Read Greg's Rules of web development, I'll start with the just created rule
#1:
"Security is not the program in as much as the people who are using the
program"
also:
"what you get is what you pay for"
IMHO Cold Fusion delivers an easy to use, yet powerful development platform.
At a fairly decent price tag. When you are programming in cold fusion, it
is always good practice to consider the implications of what you are doing,
and plan accordingly. For instance, if you are using CFFILE to use an
upload, consider it suicide to use CFEXECUTE right after it on the same
file(that's the quickest example I can think of). However you get the idea.
Your mind must at all times be thinking "what could a user do, if I
programmed this?" and you'll never have a problem with security.
Lots of programming lanugages in their time have had bugs documented, some
of them security related. I'm not sure about PHP's track record, but I'm
sure that it's not perfect either. Remember PHP is also a relative newcomer
to the scene of enterprise application development, and its security is not
quite proven yet.
In short, be
Gregory Harris
Web Developer
Stirling Bridge Group LLC
----- Original Message -----
From: "Kelly Shepard" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, December 13, 2000 9:14 AM
Subject: Another debate
> The new boss has arrived in my department and of course he wants everyone
to
> switch from the awesome and all mighty cold fusion to .... PHP. We do need
> some other strengths in our department for those clients who don't want us
> to host their application or don't have cf on their server, but, he wants
a
> complete switch. Here is a glimpse into his last email:
>
> "It could be argued that both technologies have their strengths and
> weaknesses. However, in the corporate IT department, CF is usually not an
> option due to cost and security problems. I realize that changing
> perceptions and old habits are sometimes difficult, but necessary.
> Especially in our industry (high-tech).
>
> The need to deliberate the issue further is a mute point."
>
> Does anyone have any opinions on his security problems comment? It seems
> that alliare is pretty good about getting patches up - or we have just
been
> lucky and not had any problems. And, would you agree that in the
corporate
> IT department cf is "usually" not an option?
>
> Thanks in advance for any input.
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
