managing the collaborative web

October 20, 2009 at 2:00 pm · Filed under Web Standards

Following are the slides of a presentation I gave yesterday at Penn State in which I share my philosophy and approach to managing collaborative Web environments:

This presentation also is published at http://docs.google.com/present/view?id=ddjp8wn9_1389hk6r9md3.

write 2.0: managing content in a mashup world

October 20, 2009 at 1:58 pm · Filed under Web Standards

Following are the slides from the presentation I gave today at the Penn State Web Developers Forum on handling content for Web 2.0:

This presentation is also published at docs.google.com/present/view?id=ddjp8wn9_1271dnxfh2cg.

protect your coldfusion site against sql injection attacks

August 11, 2008 at 3:17 pm · Filed under Programming

As of this writing, a particularly virulent SQL injection spider attack is largely targeting sites running ColdFusion.

Here’s how the attack appears in server logs:

SQL Injection Code in Server Log

The code creates a cursor of all the user tables and all the character columns in the database. It then appends a string to each of the columns, making an ungodly mess.

Mark Kruger’s post goes into a great deal of helpful detail about how this spider operates. If you do a Google search on this attack, you will quickly get a feeling for how widespread this is.

If your site is getting hammered, and you need to buy time while you fix vulnerable code, there are scripts such as this one posted in ColdFusion Developer’s Journal on August 8, 2008, which can be modified to thwart this most recent attack thus.

Be aware that this only buys time. The most effective course is to make sure your queries are protected with cfqueryparam. Ben Forta’s primer on cfqueryparam provides a very good start on protecting code from SQL injection scripts. While you’re fixing your queries, don’t forget the ORDER BY clause, another frequently overlooked vulnerability.

It can be time consuming checking all your queries if you have a large amount of ColdFusion code to wade through, not to mention nerve-racking if you are doing so while the attacks are rolling in. Fortunately there are tools such as QueryParam Scanner that will peruse your code and return a list of any unprotected queries. Unzip this application and place it in a directory in the Web root of your development server. Go to the application in a Web browser, follow its directions, and you will quickly have a report of any vulnerable queries.

how content delegation and web-standards compliancy are reflected in your site stats

June 27, 2008 at 12:00 pm · Filed under Web Standards, Web Content Management, Usability

Screenshot of DAS Web siteWhat does it take to be successful on the Web? The answer to that is simple and yet not so simple: Provide relevant information. Make it easy to discover… >>> Read the rest of this guest article on Dr. Terry Etherton’s blog at
blogs.das.psu.edu/tetherton.

migrating your site to plone

June 17, 2008 at 2:05 pm · Filed under Web Content Management

The following presentation, “Migrating Your Site to Plone” was given at the Penn State Web Conference on June 9, 2008. You may view a screencast of the presentation slides accompanied by audio of the speakers, or just listen to the audio.

::: view the slides

Screencast play the screencast

Podcastlisten to the podcast

subscribe

an example proposal for adopting plone

May 30, 2008 at 2:35 pm · Filed under Web Content Management

This proposal is loosely based on what I wrote for my own shop. However, I am fortunate to work in a highly clueful department. Making the case for adopting an open-source enterprise-level content management system was not an arduous task.

Plone LogoFrequently, potential adopters of Plone at universities tell me that they have a difficult time convincing administration within their organizations that Plone — or any open-source content management system, for that matter — is worth the investment of time and effort. Or in the case of Penn State’s WebLion services, any consulting fees that may be involved.

With that in mind, I’m sharing the following example proposal for adopting Plone at the university department level. If you are striving to convince your organization to adopt Plone, feel free to make use of any part of this material for your own justification.
Read the rest of this entry »

replicate, replicate, replicate

February 19, 2008 at 2:35 pm · Filed under Web Standards, Web Content Management, Web Design, Usability, Always Crashing in the Same Car

Aside from the usual reasons why it’s silly to duplicate static content from Web page to Web page, here is yet another:

If your Web site has content copied and pasted from one page to another, it is very likely that Google is filtering out some or all of the involved Web pages from search results. The reason: The Google search engine does its best to optimize user experience by returning unique content. Because no one wants search results listing page after page of the same stuff. Read the rest of this entry »

the user feedback myth

January 5, 2008 at 12:26 pm · Filed under Web Standards, Web Design, Usability, Always Crashing in the Same Car

Soliciting Web site user feedback. Posting online surveys. E-mailing listservs. Pulling together focus groups. Is this the long and the short of the plan for guaging the effectiveness of your Web site?

If so, you will be rewarded with a wide scattershot of commentary, much of which is neither accurate nor usable. Read the rest of this entry »

capturing usability testing information using screen-capture software

October 12, 2007 at 3:04 pm · Filed under Web Standards, Usability

While usability testing lab software and equipment is great if you have it, screen-capture software can take you pretty far in recording usability test data and sharing it with others. Read the rest of this entry »

ubuntu and vmware

October 5, 2007 at 8:42 am · Filed under Linux

Following is an excellent article on configuring Ubuntu as a VMWare host:

« Previous entries ·