Web Biz

I have been doing a lot of research and reading lately about web application security.  There are several great resources, products, and services out there that will enable you as a developer to be aware of the common attacks along with best practices to defend yourself from SQL, SSI, XPath, and LDAP injections, XSS (cross-site scripting) attacks, overflows, and format string vulnerabilities, session and cookie hijacking, carraige return line feed (CRLF) attacks, HTTP Response Splitting attacks, command execution, content spoofing, denial of service, and many more.

According to Jeremiah Grossman, WhiteHat security founder and CTO, somewhere between 70% and 90% of web applications have serious vulnerabilities.

If you haven’t heard yet, ColdFusion is dead or dying or whatever some ridiculous blogger feels like saying at the time… but I guess other web programming languages are facing the same "problem".

If you have installed the developer edition of ColdFusion on your local machine and chose to use the built-in web server you can change the port quite easily.

We use Blog.cfc to provide users and organizations on campus here at Hamilton College with an easy way to publish their own blog.  One of our users was having an interesting problem.  Even though he had several entries for his blog, because he had not posted anything in the last month, Blog.cfc was displaying:

[-]View Code COLDFUSION

1 2	Sorry There are no blog entries available.

I found this rather interesting.  If you want to create nested associative arrays in many languages you can easily embed one within another on the same line when declaring it.  Unfortunately, it appears this is not true of ColdFusion when using the { } bracket notation in CF8.

    With all the excitement of developing web applications for the iPhone, I thought I would list some valuable resources that might assist you in your development efforts.

I have been busy attempting to create a very large PDF with a Table of Contents using ColdFusion 8, which was not possible before.  Using the Document Description XML (DDX) language with the LiveCycle Assembler that is built into CF8 you are able to merge PDFs, extract data and content from PDFs, and more.

Looking to increase the speed and performance of your web site?  Well, the friendly folks at Yahoo! have some great tips and tools to help you build web sites with exceptional performance.

According to the author: Prototip allows you to easily create both simple and complex tooltips using the Prototype javascript framework.
If you also use Scriptaculous you can even add some nice effects to them.

If you are looking for a good intro to Ant, Todd Sharp has posted on his blog a nice little intro along with some examples and links to other Ant resources.