Hi folks, I need some advice. One of our bigger clients has a handful of Java developers working for them who don't particularly like ColdFusion. While their initial complaints were that it wasn't open source and that you're tied to one particular company (thoughts which I quickly squashed), now they're whispering in the ear of the decision makers that Cold Fusion won't do "Three Tiered Security".
I just now think I remember asking the group about this once before, but it's probably worth talking about again. Their idea of the three tiered security model is that there's a web server, an application server, and a database server. The web server contains no code, no passwords, and can only communicate to the application server by virtue of the web server's IP address, and because the web server is the only machine that knows where the application server is. Sounds a bit like "security through obscurity" to me, but what do I know? Anyway, these Java developers are telling the decision makers at this client that ColdFusion just isn't secure because it can't do this three tiered security stuff, but Java can. So they're saying, "why don't you just let us rewrite everything in Java for you?" Well, while my little company has never run CF as anything but a windows service, using CF Standard. We figure that it's written in Java so we ought to be able to make CF run in this sort of three tiered environment too. So my questions are: * Are these developer's right? Is CF not capable of running this Three Tiered model, and are we less safe for it? * If in fact, CF *can* run in this Three Tiered model, will we need to upgrade to CF Enterprise to do it? * Lots of our code is proceedural, though we've been switching to using CFCs slowly (not really OO, but rather storing related queries, and functions in CFCs) * What arguments can we make to our client on this subject? * Can anyone point me to any articles or other materials online concerning this topic specific to CF? Thanks for any help guys and gals. I'm going to cross-this to CF-Talk, so I apologize in advance for any duplication I may cause. Chris -- http://cjordan.us ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion is delivering applications solutions at at top companies around the world in government. Find out how and where now http://www.adobe.com/cfusion/showcase/index.cfm?event=finder&productID=1522&loc=en_us Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:289333 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
