> The second is that this is why..... ColdFusion should have > adopted an approach that used an ORM instead.... With an ORM > it reduces the risk, provided the ORM takes these attacks seriously. > > I have never seen these attacks with hibernate, within GORM > and Domain Driven design approaches.
ColdFusion is a programming language, like Java. Just as Java doesn't come with an ORM, neither should CF. > I so hope that ColdFusion 9, has 2 things on its release. > > 1) The engine itself is open sourced. And the extra > functionality and support for middle tier API integration is adopted. I strongly doubt that CF will be open source. > 2) GORM style approach as in DDD (Domain Driven Design) is > taken more seriously. > > With these 2 additions then SQL injection will be a thing of the past. With prepared statements, SQL injection has long been a thing of the past. It's not the job of an ORM to separate SQL code from data values. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310737 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4