Tuesday, June 23, 2009

Mayo Clinic Hiring ColdFusion Developers

My team is hiring senior level ColdFusion developers. Below is the posting.

Senior Analyst Programmer

Mayo Clinic in Rochester, MN, is seeking qualified candidates for the position of Senior Analyst Programmer. Our Global Product Service is in immediate need of a highly motivated individual to be part of the Population Health technical team who is capable of designing and implementing interactive web-based applications and services. Duties will include supporting the monitoring and maintenance of multiple web sites and working closely with other members of the Population Health technical team to help architect applications for the EmbodyHealth portal. You will also assist in the integration of EmbodyHealth with other business units at Mayo and other vendor partners. To qualify, you must have a Bachelor's degree and three years of professional software development experience; or an Associate's degree and five years professional software development experience; or nine years of professional software development experience. Three to five years' experience in web application development and a background working with ColdFusion are required. Experience in data modeling and design on enterprise level DB such as Microsoft SQL Server is also essential

Mayo Clinic, one of Fortune magazine's "100 Best Companies to Work For," offers an excellent salary and benefits package. To apply or learn more about this or other opportunities, please visit http://www.mayo-clinic-jobs.com/job/ROCHESTER,-MN-Senior-Analyst-Programmer-23956-Job/497314/

Stephanie Bowron, Human Resources Phone: 800-562-7984

Mayo Clinic is an affirmative action and equal opportunity employer. Post-offer/pre-employment screening is required.

Friday, June 12, 2009

Cross Site Scripting and SQL Injection in CGI scope

This is not another post telling you what 100 other have. We all know you need to check....
However often times there are a few variables forgotten when checking for CSS and SQL injection.
In ColdFusion there is a scope called CGI. It contains things like CGI.QUERY_STRING and CGI.SCRIPT_NAME. If you use either of these in your code these are susceptible to attack also. I have seen a malformed URL create attacks in both of these.

Here is one SQL injection tool that may help you. http://portcullis.riaforge.org/

Thursday, June 11, 2009

Code - more like a bar top than I thought

You ever look at some code and see "blonde, brunette, redhead ", okay Matrix quotes aside. You ever look code and see different coding styles from multiple programmers touching it? Its like a well worn bar counter or that worn door handle. Fingerprint here, smudge there and worn down here. It just seemed interesting to me.

Tuesday, June 9, 2009

Performance Tuning ColdFusion

This is a great place to start "Performance tuning for ColdFusion applications". Don't be scared off by the Jvm memory tuning stuff. If you can tune your JVM this article has other good nuggets of info.

My tuning tips:
  • Turn on the debugging info and the " " setting. Or just this setting as enabling everything can suck up a lot of memory. Look for not only long running code but code that you did not expect to run more than once or N times. If something only takes 30ms but runs 100 times maybe you could still tune it to run less. Especially something that may only take 30ms in development could make a huge impact if it starts taking 100ms say.
  • Indexing your db tables properly can help a lot. Sometimes we create tables, write a bunch of code and forget to go back and look at what fields we actually used in the where clause or joins. Sometimes things change and that primary key may not be "the field" you used.

Wednesday, June 3, 2009

Pomegranate Saison?

A couple weeks ago when I bottled the Saison Du Mont from the big brew I added pomegranate juice to a bit of it. Last night I opened one. For starters I had targeted 3 volumes with the priming sugar before adding the juice, needless to say it was a little over carbonated. After the foaming out of the bottle was done I tasted it. Below are my notes.

Appearance: It is more cloudy than the normal batch. Pectin?

Aroma: a flowery aroma and then that Belgian funk with some citrus.

Taste: Its a bit more tart than the normal batch and you can't really taste any fruit.

Mouthfeel: Its very smooth and a bit creamy on the tongue. The extra carbonation maybe or perhaps more body.

Wife test: My wife liked this version compared to the normal batch.

Overall I think we need to do a side by side next time. If I did this again I'd back off on the priming sugar for the juiced batch.

Brew on