Skip to main content


Showing posts from 2008

protect your coldfusion site against sql injection attacks

As of this writing, a particularly virulent SQL injection spider attack is largely targeting sites running ColdFusion. Here's how the attack appears in server logs: The code creates a cursor of all the user tables and all the character columns in the database. It then appends a string to each of the columns, making an ungodly mess. Mark Kruger's post goes into a great deal of helpful detail about how this spider operates . If you do a Google search on this attack, you will quickly get a feeling for how widespread this is. If your site is getting hammered, and you need to buy time while you fix vulnerable code, there are scripts such as this one posted in ColdFusion Developer's Journal on August 8, 2008, which can be modified to thwart this most recent attack thus . Be aware that this only buys time. The most effective course is to make sure your queries are protected with cfqueryparam . Ben Forta's primer on cfqueryparam provides a very good start on prote

how content delegation and web-standards compliancy are reflected in your site stats

What does it take to be successful on the Web? The answer to that is simple and yet not so simple: Provide relevant information. Make it easy to discover... >>> Read the rest of this guest article on Dr. Terry Etherton's blog at .

migrating your site to plone

The following presentation, "Migrating Your Site to Plone" was given at the Penn State Web Conference on June 9, 2008. You may view a screencast of the presentation slides accompanied by audio of the speakers, or just listen to the audio. ::: view the slides p la y the screencast listen to the podcast s ubscribe

an example proposal for adopting plone

Frequently, potential adopters of Plone at universities tell me that they have a difficult time convincing administration within their organizations that Plone -- or any open-source content management system, for that matter -- is worth the investment of time and effort. Or in the case of Penn State's WebLion services , any consulting fees that may be involved. This proposal is loosely based on what I wrote for my own shop. However, I am fortunate to work in a highly clueful department . Making the case for adopting an open-source enterprise-level content management system was not an arduous task. With that in mind, I'm sharing the following example proposal for adopting Plone at the university department level. If you are striving to convince your organization to adopt Plone, feel free to make use of any part of this material for your own justification. In this example, the department currently maintains a home-grown content management system based on proprietary tools

replicate, replicate, replicate

Aside from the usual reasons why it's silly to duplicate static content from Web page to Web page, here is yet another: If your Web site has content copied and pasted from one page to another, it is very likely that Google is filtering out some or all of the involved Web pages from search results. The reason: The Google search engine does its best to optimize user experience by returning unique content. Because no one wants search results listing page after page of the same stuff. always crashing in the same car: recurring mistakes and misuses of the web Higher Education and other organizational Web sites tend to needlessly replicate content. This happens perhaps most frequently when information is repurposed as marketing material. The same content ends up appearing at its original source as well as at one or two marketing pages. Unfortunately, if this marketing material resides above the core content in the site hierarchy - and it usually does - it can end up replacing the core

the user feedback myth

Soliciting Web site user feedback. Posting online surveys. E-mailing listservs. Pulling together focus groups. Is this the long and the short of the plan for guaging the effectiveness of your Web site? If so, you will be rewarded with a wide scattershot of commentary, much of which is neither accurate nor usable. always crashing in the same car: recurring mistakes and misuses of the web In fact, implementing this ilk of "user feedback" can be detrimental to your site's health. Think about it. If you were overseeing the construction a classroom building, would you conduct focus groups and surveys to determine what materials should be used, where the doors and stairways should go, how strong the load-bearing walls should be? No? You would rely on qualified architects? Then why on earth would you open the door for individuals who have no understanding of how the Web works to step in and have a direct hand in your site design? When this type of free-form user feedback enters