I forgot to mention that you will indeed have to use Enterprise for that ability.
On 9/24/07, Dave Shuck <[EMAIL PROTECTED]> wrote: > > Christopher, they are simply spouting off about things that they don't > have knowledge about nor understand. Since at least version 7 (possibly > 6.1, but I don't think so), ColdFusion has had the ability to be deployed > by way of sourceless deployment. There are many articles explaining how to > do this, but in essence you install it into a J2EE server as a compiled java > application. > > For bullet points to back this up, and for a few additional bullet points > related to security, check this link: > http://www.adobe.com/products/coldfusion/coldfusion7/features/ > > > In short: > _____________ > EAR/WAR deployment > > Deploy an application and the entire ColdFusion runtime as a standard > Java™ archive (EAR or WAR file). Moving ColdFusion applications into > production in J2EE environments has never been easier. > Sourceless deployment > > Optionally omit unencrypted ColdFusion Markup Language (CFML) source in > ColdFusion applications packaged as J2EE archives, allowing applications to > be redistributed and helping protect sensitive information. > _____________ > > When you take this approach, there is absolutely no difference between > this and any other Java application that they deploy. > > ~Dave > > On 9/24/07, Ron Mast <[EMAIL PROTECTED]> wrote: > > > I'm thinking you could map a drive to your application server from your > > web server and then assign that drive as the home directory and I believe > > you can connect to SQL server via network to create an ODBC or JDBC > > connection. Haven't tried it but I'm guessing that would work. Hopefully I > > didn't misunderstood you. > > > > > > > > Ron Mast > > > > Truth Hardware > > > > Webmaster > > > > 507-444-4693 > > ------------------------------ > > > > *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > *On Behalf Of *Christopher Jordan > > *Sent:* Monday, September 24, 2007 12:56 PM > > *To:* Dallas/Fort Worth ColdFusion User Group Mailing List > > *Subject:* [DFW CFUG] Security Questions > > > > > > > > Hi folks, > > > > I need some advice. One of our bigger clients has a handful of Java > > developers working for them who don't particularly like ColdFusion. While > > their initial complaints were that it wasn't open source and that you're > > tied to one particular company (thoughts which I quickly squashed), now > > they're whispering in the ear of the decision makers that Cold Fusion won't > > do "Three Tiered Security". > > > > I just now think I remember asking the group about this once before, but > > it's probably worth talking about again. Their idea of the three tiered > > security model is that there's a web server, an application server, and a > > database server. The web server contains no code, no passwords, and can only > > communicate to the application server by virtue of the web server's IP > > address, and because the web server is the only machine that knows where the > > application server is. Sounds a bit like "security through obscurity" to me, > > but what do I know? > > > > Anyway, these Java developers are telling the decision makers at this > > client that ColdFusion just isn't secure because it can't do this three > > tiered security stuff, but Java can. So they're saying, "why don't you just > > let us rewrite everything in Java for you?" > > > > Well, while my little company has never run CF as anything but a windows > > service, using CF Standard. We figure that it's written in Java so we ought > > to be able to make CF run in this sort of three tiered environment too. > > > > So my questions are: > > > > * Are these developer's right? Is CF not capable of running this > > Three Tiered model, and are we less safe for it? > > * If in fact, CF *can* run in this Three Tiered model, will we need > > to upgrade to CF Enterprise to do it? > > * Lots of our code is proceedural, though we've been switching to > > using CFCs slowly (not really OO, but rather storing related queries, and > > functions in CFCs) > > * What arguments can we make to our client on this subject? > > * Can anyone point me to any articles or other materials online > > concerning this topic specific to CF? > > > > Thanks for any help guys and gals. I'm going to cross-this to CF-Talk, > > so I apologize in advance for any duplication I may cause. > > > > Chris > > > > -- > > http://cjordan.us > > > > _______________________________________________ > > Reply to DFWCFUG: > > [email protected] > > Subscribe/Unsubscribe: > > http://lists1.safesecureweb.com/mailman/listinfo/list > > List Archives: > > http://www.mail-archive.com/list%40list.dfwcfug.org/ > > http://www.mail-archive.com/list%40dfwcfug.org/ > > DFWCFUG Sponsors: > > www.instantspot.com/ > > www.teksystems.com/ > > > > > > > -- > ~Dave Shuck > [EMAIL PROTECTED] > http://daveshuck.instantspot.com -- ~Dave Shuck [EMAIL PROTECTED] http://daveshuck.instantspot.com
_______________________________________________ Reply to DFWCFUG: [email protected] Subscribe/Unsubscribe: http://lists1.safesecureweb.com/mailman/listinfo/list List Archives: http://www.mail-archive.com/list%40list.dfwcfug.org/ http://www.mail-archive.com/list%40dfwcfug.org/ DFWCFUG Sponsors: www.instantspot.com/ www.teksystems.com/
