About Frank’s situation of having been burned in the past by CFFORM, it kind of makes my point. It’s this kind of situation, where someone gets burned and the issue is later fixed, where sadly so often the “bad taste” is left and people “move on”. Worse, at least in your case you know the problem was fixed, but others may have seen people report the issue but never heard of MM’s solution to it, so they go on bad-mouthing the tool.
And I say this as much about many CF features and tools out there. How many hold the report builder in ill esteem, though it went through many revisions, bug fixes, and improvements in 7.01, 7.02, and 8, yet many never gave it a second chance. Same too with the CF 8 Server Monitor. I hear so many say “it’s a resource pig”, when that’s a patently irresponsible assertion, if it’s not clarified. There is one feature of the monitor, “start memory tracking”, which can be a pig (and isn’t for everyone). But if you don’t enable it, then the server monitor is of little impact at all. And indeed, you can leave off all 3 start buttons and it STILL provides value with zero “cost”. Some will have heard these cries from me before, including these blog entries/articles where I elaborate on each of the above: Have there been any updates to the CF Report Builder feature? Yes, in fact http://www.carehart.org/blog/client/index.cfm/2008/12/13/cf_report_builder_updates CF 8 Hidden Gem: Incredible Info from the Server Monitor, with Zero Overhead http://www.carehart.org/blog/client/index.cfm/2007/6/15/cf8_hiddengem_monitoring_incredibleinfo as well as a FAQU “tipical charlie” column I did (available as a PDF extract): CFFORM: Are You Sure You Want to Ignore It? http://www.carehart.org/articles/#2007_3 I could go discuss others. I simply want to make the case that sometimes old “bad news” isn’t any longer as “bad” as it was earlier. :-) We would all do well to consider if some argument against something is truly valid (and if perhaps the assertion is with respect to something that may have been fixed/enhanced since then.) Thanks for offering a great demonstration of that point, Frank. Though I’ll understand if you’re “once bitten, twice shy”, regardless. :-) /charlie From: [email protected] [mailto:[email protected]] On Behalf Of Frank Moorman Sent: Wednesday, March 10, 2010 2:42 PM To: [email protected] Subject: Re: [ACFUG Discuss] validating credit card numbers with CF I used to use CFFORM with CFINPUT until I got burned by ColdFusion 7. When CF7 was first released we upgraded. One or two weeks before our implementation, we found out that their was a major bug (i.e. one that affected many pages in our apps) If you used both CFINPUT's validation routine and added your own custom javascript validation (for business logic that CF wouldn't handle) only one would execute (I forget which one.) We had to scramble for a workaround. We did create a javascript solution (Something like onSubmit="return(CustomRoutine || cf_Checkthis(this.name));" ) but then we needed to apply it to 200 or 300 forms throughout our applications. One or two months later Macromedia fixed the problem, but by then we already started moving to use our own javascript exclusively and when you have a common js include, it really is not that difficult to avoid CFFORM/CFINPUT. Frank On 03/10/2010 02:14 PM, Charlie Arehart wrote: Yep, Shawn, but I realize this is a subject about which some are passionate (and I don’t mean Dean, who has rightfully earned his place in the security pantheon), but I mean others who may have heard bad things about CFFORM (whether they really ever affirmed any issues) and would want to warn others or claim that my suggestion was naïve and leading lambs to slaughter. :-) I’ve seen it so often over the years, that I just didn’t want to have them kick the door in to make their point but rather just open the door so they could make their point without any violence. :-) /charlie ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
