Following are the slides of a presentation I gave yesterday at Penn State in which I share my philosophy and approach to managing collaborative Web environments:
This presentation also is published at http://docs.google.com/present/view?id=ddjp8wn9_1389hk6r9md3.
Following are the slides from the presentation I gave today at the Penn State Web Developers Forum on handling content for Web 2.0:
This presentation is also published at docs.google.com/present/view?id=ddjp8wn9_1271dnxfh2cg.
As of this writing, a particularly virulent SQL injection spider attack is largely targeting sites running ColdFusion.
Here’s how the attack appears in server logs:
The code creates a cursor of all the user tables and all the character columns in the database. It then appends a string to each of the columns, making an ungodly mess.
Mark Kruger’s post goes into a great deal of helpful detail about how this spider operates. If you do a Google search on this attack, you will quickly get a feeling for how widespread this is.
If your site is getting hammered, and you need to buy time while you fix vulnerable code, there are scripts such as this one posted in ColdFusion Developer’s Journal on August 8, 2008, which can be modified to thwart this most recent attack thus.
Be aware that this only buys time. The most effective course is to make sure your queries are protected with cfqueryparam. Ben Forta’s primer on cfqueryparam provides a very good start on protecting code from SQL injection scripts. While you’re fixing your queries, don’t forget the ORDER BY clause, another frequently overlooked vulnerability.
It can be time consuming checking all your queries if you have a large amount of ColdFusion code to wade through, not to mention nerve-racking if you are doing so while the attacks are rolling in. Fortunately there are tools such as QueryParam Scanner that will peruse your code and return a list of any unprotected queries. Unzip this application and place it in a directory in the Web root of your development server. Go to the application in a Web browser, follow its directions, and you will quickly have a report of any vulnerable queries.
What does it take to be successful on the Web? The answer to that is simple and yet not so simple: Provide relevant information. Make it easy to discover… >>> Read the rest of this guest article on Dr. Terry Etherton’s blog at
blogs.das.psu.edu/tetherton.
The following presentation, “Migrating Your Site to Plone” was given at the Penn State Web Conference on June 9, 2008. You may view a screencast of the presentation slides accompanied by audio of the speakers, or just listen to the audio.
Frequently, potential adopters of Plone at universities tell me that they have a difficult time convincing administration within their organizations that Plone — or any open-source content management system, for that matter — is worth the investment of time and effort. Or in the case of Penn State’s WebLion services, any consulting fees that may be involved.
With that in mind, I’m sharing the following example proposal for adopting Plone at the university department level. If you are striving to convince your organization to adopt Plone, feel free to make use of any part of this material for your own justification.
Read the rest of this entry »
Aside from the usual reasons why it’s silly to duplicate static content from Web page to Web page, here is yet another: Read the rest of this entry »
Soliciting Web site user feedback. Posting online surveys. E-mailing listservs. Pulling together focus groups. Is this the long and the short of the plan for guaging the effectiveness of your Web site?
If so, you will be rewarded with a wide scattershot of commentary, much of which is neither accurate nor usable. Read the rest of this entry »
While usability testing lab software and equipment is great if you have it, screen-capture software can take you pretty far in recording usability test data and sharing it with others. Read the rest of this entry »
Following is an excellent article on configuring Ubuntu as a VMWare host:
