Justin Scott

Recent Blog Comments By Justin Scott

• Considering Encrypting Passwords At Rest In ColdFusion

  Posted on Nov 22, 2024 at 6:43 PM

  Regarding the "Java Unlimited Strength Jurisdiction Policy Files" the Adobe documentation is out of date. Oracle now includes these by default with JDK 9 and later, and JDK 6, 7, and 8 include them by default after updates 6u181, 7u171, and 8u161 respectively. See https://www.or... read more »

• Converting ColdFusion Date/Time Values Into ISO 8601 Time Strings

  Posted on Jul 29, 2013 at 9:52 PM

  @David, would a copy of that more elaborate function happen to be available somewhere? I'm in a position where an application is going to switch from using a single timezone to UTC and we have several years of old data that will need to be converted back from local time to UTC but will need to take... read more »

• Object Thinking By David West

  Posted on Jun 10, 2013 at 4:49 PM

  I think I'm in the same boat where I read a lot about OO and how to design objects themselves with a bunch of generic examples, but I run into the same issues around business logic and constraints and how that fits in with those object models. I'm glad I'm not the only one in that boat and apprecia... read more »

• Reading Images With Fallback Approaches In ColdFusion

  Posted on Mar 8, 2013 at 6:23 PM

  Thanks Ben, great info as usual. I've been doing more work with images lately myself and found a lot of photos that people were uploading were rotated in odd ways and that the EXIF information would often contain rotation information to "correct" them before processing. I've also had som... read more »

• Accepting PCI-Compliant Payments Without A Merchant Account Using Stripe And ColdFusion

  Posted on Jul 2, 2012 at 12:21 PM

  @nina, So of course as soon as I hit submit I realized that I misread your question. I am not too familiar with Etsy, but if they allow you to process your own payments then something like Stripe should work as long as the items you're selling aren't prohibited by Stripe's terms of service.... read more »

• Accepting PCI-Compliant Payments Without A Merchant Account Using Stripe And ColdFusion

  Posted on Jul 2, 2012 at 12:19 PM

  @nina, If I remember correctly, eBay only allows sellers to accept payments through PayPal these days, so an outside payment solution like this probably wouldn't be applicable to an eBay store.... read more »

• Accepting PCI-Compliant Payments Without A Merchant Account Using Stripe And ColdFusion

  Posted on Mar 14, 2012 at 12:13 PM

  There is a company that makes a small hardware device that you can plug into the headphone jack called "Square" which will do CC processing right from an iPhone, iPad, or iPod. See: http://itunes.apple.com/us/app/square/id335393788?mt=8... read more »

• Jason Dean Tells Me To Use AES (Advanced Encryption Standard) Encryption

  Posted on Feb 16, 2012 at 1:56 PM

  In my applications that use encryption, I generally define a global encryption/decryption function for the application that all encrypted data passes through. This custom function acts as a wrapper for the CF encrypt/decrypt functions and acts as a clearinghouse so that I don't have to make the key... read more »

• Accepting PCI-Compliant Payments Without A Merchant Account Using Stripe And ColdFusion

  Posted on Jan 29, 2012 at 2:01 PM

  @Ryan - The website below has some good information on the topic of fees: http://www.merchantmaverick.com/pci-compliance/pci-compliance-fees/ In short, if it's listed as a "non-compliance" fee then you need to submit "proof" that you're compliant (usually in the form of a com... read more »

• Accepting PCI-Compliant Payments Without A Merchant Account Using Stripe And ColdFusion

  Posted on Nov 16, 2011 at 7:19 PM

  @Aaron, One of my clients has recently signed up for Braintree and their staff assures us that we can assemble our own XML and pass it to the gateway directly through an HTTP call without having to use one of their "preferred" libraries. I have not begun implementation yet, but I hope th... read more »

• Accepting PCI-Compliant Payments Without A Merchant Account Using Stripe And ColdFusion

  Posted on Nov 15, 2011 at 3:11 PM

  @Ben, I hadn't noticed the distinction with the merchant accounts, but that is an important one. I suspect Stripe is handling that in the background for you where Braintree will work with an existing merchant account if you have one. Once I have actually integrated it we will have to compare notes... read more »

• Accepting PCI-Compliant Payments Without A Merchant Account Using Stripe And ColdFusion

  Posted on Nov 15, 2011 at 12:31 PM

  This service looks very similar to Braintree Payment Solutions which works the same way, more or less. The mechanics are all the same (e.g. the browser submits the card to them in the background in exchange for a token) which keeps your site out of scope for compliance, though at a glance Braintree... read more »

• Jason Dean Tells Me To Use AES (Advanced Encryption Standard) Encryption

  Posted on Aug 16, 2011 at 12:20 PM

  @Brian - For passwords I would normally use a hashing algorithm rather than one that can be decrypted (there's usually no need to be able to decrypt passwords, so a hash is appropriate in all but a few edge cases). AES, especially with larger key sizes, is pretty strong encryption and would be acce... read more »

• Jason Dean Tells Me To Use AES (Advanced Encryption Standard) Encryption

  Posted on Aug 10, 2011 at 1:04 PM

  It's also possible to derive the secret key from a string such as a password, to avoid storing the encryption key at all. Of course, if the user forgets the password used to generate the key access to the encrypted data is lost. As Jason mentioned, key management is one of the hardest parts. I ha... read more »

• ColdFusion 9's ObjectSave() And ObjectLoad() Life Cycle Removes Object Meta Data

  Posted on Jun 6, 2011 at 2:15 AM

  My curiosity got the better of me and I tried to deserialize a CFC on a different server which has no knowledge of the original CFC file. The initial deserialization attempt fails with the "null pointer" error as expected. However, when the CFC is placed at the same file path as the CFC ... read more »

• ColdFusion 9's ObjectSave() And ObjectLoad() Life Cycle Removes Object Meta Data

  Posted on Jun 6, 2011 at 2:00 AM

  I've been playing with these functions as well and noted that the loadObject() function will fail with a "Null pointer exception" error if the original CFC file no longer exists or has been moved or renamed. If you add properties or methods to the CFC, they will mysteriously appear in the... read more »

• Using Encrypted JSON Data To Hide Cookie Implementation In ColdFusion

  Posted on Mar 9, 2011 at 10:36 AM

  @Justice, All good points, but I wouldn't let "perfect" become the enemy of "good enough" though. Unless you're trying to store a credit card number in the cookie this would all probably be overkill for basic session authentication in most applications.... read more »

• Using Encrypted JSON Data To Hide Cookie Implementation In ColdFusion

  Posted on Mar 8, 2011 at 11:45 AM

  One issue I see with this is that by linking the session to a specific IP address, you disable the ability to roam with a device. For example, if I log in from my 3G iPad on WiFi at home, then take it with me in the car and it switches over to the cellular network, my IP will change and suddenly my... read more »

• The School Of Practical Philosophy: Philosophy Works - Week One

  Posted on Jan 18, 2011 at 1:51 PM

  I'll give a nod to Freakonomics as well, it's an excellent read. Their analysis of the internal accounting of drug dealers was fascinating.... read more »

• Creating Base64-Encoded Data URLs For Images In ColdFusion

  Posted on Sep 1, 2010 at 11:09 AM

  I wonder if that would work with images in an e-mail to get images to load without the user having to "enable" them (no privacy concerns since they'd already be embedded). Hmm...... read more »