Here's a quick tip for Eclipse users. When you double click on an image file in eclipse it typically opens up whatever program your OS has associated with that file type. You can configure eclipse to view images in the editor pane fairly easily, without installing any plugins.

A good security practice is to require SSL for ColdFusion administrator access (an even better practice is to limit access to localhost). This should only take less than five minutes on either Apache or IIS.

Maatkit is a pretty useful set of utilities for MySQL. From their site:

You can use Maatkit to prove replication is working correctly, fix corrupted data, automate repetitive tasks, speed up your servers, and much, much more.

Back in August Adobe released a series of ColdFusion security Hotfixes in security bulletin APSB09-12. One of the vulnerabilities that was supposed to be fixed was a Cross Site Scripting vulnerability that I found and reported to Adobe, known as CVE-2009-1877.

My company Foundeo Inc. released a new free web service today called HackMyCF that allows you to scan your ColdFusion server to detect the absence of recent ColdFusion security hotfixes as well as other security problems.

When ColdFusion 8 added the ability to return data from remote functions formatted with JSON they also added some settings that allow you to put a prefix on the JSON string.

I have a client using the standalone FCKEditor on his server (not the one in /CFIDE/ it is located at /FCKeditor/), but after installing the security hotfix for ColdFusion 8's builtin FCKeditor, the file manager for uploading and inserting images stopped working.

Adobe has posted the recording of my Adobe MAX presentation Building JEE Portlets with ColdFusion 9. Overall it was a great conference and I was happy to be a part of it. I was also happy to cover the topic of Portlets in ColdFusion 9, since it hasn't gotten much publicity as a new feature.

It's no secret by now that if your web site sees credit card numbers (even if they are passed to a third party gateway) you need to comply with the PCI DSS standards.

Requirement 4.