Here's how to do it or, for IIS6, you can get Microsoft to do the work with their SelfSSL tool from the IIS Resource Kit. Barney has a posting on an issue with Apache and OSX.

OpenID is an open, decentralized, free framework for user-centric digital identity.

Nice idea, now where can I use it...

Here's some more resources...

• http://simonwillison.net/2007/Feb/25/six/
• http://pip.verisignlabs.com/
• http://www.indiankey.com/cfopenid/examples/login.cfm
• http://openid.net/wiki/index.php/Public_OpenID_providers

Ophcrack is a Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux.

If you have developed a web application with a database back-end, you should check out this article titled SQL Injection Attacks by Example. It clearly explains what a SQL injection attack is and shows you how defend against such attacks.

After a little investigation I think you shouldn't try to strip out any HTML from a users input, within reason, but to bracket the output of all their input with HTMLEditFormat(). That way any sillyness will be displayed in all it's glory!

This of course is in addition to adding to your Application.cfc or the scriptprotect attribute of the cfapplication tag in CFMX 7. This is preferred over blindly checking the "Enable Global Script Protection" checkbox in the Administrator as it gives more flexibility.

See Pete Freitag's blog for more info.

Also there's a good article on SysCon.

Plus a good faq at http://www.cgisecurity.com/articles/xss-faq.shtml

Here's a great web security presentation by Mike Andrews. Jump to minutes 25, 40 and 55.

Ray Camden has started some more security chatter!

Is your password secure? Check it out here!

Make sure you're not listed on this site of exposed websites found by a Google hack.

Windows Security Tools