> The new boss has arrived in my department and of course he
> wants everyone to switch from the awesome and all mighty cold
> fusion to .... PHP. We do need some other strengths in our
> department for those clients who don't want us to host their
> application or don't have cf on their server, but, he wants a
> complete switch. Here is a glimpse into his last email:
>
> "It could be argued that both technologies have their strengths
> and weaknesses. However, in the corporate IT department, CF is
> usually not an option due to cost and security problems. I realize
> that changing perceptions and old habits are sometimes difficult,
> but necessary. Especially in our industry (high-tech).
>
> The need to deliberate the issue further is a mute point."
>
> Does anyone have any opinions on his security problems
> comment? It seems that alliare is pretty good about getting patches
> up - or we have just been lucky and not had any problems. And,
> would you agree that in the corporate IT department cf is
> "usually" not an option?
There are no significant security problems that are CF-specific, as long as
you don't deploy the sample code on your servers. There are lots of security
problems with CF applications, caused by the failure of developers to filter
input from the browser. Those problems exist with PHP applications, and ASP
applications, and any other kind of web applications.
Most of the security problems that Allaire notifies people about are
actually IIS security problems, as far as I can tell.
As for CF's availability within corporate IT, I'd guess that it's much more
accepted than PHP, at least "officially". Most IT directors are a bit leery
of using open-source solutions. They like to have someone to call when
things go wrong.
PHP is nice, though, and kind of fun, but it's a bit more difficult than CF,
and for most business applications doesn't offer anything that CF doesn't.
As a bit of trivia, PHP used to be quite often referred to as the "poor
man's Cold Fusion" back when it stood for "Personal Home Page".
On an unrelated note, it's "moot point", not "mute point".
Finally, I'm sorry to hear that this is what your new boss is like. It's
always sad to see things like this - it would be just as bad if you were all
using PHP and he came in and said "we're switching everything to CF". You
might be able to reason with him, but in my experience there's usually
nothing you can do with these types. Good luck, though.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
