CLIENTS

Henry Ford Health System
EZApps
University of Michigan
Pharmacy Advantage
Cabot & Stowers
Schoolwide Solutions
Live Sports Radio
Clarity

FROM THE BLOG

Docs Onsite Updates

We’ve added a few new features to Docs Onsite. Docs Onsite is the document and project management system that we’ve developed. We’ve been really pleased to see how it has worked for other client based companies who need to manage large quantities of documents with clear, simple, auditable access controls and logging. It is also how we manage our internal tasks, calendars, files, time tracking (which exports to QuickBooks for billing), support tickets, and bug tracking. The latest features are small looking updates, but are both very useful. We’ve added tagging to the Tasks, with color coding. This has really helped make it easy to quickly filter the task list to a related group of tasks. We’ve also integrated a […]

ColdFusion SQL Security

It’s common when working on a web application to interact with a database to read, insert, update, or delete data. In doing so you must take care when using variables in your SQL. The input may be coming from a search form or passed in the URL, but wherever it comes from there is a risk of SQL Injection, Cross Site Scripting or other attacks on your system. ColdFusion provides a few helpful tools for preventing people from executing malicious SQL queries or executing JavaScript injected into your database. One is the cfqueryparam tag. Assuming we set first_name = “Kevin” This would look something like this SELECT u.first_name, u.last_name FROM users u WHERE u.first_name = <cfqueryparam cfsqltype=”CF_SQL_VARCHAR” value=”#first_name#”> This will […]

Stopping Exchange 2016 Same Domain Spam Spoofing

We recently converted over to using Exchange 2016 for our internal email hosting and we were immediately buried in spam. Initially we enabled the exchange built-in spam protection and it just wasn’t cutting it. We expanded out and got ourselves BitDefender Exchange Protection which promptly dropped our spam rate almost overnight. However, we were still getting emails from our own domain @infinitewebdesign.com. The best places we found to combat this involved removing the permission: ms-exch-smtp-accept-authoritative-domain-sender in the active directory for the receive connectors. This, thankfully, allowed BitDefender to at least classify them as spam, but we were still able to be spoofed. A simple telnet to our server like so: >telnet <server_ip_here> 25 >EHLO >MAIL FROM: test@<domain_here> >RCPT TO: someone@<domain_here> […]

Read More Posts