Archive for May, 2008

MVC for You and Me (cf.Objective() Joe Rinehart)

Posted in Development | Saturday, May 3rd, 2008 | No Comments »

This is an introductory session to discuss the basic concepts of model view controller.

  • Model
    • Contains properties and methods. 
    • Avoid dependencies.
    • The data and the logic; repository for all system knowledge.
    • No knowledge of the view or controller.
  • Controller 
    • Tightly coupled with the model and the view.
    • Seperates the model from the view; acts as the mediator.
  • View 
    • Displays the user interface
    • Allows the user to interface with the model.
  • Key Concepts
    • The controller can know about the view and the model and write to the model.
    • “Seperation of Conerns” is a key term in Object-Oriented Design
      • It dictates that a given unit in a system should not have more than one concern.
      • Everything should do one thing and do it well.

Application & Database Security (cf.Objective() Daryl Banttari)

Posted in Development | Saturday, May 3rd, 2008 | No Comments »

Some helpful tips to use to keep security at a high level:

  • Replace “<” from input values.
  • Minimal database permissions for all queries, possibly having seperate accounts used for select queries versus inserts/updates.
  • Use stored procedures when possible.  Injections are more difficult in a call to a stored procedure versus a normal query.
  • Secure both front end and back end.
  • Needless to say, use queryparam’s within a cfquery.  Even when using cf_sql_varchar, a sql statement cannot be executed.