CFUN-04 Homepage
Central Location of ColdFusion Conference and Seminars
Spread The Word
Register Exhibitor Information Survey News Faq's blog Share cfun-04 photos

Professional Web Tools

More Sponsors:

   Charlie Arehart
   Jo Belyea-Doerrman
   Tim Buntel
   Raymond Camden
   Christian Cantrell
   Sandra Clark
   Joey Coleman
   Sean Corfield
   Robert Diamond
   Michael Dinowitz
   Steve Drucker
   David Epler
   Joseph Flanigan
   April Fleming
   Ben Forta
   Shlomy Gantz
   Mark Gorkin
   John Hamman
   Hal Helms
   Simon Horwith
   Larry Hull
   Jeff Houser
   Chafic Kazoun
   Matt Liotta
   Tom Muck
   Rey Muradaz
   Nate Nelson
   Samuel Neff
   Jeff Peters
   Bogdan Ripa
   Neil Ross
   Margarita Rozenfeld
   Stephen Shapiro
   Michael Smith
   Geoff Snowman
   Jeff Tapper
   Dave Watts


Ben Forta

Colder Fusion - Twin Cities ColdFusion User Group
SacCFUG - Sacramento, California ColdFusion Users Group
MMUG-Dublin UserGroup Meeting
1  |  2  |  3  | 4  | 5  | 6  | 7  | 8  | 9 | 10  | 11  | 12  | 13  | 14  | 15  | 16  | 17  | 18  | 19  | 20  | 21  | 22  | 23  | 24  | 25  | 26  |  27  | 28  | 29  | 30  | 31  | 32  | 33  | 34  | 35  | 36  | 37  | 38  | 39  | 40  | 41  | 42  | 43  | 44  | 45

Back To Interview list

With computer security in the news, Michael Smith decided to talk with Matt Liotta about his CFUN-04 presentation on "Security".

Michael Smith: Why is security important for programmers? Isn't this a network administrator subject?

Matt Liotta: Well if there are any administrators in the attendance I am sure they will benefit from this presentation. However, this presentation is really meant for programmers. How we write code makes a big difference in the overall security of an application. Unfortunately, many programmers miss the potential security problems in their applications simply because they don't know any better. Or worse, they go to extraordinary lengths in the name of security only to miss subtle exploits that invalidate all their work.

MS: That sounds like a lot of work!

ML: Great security takes a lot of work, but good security can be achieved with a little insight that takes almost no extra work at all. In my presentation, I'll explain how certain practices can be adopted that in the end take no extra effort, but pay off big in terms of security, and have side benefits such as performance and robustness.

MS: That is a relief. But what about password protection of sites?

ML: While that is a pretty well understood topic, there are lots of different ways to attack the problem, each with their own implications that one may not be aware of. In fact, now that you bring it up, it is a pretty important topic that I fail to address in my presentation. I'll make sure to update my presentation to cover this information, though, so if you are interested in this topic, I guess I'll be seeing you at my presentation.

MS: That is cool! What about cookies and session variables? Is there a security risk there?

ML: Like anything, it all depends on how you make use of things. Are cookies inherently risky? No, but they certainly can be. I think we have all heard the stories about early e-commerce sites that stored pricing information in cookies, allowing people to buy items at a lower price simply by changing their cookies.

MS: Ouch! And I have heard that even prices in form variables are not safe. So will you show people how they can protect their e-commerce pricing from hackers like that?

ML: My presentation doesn't really focus on different variables scopes, but instead provides a wealth of information on how to appropriately make use of the different scopes. Certain practices can apply to multiple scopes, so it is much better to understand why they apply to those scopes then just to provide a set of rules for each scope.

MS: What about URL variables. Are they hacker proof?

ML: Again, it is not about individual scopes, but understanding the implications of how you use all scopes. Additionally, it isn't really about making things hacker-proof or even, the more appropriate term, cracker-proof; it is about making sure your application is designed in a way that doesn't allow users to make use of it in ways not intended. You don't have to be a cracker to manipulate cookie, URL, or form variables.

MS: Will you have code samples that we can copy in your talk?

ML: Not directly no, but certainly code will be shown.

MS: That sounds cool - I think I will be able to improve the security of my sites after coming to your talk! Thanks for talking with me.

| Home | Topics | Speakers | Directions | Spread the Word | Register |
© Copyright TeraTech Inc 2003
405 East Gude Drive Ste 207 Rockville MD 20850
301.424.3903  Fax 301.762.8185
Please send comments/questions to [email protected]
For sponsorships or registration, please send comments/questions to liz-cfun04 (at)