May 17, 2019
Writing this because I can never remember which ascii code is \n and which is \r. Usually I end up googling my ASCII Cheatsheet for the answer....
May 14, 2019
I'm pleased to announce that Fixinator and the Foundeo CFML Continuous Security Bundle are both avaliable to purchase....
May 10, 2019
Here are the slides for my Running CFML on AWS Lambda with FuseLess talk. I gave this talk at Into The Box 2019 in Houston Texas last week.
Nolan Erck has posted his notes if you want to read through a summary....
March 21, 2019
As a ColdFusion user you are probably aware that your CFML is compiled into Java byte code and executed by the Java Virtual Machine (JVM). Just like your Operating System or ColdFusion server needs to be patched for security issues, so does your JVM....
February 15, 2019
I see this issue catch a lot of people, and it got me today. If you have a file /api/test.cfm on ColdFusion 10 or greater it might not work due to ColdFusion's REST implementation controlling the /api or /rest URIs....
February 14, 2019
Update: Adobe has released CF11 Update 17 and ColdFusion 2016 Update 9 to address problems outlined in this blog entry.
Adobe released new security updates and bug fixes for ColdFusion 11, 2016 and 2018 this week....
February 6, 2019
I observed an interesting thing today while helping a client. The problem was presented as:
We have a bunch of Chrome users having issues where a session variable is not working between page requests....
February 6, 2019
When you are using csrfGenerateToken and csrfVerifyToken with unique categories, the token that is generated remains valid until another token is generated with the forceNew argument set to true....
February 1, 2019
This is not exactly a new trick, but it is quite useful and I find not many people know that the cf_sql_ prefix is optional in the cfsqltype attribute of cfqueryparam. So instead of doing this:
WHERE id = <cfqueryparam value="#url....
January 24, 2019
Have you ever noticed a cookie in Chrome Developer Tools showing a Expires / Max-Age value of 1969-12-31T23:59:59.000Z?
Such a cookie is known as a browser session cookie it will persist for as long as the browser is open....
December 7, 2018
One nice feature of AWS API Gateway is that you can configure or Throttle the Burst (requests) and Rate (requests per second). The first time I looked at that it was not really clear to me how the Burst (requests) throttling works....
November 21, 2018
TLDR: Most java HTTPS connection problems can be fixed by updating the JVM. Don't import into cacerts unless you really need to (eg you have an internal CA within your organization). Test other http clients to make sure it is really a java problem....
Pete Freitag