Firefox 3.5 now allows you to make AJAX Requests, or more correctly XMLHttpRequests cross domain (in other words foo.com can make XHR requests to bar.com). When I heard about this, my first is that they would use the cross-domain.xml file that Flash has supported for years to achieve this.

FireFox 3.5 was just released about a half hour ago. You can checkout all the new features for web developers here.

For me, as someone that does a lot of security research one of the most interesting new features is the Origin http header that FireFox 3.5 now sends.

Allowing someone to upload a file on to your web server is a common requirement, but also a very risky operation. So here are some tips to help make this process more secure.

Don't rely on cffile accept attribute

The accept attribute gives a terrible false sense of security.

Wow I can't believe its been seven years since I started blogging!

I started blogging back in 2002 when Jeremy Allaire asked Where are the ColdFusion Blogs?

This blog was busier some years than others, 2005 was the busiest year thus far.

Did you know that you can catch java exceptions by class name with cfcatch? It's not documented on the cfcatch tag documentation (as of CF8), but it works... Here's an example:

<cftry>

  <cfset list = CreateObject("java", "java.util.