ColdFusion Muse

MS Throws a Curve: IE 8 and the New Security Message

Mark Kruger April 19, 2010 10:00 PM Coldfusion Tips and Techniques Comments (3)

You have probably seen the special security warning that appears when a page has "a mix" of secure and not secure resources. I recently ran into a usability issue with regard to this message that I thought deserved a quick post on the Muse. Let's start with an example:

Read More
  • Share:

Another SQLi Attack: Urchin.js

Mark Kruger April 16, 2010 2:11 PM ColdFusion, Coldfusion Security Comments (5)

I spent yesterday cleaning and inoculating another server infected with SQL Injection. Unless you have been living in a cave you know that SQL injection (SQLi) is the most common vulnerability of web based application. This is due to 2 factors - 1) almost all databases use numeric fields and B) web applications by nature pass user input into queries. Of course I could throw in there that web developers are often lax about inoculating their code. There is also the problem of legacy code - code that has been around since the dark ages of the late 90's. Of course SQLi has been around that long as well, but it is surprising how much legacy code chugs along for a decade or more with no problem in spite of the vulnerability.

Anyway, here's the skinny on the latest attack I found. It uses our old friend "Cast" in conjunction with the char() function of MS SQL. Note, this is not a new attack on the web - it's only new to me in that I've never battled this particular attack before.

Read More
  • Share:

Troubleshooting and Optimizing Solr on ColdFusion 9

Mark Kruger April 4, 2010 8:53 PM Coldfusion Troubleshooting Comments (6)

I had an interesting troubleshooting session recently with a customer. This customer had a very high powered server - SAS drives, 16 gigs of RAM, 64 bit throughout, Coldfusion 9 and an 8 gig Java Heap. The site had 70 or 80 search collections and they had switched to CF9 specifically to get beyond the limitations of Verity. Everything was performing well when suddenly the search service stopped responding to requests and simply started throwing "collection not found" errors. Coldfusion seemed fine and dandy. It continued to be responsive and it had no hanging threads. It was as if the search service had lost it's handles to the various collections. Restarting Solr solved the issue, but why was Solr locking up?

Read More
  • Share:
Google Search
Google
Subscribe
Enter your email address to subscribe to this blog.
Recent Comments
  • Remembering Wil Genovese
    Mary Jo said: Wil's presence here will be sorely missed. We became good friends over the years and I will miss our... [More]
  • Remembering Wil Genovese
    charlie arehart said: Very sad news, and a real loss for the CF community which was blessed with so much of his knowledge ... [More]
  • Remembering Wil Genovese
    Mark A Kruger said: @Mike, Ha - yes! He was always a hoot at staff meetings. :) To be clear to the rest of the world ... [More]
  • Remembering Wil Genovese
    Mike Letson said: On several occasions, Will led me through deep technical waters that enabled me to serve my clients ... [More]
  • Remembering Wil Genovese
    Russ said: Rest in Peace man, my condolences to the family. Cancer seems to kill so many people now. :-( Both ... [More]
Archives By Subject
Twitter
    Facebook
    Aggregators


    Subscribe in NewsGator Online

    Add to Google
    RSS