That's really awesome, Dean and Jeremy. Thanks for the efforts and the contribution. It would also seem useful for folks seeking another demo of MG code. I've not yet installed your app, but I do agree that sample code can be valuable: yet, as you note, much of the sample code out there isn't necessarily good practice. I'll have more on that in a moment.
/charlie -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean H. Saxe Sent: Saturday, June 17, 2006 11:39 PM To: [email protected] Subject: RE: [ACFUG Discuss] Learning Cold Fusion By the way, if you haven't seen it yet I have a little advice on how *not* to write code. The company I work for, Foundstone (A division of McAfee), has just release HacmeShipping. The tool was written by me, along with some support from Jeremy Allen. It shows how *not* to write CFMX 7 code under Model-Glue, though mostly from the perspective of security concerns with CFML. You can download the code from http://www.foundstone.com/resources/s3i_tools.htm along with installation instructions and an white paper, written by Jeremy, showing how various web application attacks work against the application. For some real fun, download HacmeBooks (J2EE) and HacmeBank (.Net) to see how the three work together using web services and how all of them can be attacked using similar paradigms. For someone learning CFML, this is a good tool to show you what you shouldn't be doing from a security perspective. Hopefully everyone learns something from my "mistakes"! -dhs ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
