ALWAYS require username/password on DSNs

If you have your ColdFusion site in a hosted environment and you do not require a username/password to connect to DSNs at the query level, you are basically giving anyone an open invitation to do whatever they wish with your database and your data within.

I know that sounds somewhat alarmist, but using the ServiceFactory, any developer can dump the DSNs on the hosted server and loop through connecting to each one.  As a test, I did this on…. umm…. another server… somewhere else entirely, and found that of the 300+ DSNs on the server, easily 75% of them were wide open.  I did this in 15 lines of code!

If you care at all about your site or your data, or even just care about good programming in general, there is no excuse not to take that step.

Adding field focus to every form on your site

Someone on an email list I follow posted up question asking for ideas on a good way to make every form in their application display with the focus set to the first field.  He had hit a bump since he was working in fusebox and needed this to work using a common header file.  My suggestion was that he use an onload event that checks to see if there is a form on the page, and if there is a form, focus() the first element.  I thought this might be a nice snippit to hold onto and share.

function setFocus() {
if ( typeof ( document.forms[0] ) != “undefined” ) {

<body onload=”setFocus()”>