, installation directory, mime types, png, security, session cookies, spoof, unix, variables
I will be presenting at the ColdFusion Meetup online user group this Thursday (June 17th) at Noon Eastern Time. The topic: Introduction to FuseGuard and Web Application Firewalls . I will be discussing some things about Web Application Firewalls in general, and then I will give a demo FuseGuard …
keywords coldfusion, demo, eastern time, firewalls, rsvp, security, user group, web application
I am connecting to a Client's network via the Cisco AnyConnect VPN. I'm quite impressed with the security of the client, it allows the VPN administrator to have alot of control over how the client can connect. One problem I was facing though is that I couldn't connect to the internet while I am …
keywords alot, blog entry, cisco, firewall, google, key point, misc, request timeout, router, sudo, vpn
As you know one of the first things you should do on a production ColdFusion server is disable robust exception information (this includes things like source code, and file path disclosures in error messages), in the ColdFusion Administrator. This information is great for developers debugging …
keywords coldfusion, coldfusion administrator, coldfusion server, developers, error messages, hackers, railo, security, server administrator, source code
If you have installed the latest version of Skype on Windows, it automatically installs browser plugins for IE and FireFox. The browser plugin detects phone numbers on the page injects markup with clickable links to dial the number in Sykpe. This has caused some issues for Web Developers because …
keywords ajax, browser plugin, current version, hoops, html, iphone, javascript, jquery, language javascript, libs, markup, meta tag, mobile phones, phone number, script language, script src http, skype, web, web developers
Every so often I get an email back from someone who ran HackMyCF.com saying something like this: Your scanner says our ColdFusion Administrator is publicly accessible, but I don't think that's true. Am I missing something?
If you visit /CFIDE/administrator/ on their server you will get a 404. …
keywords ahead, bottom line, coldfusion, coldfusion administrator, directory, email, iis, index cfm, linux, missing something, scanner, security, servers, virtual host, web root
I've just finished updating the HackMyCF.com ColdFusion security scanner to detect the BlaseDS Vulnerability APSB10-05 announced in February 2010. As you hopefully know, this vulnerability also effects ColdFusion 7-9, because it has BlaseDS installed by default. So make sure and patch your …
keywords attacker, coldfusion, cyr, flash, flash remoting, joshua, security, servers, vulnerability
Here are some easy ways you can tell if a particular site is serious about security: Low limit on password length - If you see password requirements such as password must be no more than 12 characters this means that they are not hashing the password (or they don't understand how hashing works). …
keywords attacker, authentication, credit cards, dos attacks, misc, security, smtp
Someone asked me recently about the following exception on their ColdFusion server: java.lang.OutOfMemoryError: GC overhead limit exceeded This exception is thrown by the garbage collector (in the underlying jvm, it's not specific to ColdFusion), when it is spending way too much time collecting …
keywords coldfusion, coldfusion server, garbage, garbage collection, garbage collector, heap, java, java lang, jvm, memory, performance, period of time, server java, sun, tuning
