Blog

Well, I experienced my first layoff today. After working at my job for 4 1/2 years our company "changed tracks" under the direction of a new CIO and cut most of our programming team including me. It appears they want to shift over to .NET and outsource most everything to China.

JR asked a good question on my queryparam Scanner post. He noticed that I had stopped short of saying cfqueryparam would ALWAYS stop ALL SQL injection. He said, "Can you give an example of a SQL Injection attack which is not caught by cfqueryparam ?" I'm glad you asked JR.

This April, Peter Boughton put a little tool on RiaForge called QueryParam Scanner. It does what it says and that means you have no excuse not to batten down the hatches on that old code you've got swept under the rug. It also meant I didn't have any excuses either, so I gave it a run tonight.

My last post about my structparam function had me thinking about what tag stuff you can't do in CFScript without writing some sort of wrapper function. I know from the CFUnited keynotes Adobe has some kick butt CFScript stuff up their sleeve. I know this is probably a can of worms, but what's the chance they would go all out and give us a CFScript equivalent for just about everything from sending mail to cfquery?

Some time ago while working in cfscript I had the need to cfparam a bunch of variables. I was building an XML document out of form fields and a number of the fields wouldn't always exist. At first I made a simple UDF to encapsulate a cfparam tag, but it this code was inside of a loop that beat it over and over again before it was finished and performance just wasn't cutting it. The culprit as it seemed was scope hunting.

Many of the low-level technicalities of our life go on right under our nose without us really understanding their inner workings. You drive your car everyday, but do you understand how an internal combustion engine works? You keep your milk cold in the fridge, but do you grasp the physics of why Freon absorbs energy when it becomes a gas? As a mere user, deep understanding of the things you use is generally not necessary, but if you build or maintain one of these systems you had better know what goes on under the hood.

Well, it's been so long since I've been to the movies I seriously can't remember the last one I saw in a theatre. My 2 1/2 year old daughter loves movies but has never actually been in a theatre before. My wife-- well, she just wanted to get out of the house. That being as it was, we headed out last night to take a gander at the new Pixar flick, WALL-E.

Hear Ye, Hear Ye! I hereby declare Friday, July 25th as the first ever International Operation cf_SQLprotect. In response to the massive amount of SQL injection attacks in the past few weeks I want the ColdFusion community to be doing our darndest to keep our applications safe from harm. This Friday, I want everyone who has a site big or small, well known or obscure, to join the world and scan their code base for vulnerable queries and fix them.

Research shows that driving while extremely tired renders the same results as driving drunk. Following that same line of though, is coding while sleep deprived the same as writing your code in a drunken stupor?

For those of you that like to be as grammatically correct as possible, read through this guide to common grammar blunders. I enjoyed it. Franklin's Grammar Cheat Sheet