Pete Freitag's Homepage

Is it necessary to cfqueryparam all values?

I had a question today asking why Fixinator does not add cfqueryparam to static values within a query....

How to run Oracle DB on a Mac with Docker

Oracle puts out a Windows and Linux binary for their Oracle Database servers, but what if you want to run it on a Mac? The solution for a while was to use a VM and boot up the linux version. Nowadays using Docker is a little bit easier....

Timing Attacks and the Timing-Allow-Origin Header

I've always found Timing Attacks to be an interesting type of web application vulnerability. You need to understand timing attacks before you can understand how to use the Timing-Allow-Origin http response header....

Counting IP Addresses in a Log File

I've been using grep to search through files on linux / mac for years, but one flag I didn't use much until recently is the -o flag. This tells grep to only output the matched pattern (instead of lines that mach the pattern)....

Recursively Counting files by Extension on Mac or Linux

...

Hacktoberfest Tips for Contributors

It never ceases to amaze me how many people will emerge out of the woodwork to earn a free T-Shirt each October! As someone who runs a moderate sized open source project that has merged over 900 pull requests, I always see a big increase in activity ...

Slides from my 2019 ColdFusion Summit Las Vegas Talk

The slides for my talk Approaches to secure CFML code can be found here. The source code for the Bank of Insecurity application (which is full of security holes) can be found: here.

Overall I thought the CFSummit event was a great success....

How to Run SQL Server on a Mac

So you use a Mac, but you need to run Microsoft SQL Server. I never thought this would be so easy, but here's how I've been doing this for the past few years....

VirtualBox Error VT-x/AMD-V

When I teach my full day hands on CFML security training class we use a VirtualBox VM pre-loaded and pre-configured with everything the student needs....

Why is my Apache httpd Alias Not Working?

Ran into this today, so I thought I would blog it.

I had an alias in my httpd....

Passing Environment Variables to Sudo Command

Suppose you have a bash script that sets an environment variable, and then invokes something with sudo:...

Development SSL / TLS with CommandBox

I've been working on my upcoming Fully Day ColdFusion Security Training Class at CFSummit. The training takes place on a VM which I have preloaded with everything the trainees will need....
there is more to this site: sitemap