My biggest pet peeve:
CFQueries inline in a CF template. I'm not a stickler for complete object
oriented or you have to do things exactly a particular way...that being said,
I have two reasons why I like to see cfqueries or cfstoredproc calls in a cfc
or a cfm template that can be called as a
(looking forward to being told how wrong I am here and being raked
over the community coals for my heresy.)
Something that is clear from this thread - the needs of some types of
apps are different than others. Size and business does dictate coding.
For someone at UPS or another large
one of my favs
http://www.cubicleman.com/2005/05/23/best-waste-of-code/
Use the API Luke! Why I usually live in livedocs.adobe.com
DK
Douglas Knudsen
douglasknud...@gmail.com
On Jan 4, 2010, at 3:23 PM, Cameron Childress wrote:
Since the topic of the next ACFUG meeting is how NOT to code
I'll make a short reply to Derrick's post as my posts usually seem to end up
in the bit bucket.
I like commenting, and CFC's, and I feel strongly about defining what the
objects are in the application and THEN building the DB and components. I
vote for MVC every chance I get, but
Code is
I agree that the amount of concurrent users and traffic do determine how
much preparation, planning, and code design is necessary. We can definitely
run into scope creep or analysis paralysis over a simple problem.
Remember that peeve is a subjective and personal condition. It does not
mean
I can remember something anal and small that irks me.
I am a big fan of closing tags and scoping variable. I think it looks more
neat and adheres to an XHTML type mind set.
Example:
cfset foo = 1
This would ping my OCD part of brain and want to reach out and do:
cfset variables.foo = 1 /
I
Hi,
I have heard of http://www.coresecurity.com/ who do security testing for web
applications etc. Does anyone know of this company or any similar companies
who do security/penetration tests for web applications. Needless to say, our
applications are CF based.
Is there anything to worry about or
I spent the past 5 years doing pen testing for a living and there are
many, many companies out there performing this service. You get what
you pay for! So ask yourself this question: What do I want to know
from a test? Do you want to know what can be found by a machine
running automated scans,
Thanks Dean. As always, your input is much appreciated. :-)
Ajas Mohammed /
http://ajashadi.blogspot.com
We cannot become what we need to be, remaining what we are.
No matter what, find a way. Because thats what winners do.
You can't improve what you don't measure.
Quality is never an accident;
A WAF won't by itself help you pass PCI. That said, mod_security and the F5
ASM are good products.
-dhs
--
Dean H. Saxe
A true conservationist is a person who knows that the world is not given by
his fathers, but borrowed from his children. -- John James Audubon
On Jan 5, 2010, at 6:58
Thanks Dean. Yes, I have done much with firewalls and server modifications
(such as disabling SSLv2 and weak ciphers) and even web application and
database vulnerability defenses. I've been able to pass all PCI Compliance
scans for several hosted shopping carts but needed to address the WAP
11 matches
Mail list logo