Latest Blog Entries
Generate 6 Digit Security Codes in Java or CFML
— Shows how to use java SecureRandom to generate a six digit security code.
ColdFusion Developer Week 2025 Slides and Video
— Slides and video links for my presentation at ColdFusion Developer Week 2025
Potential gotcha with searchImplicitScopes and cfparam
— Be careful when using cfparam to deal with searchImplicitScopes.
Simple Load Testing with curl
— How to use curl for a simple HTTP load test.
Fixinator 6.1.0 - Detecting Undefined Remote Arguments
— The release of Fixinator 6.1.0 and its features.
The CWE 25 and ColdFusion - CFSummit East 2025 Slides
— Slides for my talk at the 2025 Adobe ColdFusion Summit East Conference in Washington DC
Understanding and Checking for Tomcat CVE-2025-24813
— Writes are disabled by default in Tomcat's DefaultServlet, here's how to check your server.
Java 21: Could not find agent library instrument on the library path
— Debugging the error: Could not find agent library instrument on the library path
Fixinator Version 6 Released
— Version 6 of Fixinator a CFML code scanning tool has been released.
ColdFusion 2025 Breaking Changes Explained
— List of breaking changes in CF2025 and how to use Fixinator to spot them.
Fixinator's New Compatibility Scanner
— Fixinator's New Compatibility Scanner: Upgrade to the latest ColdFusion version with confidence. Identify compatibility issues, deprecated features, and removed tags/functions.
ColdFusion Summit 2024 Slides: 20 ways to secure CF
— My slides and an outline of my CF Summit 2024 talk in Las Vegas
Latest ColdFusion Security Updates - July 2025
— A list of the latest ColdFusion Security Updates
Left and Right Accept Negative Counts
— You can pass a negative value into CFML left or right functions.
Fixinator fixes unscoped variables
— Fixinator now finds and fixes unscoped variables relating to searchImplicitScopes
ColdFusion searchImplicitScopes and APSB24-14
— Learn about the searchImplicitScopes change in APSB24-14.
Lucee RCE Vulnerabilities February 2024
— Lucee RCE vulnerabilities in February 2024, affecting remote code execution and client variables. How to fix isDefined calls, CF_CLIENT cookie values, and REST CFC requests.
DNS over HTTPS is not what I thought
— You might be surprised to see how DNS over HTTPS actually works.
Remove the Server Header in any IIS Version
— How to remove the Server header in any version of IIS.
Self Signed Certificates in Edge on Windows
— How to generate a self signed cert on windows with Powershell
Popular Entries
Here are some entries that have been popular over the years:
- Finding Duplicates with SQL
- Howto Create an RSS 2.0 Feed
- The 15 Most Useful Linux commands
- Parsing, Modifying, and outputting XML Documents with Java
- SELECT a random row with SQL
- What is the difference between ASCII Chr(10) and Chr(13)
- SQL Pagination with LIMIT and OFFSET
- 20 ways to Secure Apache Configuration
- How I cut AWS Lambda Java Cold Start Times in Half
- Returning TOP N Records
- Mastering ColdFusion's CFQUERYPARAM
- Java LTS Versions Explained with EOL Dates
- How to read a ColdFusion Stacktrace
- The newline cat mystery
You can find the full entry archive here.