YOUR FEEDBACK
José D'Andrade wrote: "...it may never be released..." Why? "...if Midori isn’t heir to Windows Mi...
Aug. 6, 2008 11:38 PM
AJAXWorld RIA Conference
$300 Savings Expire August 8
Register Today and SAVE!

Did you read today's front page stories & breaking news?

2007 West
GOLD SPONSORS:
Active Endpoints
Your SOA Needs BPEL for Orchestration
BEA
Virtualized SOA: Adaptive Infrastructure for Demanding Applications
Nexaweb
Overcoming Bandwidth Challenges with Nexaweb
TIBCO
What is Service Virtualization?
SILVER SPONSORS:
WSO2
Using Web Services Technologies and FOSS Solutions
Click For 2007 East
Event Webcasts

2008 East
PLATINUM SPONSORS:
Appcelerator
Think Fast: Accelerate AJAX Development with Appcelerator
GOLD SPONSORS:
DreamFace Interactive
The Ultimate Framework for Creating Personalized Web 2.0 Mashups
ICEsoft
AJAX and Social Computing for the Enterprise
Kaazing
Enterprise Comet: Real–Time, Real–Time, or Real–Time Web 2.0?
Nexaweb
Now Playing: Desktop Apps in the Browser!
Sun
jMaki as an AJAX Mashup Framework
POWER PANELS:
The Business Value
of RIAs
What Lies Beyond AJAX?
KEYNOTES:
Douglas Crockford
Can We Fix the Web?
Anthony Franco
2008: The Year of the RIA
Click For 2007 Event Webcasts
SYS-CON.TV
SYS-CON.TV: RIA Shoot-Out! AJAX, Flex, Silverlight, and JavaFX
SYS-CON.TV WEBCASTS
JACKBE The Big A(architecture in AJAX)
INSTANTIATIONS Eclipse Rich Internet Platform with Taylor and Milinkovich
YAHOO! Applying AJAX to Speed User's Journey
ENERJY WEBCAST Java Code Quality Management
APP SERVER SHOOT-OUT with Microsoft, IBM, JBoss, Sun, BEA, and Oracle
TOP COLDFUSION LINKS


Java Industry News
JavaOne 2008: Sun Talks Up its Late-to-the-Party AIR-Silverlight Rival
At Java One Sun Sold Its JavaFX Rich Client Environment Making Competition for Adobe AIR and Microsoft Silverlight

By: Maureen O'Gara
May. 16, 2008 11:45 AM

At Java One this week Sun has been selling its year-old-but-still-upcoming – and definitely late-to-the-party – Adobe AIR- and Microsoft Silverlight-competitive JavaFX Rich Client environment as a potential revenue-generator capable of putting ads on mobile applications and JavaFX Script, its newfangled high-performance GUI declarative scripting language, as the way to build consumer next-generation RIAs for desktops, mobiles, TV and other consumer devices.

Otherwise developers are – preferably – supposed to use the NetBeans IDE to write JavaFX apps, which are supposed to move effortlessly from device to device. FX has its own runtime and media codec framework.

Sun is promising JavaFX Desktop for browsers and PCs this fall and JavaFX TV and the previously announced JavaFX Mobile next spring. It says it’ll have a preview of the JavaFX Desktop SDK this summer.

It’s got demos at www.javafx.com.

Something like 85% of cell phones (like Google’s Android), 91% of desktops, and all Blu-ray disc players are supposed to be able to run JavaFX.

It’s also promising the stuff will be cloud-borne.

Sun says it’s got two projects the other side of JavaFX. One, called Hydrazine, is supposed to let content creators find information and services in the cloud, merge those services together, deploy them in the cloud and share them.

And the other, called Project Insight, is supposed to let developers track how their applications are being used and who’s using them so they can be monetized with advertising. Sun is planning on monetizing that one itself.

When they might arrive is anybody’s guess.

Published May. 16, 2008— Reads 8,116 — Feedback 1
Copyright © 2008 SYS-CON Media. All Rights Reserved.
About Maureen O'Gara
Maureen O'Gara is the Virtualization News Desk editor of SYS-CON Media. She is the publisher of famous "Billygrams" and the editor-in-chief of "Client/Server News" for more than a decade. One of the most respected technology reporters in the business, Maureen can be reached by email at maureen(at)sys-con.com or paperboy(at)g2news.com, and by phone at 516 759-7025.

YOUR FEEDBACK
David Kinkead wrote: Good info, but I believe you are completely correct about textual data not being a threat. Let's say you coded in a file named test.cfm: SELECT * FROM sometable where field1 = '#preservesinglequotes(url.name)#' Then a user put in this url: http://yoursite.com/test.cfm?name=ttt';insert into sometable(field1,field2)values('xxx',99998);select * from sometable where field1='x The result is sql injection. I have tested this and know it to be true. However this will only work if you use "Preservesinglequotes", which I have used many times. So we must protect ourselves even with textual data.
Luis Melo wrote: Our system was not SQL Injection proof and we recently suffered an attack that corrupted the data in some of our database tables. The attack was quite elegant and fortunately did not cause severe damage other than the appending of a SCRIPT sting to a bunch of VARCHAR fields. This was meant to actually execute a JS file and this qualifies as a XSS attack. In researching the Web for a solution for the problem, and a way to immunize our CF application against further attacks, we came across the CFQUERYPARAM solution, but our application has over 5000 files, each with one or more Queries and Stored Procedure calls. Implementing such a solution in such an extensive amount of files was impossible in a timely fashion, so I looked for another solution and came across a ColdFusion written function (isSqlInjection) that showed some promise but some shortcomings as well. I wanted something th...
Angela wrote: Isn't WHERE id = #Val(url.id)# just as effective as using cfparam or cfqueryparam?
Will wrote: Hi, I really enjoyed your article about injection attachs, but you forgot one small detial. Even if you use cfparam, it appears that you are still vuneralbe to injection attachs via forms. someone could fill a form filed with some thing like this "# #drop table" the first and last quotes seperate your statement from and move it ouside of the forms "quoes" and thene the the next two #'s creat and execute a new statement.
CFDJ News Desk wrote: Ben Forta's ColdFusion Blog: SQL Injection Attacks, Easy To Prevent, But Apparently Still Ignored. I was just on a web site (no, not a ColdFusion powered site, and no I will not name names) browsing for specific content. The URLs used typical name=value query string conventions, and so I changed the value to jump to the page I wanted. And I made a typo and added a character to the numeric value. The result? An invalid SQL error message.
CFDJ LATEST STORIES . . .
SQL Injection attacks are one of the easiest ways to hack into a website. One recent hack, using a script from verynx.cn, involves injecting sql into a web form that then appends some JavaScript code into fields in a database that then gets executed on the client side when a user views...
By Virtualization News Desk
Mike Neil is general manager for virtualization strategy in the Windows Server Division at Microsoft. Mike is focused on the delivery of the Windows virtualization technology, including Windows Server 2008 Hyper-V, Microsoft Hyper-V Server and Virtual PC 2007. Mike also directs the tec...
By RIA News Desk
Two of the biggest launches in Rich Internet Application history took place in 2007/2008 when Adobe launched AIR 1.0 in February '08 and Microsoft launched Silverlight (September '07). At the 6th International AJAXWorld RIA Conference & Expo in October SYS-CON Events is delighted to be...
By Wireless News Desk
Recursion Software released a private beta version of their Voyager mobile platform, with powerful interoperability for Android, Microsoft .NET and Compact Framework (CF), all Java editions (JME CDC, JSE and JEE), and more than 15 embedded operating systems. The Voyager platform is a p...
By Max Katz
2008 is going to be an important year for Rich Internet Applications. Most organizations are delivering or planning to deliver Rich Internet Applications; however, at the same time, most IT managers are facing a dilemma: which Rich Internet Application technology and platform to use? T...
By ColdFusion News Desk
CFDynamics, a ColdFusion web host, has renewed an agreement with SmarterTools that will allow them to pass on immediate value to their customers. When a customers signs up for a dedicated hosting account they will now receive $750 worth of features including SmarterMail, SmarterStats a...
SUBSCRIBE TO THE WORLD'S MOST POWERFUL NEWSLETTERS
SUBSCRIBE TO OUR RSS FEEDS & GET YOUR SYS-CON NEWS LIVE!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021

SYS-CON FEATURED WHITEPAPERS

MOST READ THIS WEEK
By Coach Wei; on behalf of the OpenAjax Alliance
ADS BY GOOGLE