Aug
17
Application Penetration Test - Call to CF community for help!
Posted in ColdFusion, SQL, Servers, Application Security

So next week an "Information Security and Compliance Company" is doing a 16 hour "Application Penetration Test" on an application we developed. It's on a dedicated server with all the latest patches and is on lock down with IP address validation through the firewall. We have made sure every query is protected from SQL injection attacks and made sure any file uploaded to the application is uploaded outside the root and can not be called from a URL. We think we have covered all the bases, here is a list of what the application will go through.
 

Input Validation

Buffer Overflow

Cross Site Scripting

URL Manipulation

SQL Injection

Hidden Variable Manipulation

Cookie Modification

Authentication Bypass

Code Execution
 

Now some of these are basic security 101, and ColdFusion has lots of tools to address the attacks. Has anyone ever gone through this? If so what type of things were found? Can anyone give me any suggestion of things to check?

Posted: Aug 17, 2010 at 9:07:PM by John Ramon | [3] Comments | Print | Views: 1294

Aug
13
Connecting to SQL Server 2008 from OS X
Posted in ColdFusion, SQL, Servers

If your one of the cools kids and have a Mac (sorry windows guys) and you need to connect your development environment to a MSSQL server it's really easy. There are lots of guides out there on connecting ColdFusion to MSSQL but if your connecting from OS X server to Windows server there are 2 settings you need to check.

First once you log in to your development server under Object Explorer right click on the server name and click Properties. Under Security make sure "SQL Server and Windows authentication mode" is checked. Next click Connections and make sure "Allow remote connections to this server". If you setup you users and DB correctly you should be able to connect.

Two times this year I have wiped windows box and 2 times I wasted hours connecting to MSSQL from my iMac. I'm going to be adding more tips to help me and anyone else in the future.

Posted: Aug 13, 2010 at 1:54:PM by John Ramon | [0] Comments | Print | Views: 842
Aug
12
CF Builder extension break out of XML mode
Posted in ColdFusion, CF Community, ColdFusion Builder

Anyone know a better way to break out of XML mode so HTML can run in a ColdFusion Builder Extension.

code


cgi.http_host and server_name don't always work for what I need. My test app runs great on my Mac but fails if I install on my Windows box. Any suggestions would be great.

Posted: Aug 12, 2010 at 3:21:PM by John Ramon | [3] Comments | Print | Views: 728
Aug
10
Cached errors using CFQueryParam
Posted in ColdFusion, SQL

I was working on a project today and ran into this error

[Macromedia][SQLServer JDBC Driver]Value can not be converted to requested type

I did a quick search found a lot of theories on why and how it was caused. So it turns out it's a caching error, by default ColdFusion data sources pool 1000 statements, but how to fix. Almost all suggested restarting CF, which I cannot do, change the dsn name open page to error and then change back, or my favorite: "When in doubt kick it in the guts (restart JRUN)". They all work but not the best way to handle the error.

Easiest and best way to get rid of this error is to log in to CF Admin, click Data Sources, find your data source and click it then click Show Advanced Settings. Update "Max Pooled Statements" to zero, click submit, then run page. Now you can change it back. This removes the cached SQL select statements with out resetting connections to users.

Posted: Aug 10, 2010 at 10:25:AM by John Ramon | [2] Comments | Print | Views: 548
Aug
05
httpdocs is missing!!!
Posted in ColdFusion

Time: 10:58 PM, person calling: boss...

John httpdocs is missing on abc's website!!!

Anyone ever get a call like that? Everything turned out OK, still looking into what happen. If I smoked I'd be smoking now, lol.

Posted: Aug 05, 2010 at 11:12:PM by John Ramon | [0] Comments | Print | Views: 796
Apr
23
ColdFusion Job in Salem, Oregon
Posted in ColdFusion
There is a ColdFusion/ColdBox job opening in Salem, Oregon.  If anyone is interested please contact me and I will give you the info.
Posted: Apr 23, 2010 at 8:20:PM by John Ramon | [0] Comments | Print | Views: 944
Oct
30
New toy from the boss!!!
Posted in General, ColdFusion, Macbook Pro

I got a nice surprise this week, my boss bought me a new 15 inch Macbook Pro. It's been several years since I've developed on a Mac and being back on one for the past 2 days I wonder how I did it.

I must say Macs have come a long way since I had one, but the over all feel is still the same. Clean, simple, and powerful, oh and the pad short cuts rock. I'm still working on getting my development environment setup for developing ColdFusion applications. So if any one has any suggestions on must have apps pay or free I just shouldn't develop with out, please post a comment and let me know.

P.S. Thanks Boss!!!

Posted: Oct 30, 2009 at 10:26:PM by John Ramon | [12] Comments | Print | Views: 4284
Oct
20
CFUnited 2010 call for speakers
Posted in General, ColdFusion, CFUnited, jQuery

So it's still early but you can now submit topics. I'm racking my brain trying to figure out a topic, something new, but I have no clue =/. If anyone wants to suggest some ideas that would rock.

Any way here is the link have fun...

Posted: Oct 20, 2009 at 8:07:PM by John Ramon | [0] Comments | Print | Views: 1561
Aug
13
CFUnited day 2.
Posted in ColdFusion, CFUnited

So far this has been a great conference. I've seen some great sessions that have gotten the creative juices flowing, plus I got to see my co-worker for the second time since I've been with my company. I wanna thank all the presenters I have seen so far. I wanted to add more blog posts but there is just so much going on and I know a lot of my fellow CF developers are posting detailed blog posts already.

I'm in my last session before dinner and the Adobe Pool Party.

Posted: Aug 13, 2009 at 3:02:PM by John Ramon | [0] Comments | Print | Views: 2138
Aug
12
jQuery Session at CFUnited
Posted in ColdFusion, CFUnited, jQuery

I went to two sessions on jQuery. The first one I saw was with Ray Camden. He went through all the basics and show some powerful stuff on what it can do. I started looking into it a few months ago but with my work load and not having a project to use it on it took a back burner.

Funny thing is the day before I left for CFUnited my "boss" asked me to look at something a client sent. After a few min of looking at what they sent we both thought this was the best time to get into jQuery.

Right now I'm in  Scott Stroz's session on CF and jQuery Perfect Together. He's talking about how CF works so well with jQuery.

Posted: Aug 12, 2009 at 2:27:PM by John Ramon | [0] Comments | Print | Views: 2841
Older Entries »

Latest via Twitter

Find me on: Twitter - Facebook


Categories

Recent Comments

John Ramon
Posted: Aug 18, 2010
Yep all user inputs are filtered for meta characters, and files are uploaded outside of root. I never thought I would learn so much about hacking... read »
Dominic Watson
Posted: Aug 18, 2010
Wow, my spelling blows!... read »
Dominic Watson
Posted: Aug 18, 2010
Perhaps you've covered this under XSS, but if you haven't, have a look at CSRF attacks (prounounced 'sea surf'). The famouse MySpace worm was one... read »
Ben Nadel
Posted: Aug 17, 2010
I am glad you got it working then :) Sharing is awesome.... read »
John Ramon
Posted: Aug 16, 2010
Thanks Ben, it works great on my Mac. If I didn't think the community could use I wouldn't worry about it, but you know me I like to share. =)... read »

Links