Adobe has published a white paper in the Security Dev Center for CF8 best practices and security guidelines. It weighs in at almost 50 pages, and is a must-have in my opinion.

ColdFusion 8 Developer Security Guidelines (direct pdf link)

Its time to open up your toolbox and share those little programs you can't live without. Trackback or comment with yours, I'm sure we'll all learn something.

My list is mostly web development stuff I suppose:

Nattyware's Pixie

Pixie is a free program that sits in your taskbar and gives you the color your mouse is hovering over in just about any format you could hope for. If you ctrl-alt-c it will copy the hex to your clipboard. I've found it invaluable for me whenever doing anything with color design.

Irfanview

Irfanview is a free image viewer. It views just about any image format known to man. It also lets you do batch cropping, canvas editing etc. It has a small footprint and I find it much better than firing up a clunky editor for certain tasks.

Winamp v2.95

Still the best windows-based lightweight music player. ever. Its too bad the current versions are so bloated. oldversions.com!

Steganos Security suite

This suite is always my first install on a fresh machine. Its not a free product, but its been worth every dime. Encrypted hard drive abilties, anonymous browsing without using scary proxy sites, anti-theft laptop protection, etc etc

Color Blender

Eric Meyer's color blender. Provide it two colors and find a coordinating list of up to 10 in between's. A great compliment to using Kuler.

CSS Sculptor

Eric Meyer's standard compliant CSS tool. This is a great tool that comes pre-packaged with 30 standards-based CSS templates, and allows you to easily customize your design and maintain standards. Its about $150, but does help with lowering development time if you are not a css guru up on the quarterly hacks!

Honorable Mentions

CFEclipse, Browsercam.com (before they became expensive), sIFR

Google has opened up the API to their list of malware and blacklisted sites. very exciting. You need a Google acct to get a key to log in and get the information to access the API.

so I receive a couple emails this past week noting that I had been filtered as spam on a Government agencies filter. I hadn't sent any emails to the user in question so I was somewhat troubled.

I tracked it down to making in post in Ray Camden's blog and this individual having their subscription on. I ended up posting an enhancement on riaforge here: http://blogcfc.riaforge.org/index.cfm?event=page.issue&issueid=05A31C82-0351-6280-F4BF1BF7A2FB0869

and Ray responded there is a property commentsfrom that can override this functionality.

I personally suggest everyone change this as Ray points out in that link for a variety of reasons:

1. its bad protocol to be sending the email 'from' using my personal email as I didn't request such a thing making a posting on your blog and choosing to use a valid email someone could potentially contact me with a question or hate mail
2. Its bad form to be RELAYING a from address (not a reply to mind you an actual FROM) from your personal mail server as this behavior can get you blacklisted pretty fast. I would imagine a zealous person could cook up a liability issue for not disclaiming this to a poster that ended up getting blacklisted somewhere and possibly impacting their livlihood (aka blacklisted on a govt agency that you need to communicate with to post bids etc).
3. If you are on a shared host you run the risk of blacklisting the entire ip block for your portion of the shared host, which will blacklist others using the same shared host. I've actually felt the sting of this one in the past and it sucks especially when its not you doing anything wrong other than choosing to be on a shared host =\

This isn't a rant or a knock on Ray or BlogCFC (I use it look :o )... just a friendly opinionated response to something I find troubling because we blacklist in our work environment from relaying all the time.

I really thought I had done most of my due diligence on locking down CF 7.x and tweaking what was needed to be done...

?:\\CFusionMX7\cfx\java\distrib\examples\

I honestly forgot about this one somehow and never wrote it down (and obviously never removed the examples). I'm going to be re-writing the quick guide I wrote to lock down CF 7.x this week almost from scratch, more for myself than anything. I will post it up here in case anyone else cares the few new things I've come across. The basics in the one on this site are still solid imho.