Pete Freitag's Homepage

While looking at the PageSpeed Insights for my blog I noticed that the Twitter widgets I was using to display a twitter follow button and a tweet / share button were causing some page speed issues....

A few years ago I gave a presentation to my local CFUG titled Docker for Devs. I recently realized that I never posted the slides or the examples. So while the version numbers may be a bit outdated, I thought it may be useful to post it....

It was great to be a speaker at the ColdFusion DevWeek event last week. I spoke on the topic Securing ColdFusion Applications.

As promised here are the slides, and the example code I used can be found here....

What versions of Java support TLSv1.3 / TLS 1.3?

Java 8 TLS 1.3 Support

If you are on Java 8 (or 1.8 if you prefer) then you need version 8u261 b12 or greater. This version was released on July 14, 2020....

ColdFusion / CFML has a builtin function that can convert a string or a binary object to a standard Base64 encoded string: toBase64 and you can decode back to a string using toBinary() and toString() or the binaryDecode() function....

The OpenJDK Crypto Roadmap states that TLSv1 and TLSv1.1 will be disabled in OpenJDK releases by default after April 20, 2021. I assume this change also applies to Oracle, and all the JVMs that are derived from OpenJDK....

Here's a bash script that uses osquery to log which files in a specific folder have been modified over a 15 minute period. My use case here wasn't file integrity monitoring, for that you would want to use file events....

Hashicorp Vault is an open source, enterprise grade security vault. It is designed to grant secure access to the secrets that it stores. It can also act as an encryption as a service API....

The builtin CFML function sessionInvalidate() works great for invalidating or clearing a ColdFusion session (CFID/CFTOKEN). But it doesn't invalidate the underlying J2EE / JEE session (the JSESSIONID)....

Jakob Ward recently posted an interesting question to the CFML slack channel:

Is there a point to setting maxlength for a timestamp value in cfqueryparam? Or can this be ignored safely?...

People often download and install the latest version of Java, rather than the latest LTS version of java. In most cases, especially if it is on a server you probably want to be using the LTS version of java....

Thanks to all who attended my talk today on Securing ColdFusion Applications. You can find the slides here....