8 Oct, 2009  |  Written by  |  under ColdFusion

I’ve got a client with a large number of SVG images of products.  The format works really well in a lot of ways, because the images are scalable and look great at any resolution. As usual, Internet Explorer is a thorn in our sides.  Today, it’s because IE doesn’t support PNG. Sheesh.

Continue Reading ->

29 Aug, 2008  |  Written by  |  under ColdFusion

This has been an issue for a long time, but the past few weeks, we’ve started to see some automated attacks against ColdFusion sites trying to inject rogue SQL via forms and other parameters.  Ugh.  I’ve been working with a great piece of code called Portcullis, but it has a few rough edges that make it hard to deploy.  Here’s my application.cfm, in case it’s useful for anybody else fighting this:

<cftry>
	<cfif isdefined("application.Portcullis") eq false or isdefined("url.reset")>
	<cfset application.Portcullis = createObject("component","com.fusionlink.Portcullis").init()/>
	</cfif>

	<cfset application.Portcullis.scan(url,"url",cgi.remote_addr)>
	<cfset application.Portcullis.scan(form,"form",cgi.remote_addr)>
	<cfset application.Portcullis.scan(cookie,"cookie",cgi.remote_addr)>

	<cfif application.Portcullis.isBlocked(cgi.remote_addr) eq true>
	 Sorry, there was an error detected.
	 <cfmail from="you@you.com"
	  to="you@you.com"
	  subject="SEI Portcullis: User Blocked" type="html">
	  <cfdump var="#cgi#"/>
	 </cfmail>
	 <cfabort/>
	</cfif>

	<cfcatch type="any">
	 <cfmail from="you@you.com"
	  to="you@you.com"
	  subject="SEI Portcullis Threw Exception" type="html">
<a href="http://#CGI.SERVER_NAME##CGI.SCRIPT_NAME#?#CGI.QUERY_STRING#">Page URL</a>
#cfcatch.message#
	detail: #cfcatch.Detail# <br />
	<cfif IsDefined("cfcatch.SQLState")>
	sqlstate: #cfcatch.SQLState# <br />
	</cfif>
	type: #cfcatch.type# <br />
	  <cfdump var="#cgi#"/>
	 </cfmail>
	</cfcatch>
</cftry>