ColdFusion Security News Brief: January 14, 2007
by Ryan Hartwich
Last week, Adobe announced a ColdFusion security fix for Windows IIS machines, as well as two technotes for working with MS SQL Server Express 2005 on Vista and email attachment issues.
ColdFusion Security fix for Windows IIS
Adobe has released a ColdFusion 7 security fix, categorized as 'important', for an exploit that may allow specially crafted URLS to breach server security and allow directory listings. Luckily, this problem is limited to the IIS web server.
http://www.adobe.com/support/security/bulletins/apsb07-02.html
Two Important Technotes from Adobe
Making MS SQL Server Express 2005 Talk to ColdFusion on Vista
The first Technote gives helpful hints on how to configure Microsoft's SQL Server Express 2005 to work with ColdFusion. This shouldn't be an issue for most people since it focuses on problems with this relatively new, low-end version of SQL Server, and running on Vista (but not Windows 2003 or XP).
http://www.adobe.com/go/kb400255
Sending Long Email Attachments in Bulk
The second technote covers a hot fix for problems some people may be experiencing when sending a large number of emails (around 500) that contain attachments with long filenames.
http://www.adobe.com/go/kb400262
Keeping current with CF Hotfixes
Do you want a simple way to keep track of future ColdFusion security fixes? Steven Erat has released an extension on his blog for the ColdFusion 7 Administrator that checks Adobe's website for ColdFusion hot fixes. This should be useful to those who administer their own servers and want an easy way to find out about hot fixes. Unfortunately, it does not display technotes, just hot fixes.
Never Miss Another ColdFusion Hotfix (TalkingTree.com, January 11, 2007)
Migrating to 2.0.1 With ColdFusion Extensions
If you are a ColdFusion programmer who has expanded into using the Flex 2 framework and Flexbuilder 2, you may be using the ColdFusion Extensions. There is a slight tweak necessary to successfully upgrade your Flexbuilder 2 IDE to version 2.0.1 (released in the last week) to work with these extensions. The Flex development team has carefully explained the problem with compiling your code and what is necessary to work around the error. You can read more about their solution in the following blog:
http://weblogs.macromedia.com/flexteam/archives/2007/01/migrating_to_20.cfm
Latest ColdFusion Talk (CF-Talk)
- Need some fresh eyes on an application
- getting server name
- Windows 2008 r2 server(64 bit ) and Web services
- Calculate next Tuesday 3 weeks from date
- Is there an anchor in a URL String - SOLVED
- Moving to Apache
- Is there an anchor in a URL String
- New Coldfusion User Group in the DC Area
- mySQL data types - possible db bloat with text type? yes or no?
- Using ## vs not using ##
Latest ColdFusion Jobs (CF-Jobs)
- Coldfusion Developer - Los Angeles, CA
- Cold Fusion - Jacksonville, FL
- ColdFusion Developer Temp to Perm Benefits Navy Yard, VA Will Get TS/SCI
- Cleared DC ColdFusion Developer Temp to Perm Benefits
- Boston Sr ColdFusion Developer 1 year- perm FT Benefits vacation etc
- Senior Coldfusion Developer - POLITICO - Arlington, VA
- ColdFusion Web Developer - Iraq
- Software Engineer-Hunt Valley, MD
- Senior ColdFusion / Java / SQL Server Developer (FT with benefits)
- Coldfusion Developer with Coldbox assignment with State of Oregon
