Browsed by
Category: Security

Server-side upload verification with Taffy and Lucee

Server-side upload verification with Taffy and Lucee

Comments 0 Comment

I was dismayed to learn recently that every image upload process I had ever developed before now was vulnerable to improper file uploads. Like many developers, I used the HTML <input type=”file”> type form fields to allow users to upload images. I made sure to restrict (I thought) those uploads to just images, but it turns out that a lot of the “security” around image uploads is based on nothing more than the file extension or, even worse, on the…

Read More Read More

Random String Generator for CFML

Random String Generator for CFML

Comments 0 Comment

Working on a CFML-based project using components and figured I could document this for my own personal user later. If it helps someone else along the way, even better. Once the method is made, you just invoke the method with the cfinvoke tag. Since I put my component in my /utils/strings.cfc directory, I could use the following: I did not specify the charset, because my default will work for my purposes, but you can customize the characters that the random…

Read More Read More

Quick Random Password Generator for Perl

Quick Random Password Generator for Perl

Comments 1 comment

Mostly writing this for my own future benefit, but if this can help someone else in the process, perfect. Basically, create random strings of random sizes using random characters until the size of the resulting string is greater than 16. Pretty simple. #!/usr/bin/perl my @alphanumeric = (‘a’..’z’, ‘A’..’Z’, 0..9,’!’,’_’,’-‘); my @numeric = (0..9); my $randpassword = ”; until ( length($randpassword) > 16 ) { $randpassword = $randpassword . join ”, map $alphanumeric[rand @alphanumeric], 0..(rand @numeric); } print “$randpassword\n” Save the…

Read More Read More

Apache 2.4 – 403 Forbidden (AH01630: client denied by server configuration)

Apache 2.4 – 403 Forbidden (AH01630: client denied by server configuration)

Comments 0 Comment

I recently updated one of my development machines to Ubuntu 13.10 which now uses Apache 2.4 by default. In my case, I had updated a machine that was previously running Ubuntu version 13.04 and had been running Apache 2.2. After the upgrade, I was disturbed to find that none of my sites worked! I kept getting Apache 403 (Forbidden) error messages. I figured the upgrade had changed my configurations or something… but after fruitlessly messing with the config files (and…

Read More Read More