My recent experiences with several hacking attacks has made me think more about application and data security on the web. In today’s world nothing can be taken for granted and security should be of the highest concern, no mater how simple you think your application or trivial the data you store. Many web applications are [...]
Tag Archives: ColdFusion
Web data security paranoia
Posted in ColdFusion, Databases, PHP, Security Also tagged database, encryption, Security, SQL Server 1 Comment
Preventing SQL Injection attacks in ColdFusion
This is an article I came across on Ben Forta’s blog. This gives some very good tips on preventing SQL injection attacks and provides some excellent best practices. http://www.adobe.com/devnet/coldfusion/articles/sql_injection.html When I took up my current position we had to do a vulnerability scan to become PCI compliant and well we originally failed horribly. After much [...]
Character encoding issue with XML file
Scenario: An xml file is read using CFHTTP from a remote web service. The xml string is converted to an xml object using the XmlParse function. Xpath and XmlSearch are used to extract data from the object. Data is then inserted into a database. Problem: All punctuation marks are replaced by non readable characters [...]
Connection Failure using CFHTTP
Scenario: Attempting to download and parse an XML feed using CFHTTP Get request. The url is not SSL enabled and uses IIS. Problem: A StatusCode of 200 OK is returned but the FileContents returns Connection Failure. Analysis: The header response contains the following header: IISExport: This web site was exported using IIS Export [...]
MySQL 5 timestamp error in ColdFusion 8
Scenario: Query grabs user data from MySQL 5 database using the built in MySQL 4/5 driver in ColdFusion 8 on a Windows 2003 Server. Problem: Cannot convert value ’0000-00-00 00:00:00′ from column 10 to TIMESTAMP error returned on execution. Analysis: After a quick search on Google, it appears that the default behaviour for [...]
