This sounds like marketing BS to me. A properly installed ColdFusion serv
er
is more secure than the webserver its installed on. I've done work for th
e
federal reserve and they had no problem at all using ColdFusion to move
literally billions of dollars. CF is certified secure for use within
government agencies and I know a number of government and military people
on
this list alone.
In a large hypothetical company you should look at the source of this
hypothetical memo and trace it back to a salesman from broadvision.
Hypothetically, scare tactics are the best sales weapon.
> .. a large hypothetical company in a hypothetical land on an imaginary
> planet issued the following memo...
>
> [begin hypothetical quote]
> What is a Control Environment and DMZ?
> Many of you have received a number of internal memos on the importance
> of a "control environment." This environment encompasses all elements o
f
> controlling business processes to assure integrity of our information
> and protection of our financial, physical and intellectual assets.
>
> In an effort to alleviate the potential risk of breaches to our network
> from the Internet, an enhanced Demilitarized Zone (DMZ) is being
> developed as part of our control environment. The DMZ enables a company
> to offer secured services for a public Internet presence without
> compromising it's internal network, data, servers and systems. One
> component of a DMZ involves the use of firewalls that allow specific
> communications protocols to pass through its ports.
>
> As part of our DMZ control environment, all protocols utilized by
> specific application software will be tested and certified.
>
> How does Macromedia ColdFusion impact me?
> Macromedia ColdFusion is a web application server and programming
> framework that allows developers to create dynamic web-based
> applications with database connectivity.
>
> Although temporary use of Macromedia ColdFusion has been approved for
> existing systems within the DMZ, it has been proven to be a less secure
> environment under the companies protocol certification process.
>
> Beginning immediately, all new application development will require the
> use of certified software such as BroadVision. Pre-existing application
s
> developed using ColdFusion will also require migration to certified
> development software by September 30, 2002.
> [end quote]
>
> .. a couple of comments/questions/thoughts for the list...
> · Is this double-speak? Are they saying no CF for public consumption
> (internet) or no CF at all?
> · The so-called 'dmz' is a farm of unix boxes/firewalls/security
> tools/etc.
> · It strikes me that many people on this list building "business"
> applications for "large" organizations... What kind of management edict
s
> are you dealing with, if any?
> · Anyone working with BroadVision? Any truth to rumours of BroadVisio
n
> closing up shop?
>
> Thanks, Mike
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
