September 3, 2015
Due to the recent security vulnerability ABSP15-20 / APSB15-21 in BlazeDS there has been increased interest in disabling flash remoting when not needed -- if you followed the lockdown guide for CF9, CF10, or CF11 you should already have it disabled....
May 27, 2015
I'm pleased to announce a feature of HackMyCF that I've been excited about for a while: SSL / TLS Scanning....
April 20, 2015
If you use the Encrypt function in ColdFusion 11, you may experience an error that looks like this:
java.lang.IncompatibleClassChangeError: Expected static method coldfusion.runtime.CFPage....
March 3, 2015
Here is an interesting vulnerability that I have come across several times in real CFML code during code reviews, I have spoken about it at conferences but have never written about it....
November 26, 2014
Here's a quick example showing how to upload a file directly to Amazon S3 (bypassing your server). The tricky part in getting this to work is that you don't want to allow anyone to upload a file anywhere on your S3....
October 28, 2014
As you may know I run a few doc shortcut sites, cfdocs.org for CFML has been going quite well since publishing the source on github with a bunch of community contributions.
The other site I use alot is JavaDocs....
October 17, 2014
I have been setting up some sites on nginx today (moving from an apache server) and have been pretty happy with how an Apache rewrite rule like:
RewriteRule /foo/([0-9]+)/ /foo....
June 6, 2014
Every so often you run into an issue where you need to import a certificate signing authority's certificate into Java's cacerts certificate authority file....
March 28, 2014
As you may know the new ColdFusion 10 function SessionRotate works great if you are using ColdFusion sessions (CFID, CFTOKEN), but it doesn't actually rotate the session id or invalidate the underlying J2EE session if you are using JEE sessions....
March 17, 2014
I was working on a server (CF9.0.2 Win2008 IIS7.5) installation today and ran into what I thought at first was an IIS connector issue....
December 17, 2013
I've been researching a very interesting security topic for the past few weeks related to the Snowden NSA leaks and even related to ColdFusion. Thankfully Adobe's default settings avoid the weakness....
November 22, 2013
Those familiar with RedHat Enterprise Linux (RHEL) or CentOS servers may notice that when you update a Apache (or most any other package) on a RedHat / CentOS based server it still reports the same version number....
Pete Freitag