Related Topics: ColdFusion on Ulitzer, Apache Web Server Journal

CFDJ: Article

NewsWatch - February, 2000

NewsWatch - February, 2000








Feb. 18: Recent Hacks Did Not Intimidate Shoppers

According to several of the Internet merchants that were hit by DoS hackers last week, online shoppers didn't slow down. While security concerns top the concerns of online shoppers, Yahoo!, Amazon, eBay and others report that sales were not affected by news of the hacks and some site reported an increase in sales over the recent Valentine's Day period.


Feb. 18: Product Claims Advantages of ColdFusion

Phoenix Resources Technologies, Inc. of Scandia, MN announced that it has entered into an agreement with HHPN Development Corporation, San Diego, CA to acquire up to 100% of the company for $177,500,000.

HHPN has developed an application, code named DBPanacea, that the company says addresses the need for faster, lower-cost development and deployment of database-integrated Web sites and Web-based business applications.

The announcement came days after DBPanacea was given an independent evaluation by Doculabs, Inc. According to a Phoenix press release, the Doculabs evaluation said that DBPanacea has "significant and noticeable advantages over competing products, such as ColdFusion, specifically in the area of reducing overall development costs and time-to-production."

According to the press release, applications developed with DBPanacea are platform- and database-independent. Web sites will be able to run on Windows NT, UNIX or Linux without recoding, while using SQL, Sybase, Oracle and most other database engines. DBPanacea will also run on any Web server including Apache, Microsoft's Information Server, Netscape Server or any other server that supports servlets. This, claimed Phoenix, makes DBPanacea one of the most flexible and user-friendly Web development tools available.

Feb. 15: U.S. Accessibility Law Could Apply to Sites

The 1990 law requiring businesses to make themselves accessible to people with disabilities could be applied to Internet Web sites, advocates for the disabled told Congress last week.

The U.S. Justice Department has said the Americans With Disabilities Act, which requires businesses to make reasonable efforts to give access to the disabled, ought to apply to commercial Web sites.

Few Web sites have made themselves easily accessible. Last year, the National Federation for the Blind filed a lawsuit under the law against America Online, the largest Internet service provider, contending that the company's online software was inaccessible to the blind.

That stirred criticism from some business and online groups that Web sites would have to remove graphical images or live video or audio streams to comply with the law.

Disabilities groups, however, testifying at a hearing of the House Judiciary Committee's constitution subcommittee wednesday said they were only seeking modest alterations which would not require removing existing content.

Most Web sites are not easily accessible to people with disabilities. Blind people, for example, rely on Web browsing software that reads text and cannot interpret unlabeled images frequently used as navigation points.

"The presence of graphics is not the problem, but the presence of unlabeled graphics and the design of systems which rely only on graphics are what cause us tremendous difficulty," said Gary Wunder, a programmer at the Uinversity of Missouri and member of the board of directors of the National Federation of the Blind.

"The effort required of the business community is miniscule when compared with the benefits to blind and disabled people and to the society in which we live," Wunder added.

Online industry officials say they are moving to make the Internet more accessible, but warned that enforcing the law against Web sites might be counterproductive.

"Many sites will focus on avoiding litigation instead of addressing the real need of disabled net citizens to have access to the valuable content they provide," said Steven Lucas, a member of the Board of Directors of the U.S. Internet Industry Association.

However, "the cost of potential litigation could prevent some Web sites from coming online," said Lucas.

Lucas urges delaying any enforcement of the law against Web sites until, "industry has been given an opportunity to address the issues of accessibility in a commercial and competitive environment."

Feb. 11: 'Tis the Season for User Groups

This weekend's ColdFusion E-Commerce seminar (CFCONF '00) in Rockville, MD kicks off a number of user group meetings across the country in the next few weeks. No matter where you are, you are bound to find one close to you.

Cities with upcoming events include Indianapolis, Philadelphia, Seattle, Atlanta, Fort Lauderdale, Tampa, Orlando, and Dublin, Ireland. More information on these CFUG gatherings is available from the Allaire Web site on the CFUGs in the News page.

Feb. 10: Netscape Mozilla Alpha Released

"Mozilla 5.0," the long-awaited, much-delayed, open-source successor to Netscape Communicator and Navigator, was released Jan. 21 in a M13 Alpha release. It joined more than two dozen other Web browser types and brands.

The M13 is the first official "Alpha" release of Mozilla 5 and is intended for full-time use by developers so that they can sniff out any problems that remain before the beta, and then final, releases. As the M13 build is architecturally complete, it will give a good idea of how the final release will react with CF applications.

A copy of the M13 alpha can be downloaded from All pre-release versions expire and stop working, 30 days after the build date. M14, which Netscape will use as the checkpoint for the commercial Alpha release, is scheduled for release Feb. 18.


Feb. 18: Sign-Up For Free ColdFusion Seminars

Allaire is offering free ColdFusion seminars over the next few months in cities across the US. Attendees will get an overview of ColdFusion and a product demonstration of ColdFusion 4.5. For more information on the seminars and to register, visit the Allaire Web site at:

Feb. 18: Allaire and Productivity Point Partner Extend Training Program

Allaire Corp. and Productivity Point International, a market leader in customized IT training, announce a distribution agreement to offer Allaire authorized training on ColdFusion. Under the terms of the agreement, Productivity Point will provide training on Allaire products in more that 100 cities across the country.

Allaire will focus on expanding the curriculum of courses needed while Productivity Point will ass in managing and deployment of training to the audience of Allaire customers and partners. They will offer interactive skills training to students from their state-of-the-art technology learning centers.

"Allaire is committed to keeping the Internet community abreast of the latest technological advancements available," said Jeremy Allaire, CTO of Allaire. "Through this partnership with Productivity Point, Allaire will be better positioned to help customers and partners learn the skills they need to rapidly develop and deploy mission critical Web applications."

The first two course, "Fast Track to HTML" and "Fast Track to ColdFusion" will be offered in February with additional Allaire authorized training to be introduced in March.

Feb. 11: Spectra Gains

Allaire Corp. announced that over 50 customers have selected Allaire Spectra, its new packaged system for next-generation content management, e-commerce and personalization. The system, which began shipping in December 1999, allows companies to respond more quickly to competitive pressures by creating a more responsive and personalized customer experience, and by empowering employees to use the Web as a productive tool in their everyday work.

"These customers were looking for a platform that would provide a tight relationship between the management of Web content assets with services that extend their company's business models into e-commerce quickly and easily, " said Jeremy Allaire, chief technology officer for Allaire Corp. "Furthermore, they wanted a platform that allowed them to interact with their Web customers in a rich, personalized manner. This model of Internet business is at the center of Internet portals, e-commerce sites and corporate-wide Intranets and extranets."


Feb. 11: CERT Advisory: Malicious HTML Tags

CERT (Computer Emergency Response Team), the government funded organization that researches and advises on the vulnerabilities in computer systems, issued a warning concerning malicious HTML Tags embedded in client Web requests.

A Web site may inadvertently includes malicious HTML tags or script (which can include JavaScript) in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a problem when a Web server does not adequately ensure that generated pages are properly encoded to prevent unintended execution of scripts, and when input is not validated to prevent malicious HTML from being presented to the user.

This can allow hackers to launch malicious code on a victim's computer or capture information a person inputs to a Web site, such as credit card numbers. Hackers can include a link in an email or publish them online to Web pages and discussion groups. The technique called, "cross-site scripting" or CSS can be inserted in a page on virtually any Web site and is not limited to specific software. The attacks can occur without the Web server or Web browser (and the Web user) even detecting the attack.

The advisory can be found at CERT's Web page.

Microsoft has an in-depth explanation as well as step-by-step suggestions on how to deal with the problem.

Some questioned as to how new the problem was and doubt was thrown on Microsoft's sudden burst of philanthropy. Why, when the Redmond company has never bothered to announce any of the many other security problems with its browser, did it bother to this time?

PC Magazine's John Dvorak had a column, The Cross-Site Scripting Scam, up within days which, while heavy on conspiracy theories and paranoia, was light on facts. John heaped scorn on Microsoft's "promiscuous browsing" warnings and claimed it was a plot to send users scurrying to "safe" MSN.

Feb. 11: Internet-Security Summit in Wake of Web Attacks

Several major Internet sites were targeted by an unknown assailant or assailants who shut down several sites including eBay, Amazon, Excite and Yahoo earlier in the week with denial-of-service (DoS) attacks.

In a DoS attack, the assailant makes an enormous number of connection requests to a server so it is unable to respond to requests from legitimate users. This week's attacks were widely distributed, meaning the attacks were launched simultaneously from many probably compromised computers.

The White House called a meeting in response to the attacks, which shut down some sites for over an hour. Next week, twenty top Internet executives are expected to meet with President Clinton, Attorney General Janet Reno, Commerce Secretary William Daley, and National Security Advisor Samuel R. Berger. A week later, the U.S. Chamber of Commerce will host another meeting on high-tech vulnerabilities with over 100 Internet and technology companies attending.

For an analysis on the attacks and security issues involved by security expert Russ Cooper, keeper of the NTBugTraq mailing list, see the MSNBC article, The Internet Emperor Has No Clothes.

Feb. 11: Congress Questions Cookies

Senator Robert Torricelli, a New Jersey Democrat, introduced the Internet Privacy Act, that would make it unlawful for companies to collect information from consumers without first getting their permission.

"The fundamental right to privacy should not be sacrificed to the Information Age," said Torricelli. Cookies, devices that track consumers' Web usage that are sometimes used for marketing and advertising purposes, are the focus of the proposal.

While many don't feel that targeting cookies is the answer to Net privacy, privacy advocates feel that the potential for their misuse is very real and that the legislation is a step in the right direction.

For more information, see the CNET News story, "Cookies" targeted as Congress, advocates address Net privacy.


Feb. 11: Job Perks To Include Discount Computers

Ford Motor Corp. and Delta Airlines recently announced that it will offer free computers and low-cost Internet access to their employees, a move that is likely to be followed by other major corporations. Under the plan, the companies are distributing laptops and PC to their employees and are allowing them to pay small monthly co-pays for their Internet access.

The move intends to bridge the technology gap between all workers and make every person in the organization comfortable using technology, in hopes that workers will be able to more easily adapt to the changes in their working environments.

More Stories By Maria Waddy

Maria Waddy is a ColdFusion Advisor editor.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.