This is the second of 3 podcasts on the subject of "the security pyramid". This one covers the topic of "internal network policy". All of the material covered in the podcasts is also covered in the 5 posts listed below, although the podcasts often include items that are not in the posts. Thanks for listening!
Listen Here
This podcasts covers the first 2 sections of my recent series on the security pyramid, the introduction and the border patrol. The podcasts often include items that are not in the posts. Thanks for listening!
Listen Here
Is your site vulnerable to SQL Injection Attack? How about Cross Site Scripting? Are you even sure you know enough about those 2 vulnerabiities to protect against them?
This post is a continuation of a 5 part series on security called "The Application Security Pyramid". The introduction introduced a new metaphor for dealing with security that loosely mimics Maslow's heirarchy of self-actualization. In Part I I discussed the importance of "border patrol" technology to safeguard your network. In part II I discussed internal Policing and People Policy. In Part III I discussed the importance of managing the security framework of your actual application and how it relates to it's specific environment. In this, our final post in the series, we will discuss securing your application code itself.
This post is a continuation of a 5 part series on security called "The Application Security Pyramid". The introduction introduced a new metaphor for dealing with security that loosely mimics Maslow's heirarchy of self-actualization. In Part I I discussed the importance of "border patrol" technology to safeguard your network. In part II I discussed internal Policing and People Policy. In this post we will deal with the importance of maintinaing a secure "environment" for your application.
In my previous post on the topic of integrating MQSeries with Coldfusion MX I included some sample code for sending and retrieving messages to "put" and "get" queues using an MQManager object. This post has a correction and addition to that original sample code.
Read More
Multi-server Installation have some distinct advantages. Process isolation is the one that makes the most sense to me. Many, maybe most servers house more than 1 web site. Even Intranet servers seem to have more than 1 site configured. A "single site" server is pretty rare - at least outside of a cluster. Having a way to isolate 1 site from another on the server itself is an ideal way of keeping bad code or database connections on one site from dragging down another. It's not for everyone. It certainly adds another layer of complexity to your server. Still, it's an excellent solution in some cases. Consider this scenario.
Read More
This post is a continuation of a 5 part series on security called "The Application Security Pyramid". The introduction introduced a new metaphor for dealing with security that loosely mimics Maslow's heirarchy of self-actualization. In Part I I discussed the importance of "border patrol" technology to safeguard your network. This post will deal with internal Policing and People Policy.
It's not enough to have effective border agents to feel safe. We also have to have effective policing inside our borders. After all, there are people here who are forced to work for the post office and they need watching. A system of policing and civil services keep us operating in safety and harmony with one another. This is the next two blocks on our pyramid - internal policing and people policy.
Here's a quick tip I learned today on CF-Talk about CFMAIL and whitespace. If you are using CFMAIL to send plain text mail but you set the "suprressWhitespace" attribute to YES it will strip out the whitspace and cause the mail to be sent without line breaks. To fix it, simply wrap your cfmail tag in a cfprocessingdirective tag, like this: