Back in February I wrote a blog post on SQL Injection that included an example of how a malicious user might inject into a character field even though ColdFusion escapes single quote marks. The attack involved other forms of escaping single quotes - and was effective against MySQL. This week I stumbled upon (more like a train wreck) an attack that is much more sophisticated - and also involves injection into a character field. I am told that others have discovered and written on this attack over the last few weeks - but I was unaware of it until a customer of ours was victimized. Amazingly, the specific real world attack I discovered and fixed allowed the hacker to append a string to every char column in every table of the database. It was so pervasive it left me wondering if it was SQL injection at all - until I found a URL entry that looked something like this:

[More]

For the most part, migrating your ColdFusion site from Microsoft's SQL 2000 server to SQL 2005 is a snap. Import the databases from 2000 to 2005, re-point your data sources to the new instance using the ColdFusion Administrator and you are done. No muss, no fuss. There is very little query code that you will need to change. Sometimes you needn't change anything in your ColdFusion code at all. Here is one that I found recently however that you may run across - especially if you are a fan of UNION queries. Here's the skinny.

[More]

If you are like the muse you keep your eye on the log files in the /runtime/logs/ directory. There's some good information in there if you care to poke around. You might notice one item that appears in the *.events.log from time to time - usually in a long list of similar errors. It looks something like:

Those of you who follow the personal life of the muse know I have traveled for the last 12 or 13 years to the northern reaches of Minnesota to a resort (Cedar Rapids Lodge) on the shores of Medicine Lake. Medicine Lake is an under-fished haven for Walleye and Northern Pike. For many years now the lake has been under a DNR program that requires fisherman to return Pike that are longer than 22 inches and shorter than 32 inches back to the lake. The end result has been a significant growth in the size of the fish on the lake. These days it is pretty rare to go fishing for pike for more than an hour without hauling in a 28 or 30 incher.

This year the DNR raised the slot to between 26 and 36 inches because the size of the fish has become significantly larger. The fishing and the weather this year were spectacular. The lodge and cabins were in great shape, the wind was moderate and the evenings were cool. All in all I would rate this as one of the best weeks of Muse fishing ever. If you don't believe me just take a look at this 34 inch trophy that took my line last Friday.

[More]

Every time I make a blog post I'm always amazed at how 5 different readers can immediately post a comment showing me a better way to do something or adding additional information to my original post. I sometimes say to myself, "Muse... it's too bad that programmer doesn't work on your team". Well, here's your big chance.

It just so happens that CF Webtools is looking for an advanced Coldfusion programmer. CF Webtools has an outstanding group of projects using the latest technologies like Flex, Ajax, Farcry and the latest frameworks. CF Webtools does projects for major corporations like ACS, Lincoln Financial, National Equite and Sergeants Pet Care products. This could be your big chance to join us and work on a terrific team. We are located in beautiful Omaha, NE - the Best Kept Secret in the country and consistently ranked among the top 10 places to live in the U.S. We offer an excellent salary, a great place to live, and exciting work. Our benefits include health insurance, life insurance, optional disability, 401k, FSA and flexible hours (so you can put your family first).

If you are interested send your inquiry and resume to jobs@cfwebtools.com. If you want the "official" requirements you will find them on our company web site at this link, but regular muse readers will probably already know exactly what we are looking for.

Note, this is an onsight full time position. CF Webtools will assist with relocation.