This is going to sound annoyingly familiar, but:
Most security holes in ColdFusion are not the product of ColdFusion, but
faults of the underlying webserver (e.g. IIS), and this is not going to
change between ASP and ColdFusion.
Apart from that (and maybe a side note about Netegrity), I think this is
really THE SAME DISCUSSION AS SCALABILITY -- it's not the language that is
insecure, it's the code and architecture you build with it. If you're
letting SQL statement parameters come through the URL without checking them
first, if you're not filtering your form data, if you aren't preventing
users from running includes directly, then your application is insecure in
both ASP and ColdFusion.
I could go on and on about this, but since pages and pages have been
generated over the scalibility issue, and since I really think it's the
exact same issue, and since the song is inherently boring to the choir, I'll
stop. But go through the list archive and look at the scalability
discussion, particularly at Doug Nottage's and Dave Watt's posts on this
which I think were very good.
Then tell your client the most important question is not what is the better
language. It's who is the better firm.
Michael Caulfield
-----Original Message-----
From: Daryl Fullerton [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 06, 2001 3:51 AM
To: CF-Talk
Subject: RE: OT But Urgent - Knock CF if you dare
Thanks Mike,
I got some more info.
The Rival company is slating CF by saying it is not as secure as ASP.
I am not gonna fling Mud but the client was looking for some independent
reviews.
Any one got info on CF security V ASP Security?
Cheers
D
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 06 April 2001 00:12
To: CF-Talk
Subject: RE: OT But Urgent - Knock CF if you dare
Here are a couple of useful URL's
http://www.webreview.com/2000/09_01/developers/09_01_00_1.shtml
This is Microsoft's take on CFAS
http://msdn.microsoft.com/library/default.asp?URL=/library/periodic/peri
od00
/coldfusion.htm
Kind Regards - Mike Brunt
Macromedia Consulting
Tel 562.243.6255
Fax 401.696.4335
http://www.allaire.com/services/consulting/
-----Original Message-----
From: Daryl Fullerton [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 05, 2001 2:04 PM
To: CF-Talk
Subject: OT But Urgent - Knock CF if you dare
Hi all,
We use a little bit of ASP with CF from time to time.
We are pitching for a contract whereby the opposition are slating CF big
time.
In actual fact they are saying all sorts of bad things about CF to the
client in an effort to get the client to move to ASP.
Any Amunition out there i can fire back with.
I dont normally slate ASP but they have started this.
Articles would be good...
Appreciate the help
Cheers
D
Daryl Fullerton,
Managing Partner,
BizNet Solutions,
Allaire Premier Partner (Ireland)
133 - 137 Lisburn Road
Belfast
BT9 7AG
N.Ireland
Direct +44 (0) 28 9022 7888
Tel +44 (0) 028 9022 3224
Fax +44 (0) 028 9022 3223
[EMAIL PROTECTED]
Http://www.BizNet-Solutions.com
[EMAIL PROTECTED] (Chairman)
Http://www.cfug.ie The Irish Cold Fusion User Group
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
