Pete Freitag's Homepage

Recent Blog Entries...

Writing Secure CFML cfObjective 2013 Slides

Here are the slides to my cf.Objective() 2013 presentation Writing Secure CFML, thanks to those who attended. Please stop by the Foundeo Inc. booth and say hi, if you are at the conference....

Upgrading to Java 7 on Linux

Today I upgraded Java from 1.6 to 1.7 on a CentOS (RHEL) 6 Linux server, and ran into a small issue....

J2EE Sessions in CF10 Uses Secure Cookies

This week I helped out a client resolve an issue due to a change in behavior from CF9 to CF10. CF10 automatically adds the secure flag to cookies when the request is over a secure HTTPS channel....

Learn about ColdFusion Security at cfObjective 2013

For the past two-three months ColdFusion has been increasingly targeted by attackers, as many have found out the hard way. Because my company Foundeo Inc....

Session Loss and Session Fixation in ColdFusion

I often find myself explaining how the session fixation security hotfix (APSB11-04) might cause session loss under certain circumstances, so I figured it was time for a blog entry explaining it....

FuseGuard 2.3 Released

My company Foundeo Inc. released version 2.3 of FuseGuard our Web Application Firewall for ColdFusion (and Railo too) servers.

This is a free upgrade for all customers already running version 2.0-2....

CKEditor Spell Checker Plugin

There is now an official CKEditor plugin for Foundeo Spell Checker which you can use to add a spell checker button to the CKEditor toolbar. We've had this unofficially for a while but wanted to put it out there for everyone to get....

Adobe Says Go Ahead and Upgrade your ColdFusion JVM

This probably flew under the radar to many but Adobe has recently updated one of their support docs on upgrading JVM in ColdFusion, they now clearly state that you can upgrade to the latest minor release of a supported jvm version in ColdFusion:...

Announcing CFML Weekly Email

I'm a huge fan of the weekly email newsletters: JavaScript Weekly and HTML5 Weekly from Peter Cooper....

Minor bug in ColdFusion 10 Linux Startup Scripts

Running ColdFusion 10 on Linux you might run into an issue when checking the server status, if your ColdFusion user account has a default shell of /sbin/nologin (this is how your account should be setup for security purposes)....

JavaScript Confirm Modal using Bootstrap

Back in the olden days you might have added code like this to your form onsubmit, or an anchor to do a javascript confirmation box:

<a href="delete....

Understanding HashDos and postParameterLimit

I received a question today about the postParameterLimit that was added to ColdFusion 8,9 by security hotfix APSB12-06 and exists in ColdFusion 10 by default (it is also configurable in the CF10 administrator)....
More Entries »
Search
Subscribe to my RSS Feed:
solosub
Use SoloSub to subscribe to my RSS feed using Bloglines, MyYahoo, NewsGator, and more.
there is more to this site: sitemap