On ColdFusion, AES, and Padding Oracle Attacks: Hic Sunt Dracones

TL; DR: If you use AES-CBC (or another block cipher operating in CBC mode) to decrypt user-controlled ciphertext, validate the ciphertext with an HMAC or similar integrity check prior to decryption to avoid Padding Oracle vulnerabilities.

From: Hoya Haxa - A Security Research Blog

Links For You

So yeah, I know my last post was just a link, but I promise the post after this will be actual new content, not just me sharing stuff.

From: Raymond Camden

Algolia DevCon 2023 Videos

Normally I save links for the "Links for You" post I do a few times a month, but as I've been a bit quiet here recently (most of my side work has been on my Alpine.

From: Raymond Camden

Deploying Spring Boot 3 Applications to AWS Lambda

Welcome to this detailed and comprehensive blog post about deploying Spring Boot applications to AWS Lambda! If you've been searching for a solution to hosting your personal Spring Boot projects without breaking the bank, you're in the right place.

From: Dan Vega

Deploying Spring Boot 3 Applications to AWS Lambda

Discover effective solutions for hosting your personal spring boot projects without hefty costs. Boost your skills with Dan Vega, your spring developer advocate, while exploring the capabilities of AWS Lambda.

From: Dan Vega

Long-Term Funding, Update #3

In my previous Long-Term Funding update I said I would review/overhaul the Libraries pages (both authoring and the directory) and write the tools.

From: Sean Corfield: An Architect's View

Working Code Podcast - Episode 133: The Final Stretch

Ben Nadel and the crew talk why finishing a project feels so hard; and, what we can do to get our projects across the finish line....

From: Ben Nadel

Adobe ColdFusion Log Verboseness

Server logs in ColdFusion are a must-have resource to help you tune, monitor, and troubleshoot your servers.

From: Chris Tierney

Rogue Engine & JS Game Development

Those who have been following me for a while might know that while I'm no game developer, much like 90% of all other web devs, game development was my starting goal for getting into programming.

From: Michael Walter Van Der Velden

Working Code Podcast - Episode 132: Virtual Reality

Ben Nadel and the crew talk about Virtual Reality (VR) and Augmented Reality (AR) in the wake of Apple's new Vision Pro release....

From: Ben Nadel

Code Kata: Compacting Arrays In ColdFusion

Ben Nadel demonstrates how to compact an array in ColdFusion. That is, to remove the undefined values / indices....

From: Ben Nadel

An Ode to the Intel Mac

The general advice is that a computer should last between 2 and 4 years.

From: Michael Walter Van Der Velden

Creating Bootstrap WebC Components in Eleventy

For some time now as I've explored web components, it's occurred to me that web components could be a great way to make working with Bootstrap simpler.

From: Raymond Camden

Real World ColdBox App Architecture

Hi, I'm Nolan. My team is building a brand new ColdBox 6 app from scratch. We're using Docker, AWS, CommandBox, GitHub Actions, several modules from ForgeBox, Bash scripts, and Alpine.js. And ya know what? This tech tech may very well become the new base line on which I start all future projects.

From: South of Shasta: Software Development, Web Design, Training

My CFCamp 2023 Schedule

With so much great content at CFCamp, I'm having a hard time deciding between sessions! This is my best guess as to where you'll be able to find me.

From: South of Shasta: Software Development, Web Design, Training

Links For You

Happy Almost Father's Day.

From: Raymond Camden

Speaking at CF Camp 2023

I'm sitting in a hotel room in Munich, recovering from jet lag. That can only mean one thing: CF Camp is back, and I was picked as one of the speakers. :)

From: South of Shasta: Software Development, Web Design, Training

Working Code Podcast - Episode 131: Starting From Scratch

Ben Nadel and the crew talk about what it's like to start building Dig Deep Fitness from scratch. And, how to keep progress moving forward without going down rabbit holes....

From: Ben Nadel

They Were Able To Heal Even When They Could Not Cure

Ben Nadel leans on Dr. Abraham Verghese, and his TEDx Talk, in order to help explain how he feels about showing up every day to work on a legacy platform....

From: Ben Nadel

How to add Request Headers using HTTP Interfaces in Spring Boot 3

In this article, we'll be exploring how to customize HTTP interfaces in Spring Boot 3.

From: Dan Vega