Sunday, May 26, 2013

Singletons in ColdFusion

http://coldfusiondesignpatterns.org/singleton.html

On how ColdSpring and Dependency Injection may facilitate the Singleton pattern in a CFML application.


Coding Horror on HttpOnly

http://www.codinghorror.com/blog/2008/08/protecting-your-cookies-httponly.html

How using HttpOnly flag in the header instructs browser that only the server (and not malicious javascript) can access this cookie.

The risk is that an XSS post when loaded can forward an authentication cookie to a remote site where it can be used to steal your identity by a malicous user who is able to load the site that issued the cookie under your identity.