The Internet has become a scary and hostile place; can your Web applications
survive?
Although a lot of media attention has recently been paid to information
security, surprisingly little has been published regarding ColdFusion
security. Does this then mean that ColdFusion applications are immune to
security risks? The answer, unfortunately, is no. Attacks may actually be
easier to execute and much more prevalent than programmers would like to
believe. Knowing the security risks are there is half the battle.
This article is not meant to be a silver bullet or a complete reference, as
that could easily fill many volumes. I hope instead to give a thorough
overview of ColdFusion security coding practices - thorough enough that you
will know what types of things to take into consideration as you write your
applications. Making your applications secure is probably a lot e... (more)
Search functionality has become the status quo for all major Web sites. The
typical search box/button found on home pages across the Net is considered
the ultimate in user-friendly design: users type in what they're looking for
and the search engine finds it quickly and easily.
By applying the tips and tricks illustrated in this article, developers can
augment the Verity search engine that's packaged with ColdFusion to create a
more robust - and scalable - search engine. All it costs is a little time and
ingenuity.
ColdFusion Server comes packaged with the Verity search engine, a... (more)
Using CF structures to store data allows you to access individual records
without querying a database. Until now, successfully implementing a scalable,
high-volume site has entailed five basic principles:
1. Write tight, efficient code.
2. Use cached queries.
3. Set up a proper network architecture.
4. Use top-of-the-line hardware.
5. Implement a properly designed database.
This article suggests a new alternative to cached queries (principle #2): for
some sites, using ColdFusion structures to store database data may reduce the
bottlenecks caused by excessive database calls, thus impr... (more)
Bryan Murphy is the owner of GuardianLogic, Inc. (www.guardianlogic.com), an information security firm that provides application and network vulnerability assessments and hardening. He is also one of the authors of Metazoa (www.metazoa.ca), a security-enhanced content management system; Membrane, an application-level firewall; and MetaGuard, a CFC that provides role-based login, authentication, and access control. Bryan has been an ethical hacker since the old-school BBS days. Visit his blog at www.downgrade.org.
David Lucas
Shaul Efraim
Terence Martin Breslin
Cory Marchand
David Hughes
James Carlini
John Iffert
Dan Stolts
Joe Zeto
