Pete Freitag's Homepage

Recent Blog Entries...

Using Mozilla's Certificate Authority List for Java SSL

Every so often you run into an issue where you need to import a certificate signing authority's certificate into Java's cacerts certificate authority file....

SessionRotate solution for JEE Sessions

As you may know the new ColdFusion 10 function SessionRotate works great if you are using ColdFusion sessions (CFID, CFTOKEN), but it doesn't actually rotate the session id or invalidate the underlying J2EE session if you are using JEE sessions....

False TemplateNotFoundException ColdFusion 9

I was working on a server (CF9.0.2 Win2008 IIS7.5) installation today and ran into what I thought at first was an IIS connector issue....

ColdFusion defaults avoid flawed Random Number Generator

I've been researching a very interesting security topic for the past few weeks related to the Snowden NSA leaks and even related to ColdFusion. Thankfully Adobe's default settings avoid the weakness....

Apache Security Patches on CentOS / RHEL

Those familiar with RedHat Enterprise Linux (RHEL) or CentOS servers may notice that when you update a Apache (or most any other package) on a RedHat / CentOS based server it still reports the same version number....

FuseGuard 2.4 Released

I'm pleased to announce the availability of FuseGuard (Web App Firewall For CFML) version 2.4 today! In addition Ortus Solutions (Luis Majano and the folks behind ColdBox) have also announced Ortus FuseGuard Module - a ColdBox module for FuseGuard....

New HackMyCF Features

HackMyCF, my company's ColdFusion (and Railo too) server security scanner was recently updated with some cool new features for our paid subscribers....

Blocking .svn and .git Directories on Apache or IIS

One of the issues that our HackMyCF ColdFusion Server Scanner checks for is the existence of public .git/ or .svn/ directories. Exposing these directories to the public could lead to information disclosure, such as your server side source code....

CFDocs site now Open Source

You may be aware that I've run a site for quick access to the CFML documentation since 2004 called cfdocs.org. My goal for this site has always been to get to the documentation you need as fast as possible....

Getting Size of Heap and Non Heap Memory in CFML

I was helping out a member of my CFUG with some questions about the JVM, and I wanted to point him to a way to see how big his PermGen is at runtime....

Firefox Aurora now Supports Content Security Policy 1.0

Today with the release of Mozilla Firefox Aurora 23, support for Content Security Policy or CSP using the unprefixed, W3C standard header Content-Security-Policy has landed....

Writing Secure CFML cfObjective 2013 Slides

Here are the slides to my cf.Objective() 2013 presentation Writing Secure CFML, thanks to those who attended. Please stop by the Foundeo Inc. booth and say hi, if you are at the conference....
More Entries »
Search
Subscribe to my RSS Feed:
solosub
Use SoloSub to subscribe to my RSS feed using Bloglines, MyYahoo, NewsGator, and more.
there is more to this site: sitemap