Have you ever done any GORM work? Now technically embedding hibernate into ColdFusion would technically be under the hood as far as ColdFuison is concerned.
I mean, I might as well by your reasoning say that ajaxUI is not under the hood in ColdFusion because it uses a 3rd part library to do its work. In the advent that ColdFusion does incorporate hibernate it will technically be under the hood, because your tags / functions call internal wrappers to ColdFusion to do the work for you. So technically GORM and its Domain Driven Design, is considered to be under the hood. Technically.... -- Senior Coldfusion Developer Aegeon Pty. Ltd. www.aegeon.com.au Phone: +613 9015 8628 Mobile: 0404 998 273 -----Original Message----- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Sunday, 17 August 2008 1:29 AM To: CF-Talk Subject: Re: SQL injection attack on House of Fusion Andrew Scott wrote: > I stand by the fact that cfqueryparam, can and should be taken care of under > the hood. Other languages are doing it, so what does that tell you? It tells me that they need additional configuration or convention. I have 2 functions with the following signatures in my database: find(needle:char, haystack:text):boolean find(needle:varchar, haystack:text):boolean I call the database in one place using: <cfquery ...> SELECT find( <cfqueryparam cfsqltype="cf_sql_varchar" value="#x#" />, <cfqueryparam cfsqltype="cf_sql_varchar" value="#y#" /> ) </cfquery> In another place I use: <cfquery ...> SELECT find( <cfqueryparam cfsqltype="cf_sql_char" value="#x#" />, <cfqueryparam cfsqltype="cf_sql_varchar" value="#y#" /> ) </cfquery> Along comes your ColdFusion version that can determine datatypes to bind to automagically. So now I start using: <cfquery ...> SELECT find('x#', '#y#') </cfquery> But which of the two find() functions in the database is going to get executed? The only way to make sure a specific find() function is executed in the database is by configuring the ORM to do so. Fine, problem solved. But that is not under the hood. ORMs need configuration too. That is not under the hood. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311110 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
