The ColdFusion tag CFDBInfo was introduced in ColdFusion 8. I finally got around to playing with it and thought someone other than me might find this useful. I was thinking of using it for creating a dynamic SQL dump for some of my projects I'm currently writting, and thought I should share it with the world.

There are a ton of uses for this excellent CF Tag, and I've included a few samples below.

Read more...

Guess what, Using CFPARAM in your ColdFusion code, may not always save you from SQL Injection.

"How?", you may ask. Let me give you an example of an SQL injection attack that's not caught by cfqueryparam.

SQL injection can occur any time cautions are not taken to completely separate your SQL code from its parameters and the parameters being passed in are allowed to flow into the SQL statement itself. SQL injection can also occur when building the SQL statement's table and column names dynamically.

Read more...

Most web applications interact with a database, and the data stored therein frequently originates from remote sources. Thus, when creating an SQL statement, you often use input in its construction. A typical SQL injection attack exploits this scenario by attempting to send fragments of valid SQL queries as unexpected values of GET and POST data. This is why an SQL injection vulnerability is often the fault of poor filtering and escaping, and this fact cannot be stressed enough.

I'm going to explains SQL injection by looking at a few example attacks and then introducing some simple and effective safeguards. By applying best practices, you can practically eliminate SQL injection from your list of security concerns.

Preventing SQL Injection in PHP & Coldfusion

Read more...

Here's the situation. A user is viewing a report online. The business owner of the application decided to provide a nice PDF format of the data, all the user needs to do is click a button, perhaps named "print". The CF server generates the PDF, hands it off to the browser through either CFLOCATION or CFCONTENT. So now the user has the PDF loaded in a secondary window and have to go hunt for the print button again. But fear not, dear user! We'll save you by judicious use of XML, Javascript, and ColdFusion.

Read more...

I was trying to configure my web server and coldfusion servers on seperate machines.

My IIS server was setup to pull source from d:\\webroot. I copied the wsconfig.exe tool and its INI file from my coldfusion server root\\bin folder and ran it on my web server too hook them together.

Read more...