Pete Freitag's Homepage

My CFSummit 2015 Slide Decks

I was fortunate enough to be able to do two different talks this year at the Adobe CFSummit 2015 conference....

Adding Chrome Custom Search for CFDocs

I read some complaints recently that the new Adobe documentation site is not friendly with a chrome custom search engine (because the URIs are different based on what the tag/function starts with)....

Disable Flash Remoting on ColdFusion Servers

Due to the recent security vulnerability ABSP15-20 / APSB15-21 in BlazeDS there has been increased interest in disabling flash remoting when not needed -- if you followed the lockdown guide for CF9, CF10, or CF11 you should already have it disabled....

HackMyCF Adds SSL/TLS Scanner

I'm pleased to announce a feature of HackMyCF that I've been excited about for a while: SSL / TLS Scanning....

IncompatibleClassChangeError after ColdFusion 11 Update 5

If you use the Encrypt function in ColdFusion 11, you may experience an error that looks like this:

java.lang.IncompatibleClassChangeError: Expected static method coldfusion.runtime.CFPage....

Scope Injection in CFML

Here is an interesting vulnerability that I have come across several times in real CFML code during code reviews, I have spoken about it at conferences but have never written about it....

Upload Files Directly to Amazon S3 using ColdFusion

Here's a quick example showing how to upload a file directly to Amazon S3 (bypassing your server). The tricky part in getting this to work is that you don't want to allow anyone to upload a file anywhere on your S3....

Minor JavaDocs.org Update

As you may know I run a few doc shortcut sites, cfdocs.org for CFML has been going quite well since publishing the source on github with a bunch of community contributions.

The other site I use alot is JavaDocs....

nginx Directive rewrite is not terminated

I have been setting up some sites on nginx today (moving from an apache server) and have been pretty happy with how an Apache rewrite rule like:

RewriteRule /foo/([0-9]+)/ /foo....

Using Mozilla's Certificate Authority List for Java SSL

Every so often you run into an issue where you need to import a certificate signing authority's certificate into Java's cacerts certificate authority file....

SessionRotate solution for JEE Sessions

As you may know the new ColdFusion 10 function SessionRotate works great if you are using ColdFusion sessions (CFID, CFTOKEN), but it doesn't actually rotate the session id or invalidate the underlying J2EE session if you are using JEE sessions....

False TemplateNotFoundException ColdFusion 9

I was working on a server (CF9.0.2 Win2008 IIS7.5) installation today and ran into what I thought at first was an IIS connector issue....
there is more to this site: sitemap