Pete Freitag's Homepage

HackMyCF Adds SSL/TLS Scanner

I'm pleased to announce a feature of HackMyCF that I've been excited about for a while: SSL / TLS Scanning....

IncompatibleClassChangeError after ColdFusion 11 Update 5

If you use the Encrypt function in ColdFusion 11, you may experience an error that looks like this:

java.lang.IncompatibleClassChangeError: Expected static method coldfusion.runtime.CFPage....

Scope Injection in CFML

Here is an interesting vulnerability that I have come across several times in real CFML code during code reviews, I have spoken about it at conferences but have never written about it....

Upload Files Directly to Amazon S3 using ColdFusion

Here's a quick example showing how to upload a file directly to Amazon S3 (bypassing your server). The tricky part in getting this to work is that you don't want to allow anyone to upload a file anywhere on your S3....

Minor JavaDocs.org Update

As you may know I run a few doc shortcut sites, cfdocs.org for CFML has been going quite well since publishing the source on github with a bunch of community contributions.

The other site I use alot is JavaDocs....

nginx Directive rewrite is not terminated

I have been setting up some sites on nginx today (moving from an apache server) and have been pretty happy with how an Apache rewrite rule like:

RewriteRule /foo/([0-9]+)/ /foo....

Using Mozilla's Certificate Authority List for Java SSL

Every so often you run into an issue where you need to import a certificate signing authority's certificate into Java's cacerts certificate authority file....

SessionRotate solution for JEE Sessions

As you may know the new ColdFusion 10 function SessionRotate works great if you are using ColdFusion sessions (CFID, CFTOKEN), but it doesn't actually rotate the session id or invalidate the underlying J2EE session if you are using JEE sessions....

False TemplateNotFoundException ColdFusion 9

I was working on a server (CF9.0.2 Win2008 IIS7.5) installation today and ran into what I thought at first was an IIS connector issue....

ColdFusion defaults avoid flawed Random Number Generator

I've been researching a very interesting security topic for the past few weeks related to the Snowden NSA leaks and even related to ColdFusion. Thankfully Adobe's default settings avoid the weakness....

Apache Security Patches on CentOS / RHEL

Those familiar with RedHat Enterprise Linux (RHEL) or CentOS servers may notice that when you update a Apache (or most any other package) on a RedHat / CentOS based server it still reports the same version number....

FuseGuard 2.4 Released

I'm pleased to announce the availability of FuseGuard (Web App Firewall For CFML) version 2.4 today! In addition Ortus Solutions (Luis Majano and the folks behind ColdBox) have also announced Ortus FuseGuard Module - a ColdBox module for FuseGuard....
there is more to this site: sitemap