Ajax Same Origin Policy No More with Firefox 3.5

web Firefox 3.5 now allows you to make AJAX Requests, or more correctly XMLHttpRequests cross domain (in other words foo.com can make XHR requests to bar.com). When I heard about this, my first is that they would use the cross-domain.xml file that Flash has supported for years to achieve this.

This entry was:

Firefox 3.5 Introduces Origin Header, Security Features

web FireFox 3.5 was just released about a half hour ago. You can checkout all the new features for web developers here.

For me, as someone that does a lot of security research one of the most interesting new features is the Origin http header that FireFox 3.5 now sends.

This entry was:

Tips for Secure File Uploads with ColdFusion

coldfusion Allowing someone to upload a file on to your web server is a common requirement, but also a very risky operation. So here are some tips to help make this process more secure.

Don't rely on cffile accept attribute

The accept attribute gives a terrible false sense of security.

This entry was:

7 Years And Blog Entry Number 700

misc Wow I can't believe its been seven years since I started blogging!

I started blogging back in 2002 when Jeremy Allaire asked Where are the ColdFusion Blogs?

This blog was busier some years than others, 2005 was the busiest year thus far.

This entry was:

CFCatch Java Exceptions

coldfusion java Did you know that you can catch java exceptions by class name with cfcatch? It's not documented on the cfcatch tag documentation (as of CF8), but it works... Here's an example:


  <cfset list = CreateObject("java", "java.util.

This entry was:


did you hack my cf?