Pete Freitag's Homepage

Tomcat Virtual Directory Howto

Let's create a Tomcat virtual directory (or Alias) called /my_scripts which points x:\cf\cfusion\wwwroot\cf_scripts\scripts\ by adding the following inside of a <Host> tag in the server....

Communications link failure MySQL JDBC with TLS

Ran into an interesting situation trying to configure a MySQL JDBC driver to connect over TLS (though the driver may call it SSL, TLS is the name for more recent versions of the protocol)....

Redirect www and non https in IIS using web.config

Had the need to setup a web.config file in IIS that would redirect ALL http (non https) and requests for www.example.com to the non-www example.com....

Not authorized to perform: ssm:GetParameters

While working on setting up AWS CodeBuild to run Fixinator to scan for CFML Security Vulnerabilities upon commit, I was running into a snag....

What is the difference between ASCII Chr(10) and Chr(13)

Writing this because I can never remember which ascii code is \n and which is \r. Usually I end up googling my ASCII Cheatsheet for the answer....

Fixinator and Foundeo Security Bundle

I'm pleased to announce that Fixinator and the Foundeo CFML Continuous Security Bundle are both avaliable to purchase....

Running CFML on AWS Lambda with FuseLess Slides

Here are the slides for my Running CFML on AWS Lambda with FuseLess talk. I gave this talk at Into The Box 2019 in Houston Texas last week.

Nolan Erck has posted his notes if you want to read through a summary....

Updating Java on ColdFusion or Lucee

As a ColdFusion user you are probably aware that your CFML is compiled into Java byte code and executed by the Java Virtual Machine (JVM). Just like your Operating System or ColdFusion server needs to be patched for security issues, so does your JVM....

ColdFusion returning empty response with server-error: true

I see this issue catch a lot of people, and it got me today. If you have a file /api/test.cfm on ColdFusion 10 or greater it might not work due to ColdFusion's REST implementation controlling the /api or /rest URIs....

Careful applying CF11u16, CF2016u8, CF2018u2

Update: Adobe has released CF11 Update 17 and ColdFusion 2016 Update 9 to address problems outlined in this blog entry.

Adobe released new security updates and bug fixes for ColdFusion 11, 2016 and 2018 this week....

Sessions don't work in Chrome but do in IE

I observed an interesting thing today while helping a client. The problem was presented as:

We have a bunch of Chrome users having issues where a session variable is not working between page requests....

csrfVerifyToken does not invalidate the token

When you are using csrfGenerateToken and csrfVerifyToken with unique categories, the token that is generated remains valid until another token is generated with the forceNew argument set to true....
there is more to this site: sitemap