Show #54 - FREE CFBuilder, This, That, and the other thing
Apple , Security , Adobe , SOTR Add commentsIn today's show we talk about the more Apple / Adobe stuff. One of these days we will let this subject die. We talk about the release of the ColdFusion Lockdown Guide. We give our thougts on the changes comming for ColdFusion 9.01 that were released at SOTR. Dave talks about logging errors from load balanced servers. Then we go down this rabbit hole and talk about a bunch of other stuff.
Listen to the show to see how you can get a FREE copy of ColdFusion Builder.
We are still looking for sponsors for the show. If interested please contact us.
Tool of the Week:
No tool this week.
Show Topic Links:
ColdFusion 9 Lockdown Guide
http://www.adobe.com/products/coldfusion/whitepapers/pdf/91025512_cf9_lockdownguide_wp_ue.pdf
SOTR Day 1 Notes
http://misterdai.wordpress.com/2010/05/26/sotr2010-day-1-notes/
SOTR Day 2 Notes
http://misterdai.wordpress.com/2010/05/27/sotr2010-day-2-notes/
Time Warner and NBC Universal are telling Apple...
http://www.nypost.com/p/news/business/slap_for_apple_PZ065AMiQOkAEn3lVNOX9O
May 29, 2010 at 1:47 PM First time listening to your podcast!
May 29, 2010 at 2:53 PM @Ravi Thanks for listening.
May 31, 2010 at 12:44 AM Hi Dave,
Your buddy Pete Freitag shows how to get server host name via Java
http://www.petefreitag.com/item/97.cfm
This is useful when having multiple CF instances in a cluster.
Jun 1, 2010 at 5:58 PM You mentioned the the new HSQL stuff opens you up to attack. How? You can write queries with unbound params in both script and tag based versions. (cfqueryparam is supported in this new 901 thing) So it isn't any more safe/unsafe.
Jun 1, 2010 at 6:13 PM @ray What I was attempting to state is that ORM itself has a natural protection against sql injection. When you start writing HSQL you loose that protection. If you are writing HSQL inside cfquery you are now back to the same level protection with basic queries. If the programmer does not use cfqueryparam they are potentially exposed to injection. I did not mean to say, or insinuate, that HSQL inside cfquery is less secure.
Jun 1, 2010 at 6:25 PM I'm confused - are you saying HQL by itself is dangerous, or writing HQL in tags?
Jun 1, 2010 at 7:32 PM HQL, just like inline SQL is dangerous if written incorrectly. Regardless of where it is written.
Jun 1, 2010 at 7:54 PM Ok. THe impression I got - and I probably just mishead you, was that you were saying this _new_ type of writing HQL was dangerous.
So outside of that - while I agree with you - we kinda build our lifes on building web apps, and dynamic queries are a part of life. You will never get away from them - even with ORM. :)
Jun 3, 2010 at 8:12 AM Damn, I get behind in listening to this podcast and they then go a put links to posts on my blog. Better get my arse in gear and catch up on the ones I've missed ;)
Jun 3, 2010 at 8:42 AM @Dave, here's a Java way of finding out the server and instance name for error handling
http://www.sumoc.com/blog/index.cfm?mode=entry&entry=7B541DBA-5004-2066-B7BCF2D895B3EC4A
Jun 23, 2010 at 3:57 AM A military exercise, http://www.guccihandbagsoutlet.com/ gucci handbags outlet a shell from far away, and sent to check that the soldiers fell on farms, shells, TianZhongZheng http://www.guccihandbagsoutlet.com/ gucci outlet stand you, your tears brimming with dark clothes break ground say: stealing star cabbage with http://www.guccihandbagsoutlet.com/ gucci handbags shells are shot?