Category Archives: ColdFusion

CFPOP and SSL

By Donnie Bachan | Published: April 7, 2009
One of the reasons I love Adobe’s ColdFusion so much is the fact that it is built on a Java engine and you are able to use a lot of the powerful features of Java from CF. I however don’t get to use this feature often enough, mainly because most of the things I work [...]
Also posted in Java, Programming | Tagged , , , | Leave a comment

PayPal Annoyances

By Donnie Bachan | Published: March 16, 2009
This is a trivial post but Paypal integration has been a headache over the past few years which the manuals having incorrect information, differences between the UK and US apis and hugely unhelpful error codes. Things have gotten a bit better in recent times but still not as good as it should be given the [...]
Also posted in General | Tagged | Leave a comment

Setting secure attribute of JSESSIONID cookie in ColdFusion 8

By Donnie Bachan | Published: February 24, 2009
As part of PCI compliance our servers were run through third party security auditing and one warning we received was “Missing Secure Attribute in an Encrypted Session (SSL) Cookie”. This warning referred to the JSESSIONID cookie being set in our SSL enabled pages not having the SECURE attribute set. In ColdFusion there is no way [...]
Also posted in Security | Tagged , , , | Leave a comment

Web data security paranoia

By Donnie Bachan | Published: February 23, 2009
My recent experiences with several hacking attacks has made me think more about application and data security on the web. In today’s world nothing can be taken for granted and security should be of the highest concern, no mater how simple you think your application or trivial the data you store. Many web applications are [...]
Also posted in Databases, PHP, Security | Tagged , , , , | 1 Comment

Preventing SQL Injection attacks in ColdFusion

By Donnie Bachan | Published: February 17, 2009
This is an article I came across on Ben Forta’s blog. This gives some very good tips on preventing SQL  injection attacks and provides some excellent best practices.  http://www.adobe.com/devnet/coldfusion/articles/sql_injection.html When I took up my current position we had to do a vulnerability scan to become PCI compliant and well we originally failed horribly. After much work we [...]
Also posted in Databases, Programming, Security | Tagged , | 1 Comment

  • Subscribe to my feed Subscriber via Email Follow Me on Twitter! Check me out on Facebook! Check me out on LinkedIn!