Pete Freitag's Homepage

CFSummit 2016 Slides

Here are my slides from the Adobe ColdFusion Summit 2016 conference in Las Vegas:...

Securing Legacy CFML - dev.Objective() 2016 Slides

Back from another great dev.Objective() conference in Minneapollis. This year Foundeo was a sponsor, and I spoke on Securing Legacy CFML Code. Find the slides here....

My CFSummit 2015 Slide Decks

I was fortunate enough to be able to do two different talks this year at the Adobe CFSummit 2015 conference....

Adding Chrome Custom Search for CFDocs

I read some complaints recently that the new Adobe documentation site is not friendly with a chrome custom search engine (because the URIs are different based on what the tag/function starts with)....

Disable Flash Remoting on ColdFusion Servers

Due to the recent security vulnerability ABSP15-20 / APSB15-21 in BlazeDS there has been increased interest in disabling flash remoting when not needed -- if you followed the lockdown guide for CF9, CF10, or CF11 you should already have it disabled....

HackMyCF Adds SSL/TLS Scanner

I'm pleased to announce a feature of HackMyCF that I've been excited about for a while: SSL / TLS Scanning....

IncompatibleClassChangeError after ColdFusion 11 Update 5

If you use the Encrypt function in ColdFusion 11, you may experience an error that looks like this:

java.lang.IncompatibleClassChangeError: Expected static method coldfusion.runtime.CFPage....

Scope Injection in CFML

Here is an interesting vulnerability that I have come across several times in real CFML code during code reviews, I have spoken about it at conferences but have never written about it....

Upload Files Directly to Amazon S3 using ColdFusion

Here's a quick example showing how to upload a file directly to Amazon S3 (bypassing your server). The tricky part in getting this to work is that you don't want to allow anyone to upload a file anywhere on your S3....

Minor JavaDocs.org Update

As you may know I run a few doc shortcut sites, cfdocs.org for CFML has been going quite well since publishing the source on github with a bunch of community contributions.

The other site I use alot is JavaDocs....

nginx Directive rewrite is not terminated

I have been setting up some sites on nginx today (moving from an apache server) and have been pretty happy with how an Apache rewrite rule like:

RewriteRule /foo/([0-9]+)/ /foo....

Using Mozilla's Certificate Authority List for Java SSL

Every so often you run into an issue where you need to import a certificate signing authority's certificate into Java's cacerts certificate authority file....
there is more to this site: sitemap