What's New in CF8 presented by R. Kumar
This becomes a long list list very nice improvements and additions. I can display a complete list in this space. Most of this has been presented by Ben Forta or others in previous presentations.
* You may now loop over an array or text file
* Interfaces are added to cfcs. Use the
* 20x performance improvement in cfc
* CFC can be duplicated. Creates a deep copy of component.
* OnMissingMethod callback to component.
* OnMissingTemplate (URI)
* Per Application Settings by mappings, custom tag paths
* Multi-Threading programming, new threads run asynchronous to the page, you spawn multiple threads. Pass data in thread-safe way as attribute (attribute scope)
* Inter-Thread Communication
* File I/O using
*DB related enhancements include auto-generated key retrieval,
*
*
* CFObject/CreateObject also supports .NET classes
*
* Secure FTP support
* File of any size may be uploaded.
* Performance improvements: cfc creation- 20x
* XXS + SQL injections is number one vulnerability
* Unchecked input is the number cause i.e. invalid email
* Server-side validation is best
* Uploading files can be very dangerous. Use "accept" attribute. This doesn't work!
* Upload to a directory outside of the web root. Always check the File Extension (cffile.serverFileExt. Check File Names as well.
* What's so bad about XSS? Stealing Cookies, Phishing.
*XMLFormat and HTMLEditFormat don't always work.
* Enable ScriptProtect(doesn't always work).
* Make Your own function. Escape: <> ' " () ; #
* Enforce Maximum String Length
* SQL injection. /news.cfm?id=8;DELETE+FROM+news
*Prevention that works is
* Use in WHERE, SELECT, UPDATE, INSERT, DELETE
* Cross Site Request Forgery. How "samy", a MySpace user got 1M friends in 24 hours. *Whenever a MySpace user visited his profile, it executed a script.
No comments:
Post a Comment