ColdFusion in the News: July 20-30, 2008 : Signs That ColdFusion is On Its Way Up

by Judith Dinowitz, Editor-in-Chief

Welcome to my first column on ColdFusion in the News, where I will cover ColdFusion as it appears in the mainstream press. If you have any news or articles that have appeared in the general IT world that touch on ColdFusion, please feel free to send them to me at editor@fusionauthority.com with the words ColdFusion News: in the subject line.

Adobe ColdFusion vs. Open BlueDragon Examined on InfoWorld

On Infoworld, J.Peter Bruzees is doing a series on open source and how well it fits into enterprise web development. In his first article, "Trade-offs of open source in the enterprise", he explained the plusses and minuses of going with open source as your solution, and he talked specifically about using ColdFusion via Open BlueDragon vs. Adobe ColdFusion. There are some great quotes here by Adam Haskell and Alan Williamson (lead developer of Open BlueDragon). In his second article, "A Windows Admin Tames Open BlueDragon", J. Peter spoke of his experiences implementing a website that used Open BlueDragon as a ColdFusion engine, MySQL as a backend database, and a Windows Server 2008 Web Edition to display the ColdFusion pages through a Jetty Web service. (He could have used IIS, but chose not to.) His verdict in the article was positive on the side of open source, though he admitted that he prefers to figure things out on his own and does not generally rely on vendor support.

These articles are great examples of positive ColdFusion press, even though they were focused on BlueDragon rather than Adobe ColdFusion.

ColdFusion Tech Articles in the Mainstream

You all know about the great ColdFusion sites – Fusion Authority, the blogs – but did you know that ColdFusion is getting more coverage from mainstream tech sites than it used to? The latest example of that is an article Joe Rinehart of Model-Glue fame did on the Dr. Dobbs' site. In "Building RIAs on J2EE Foundations: ColdFusion", Joe talked about how to build a simple RIA using Flex as a frontend and ColdFusion as a backend. The article is well-written (good work, Joe!) and is divided into three parts – an overview, a look at building the Flex frontend, and a look at building the backend with ColdFusion. While not as in-depth as an article you'd find in the Flex Authority or FAQU journals, I like this as an introduction for the uninitiated who might not consider ColdFusion.

In the beginning of July, Doug Hughes did a two-part series on ColdFusion for the Web Developer on HTML Goodies to Go, which publishes a weekly newsletter on HTML and related technologies. These are the first articles on ColdFusion that I have seen in that newsletter, though I have been getting it (and enjoying it) for years. Doug did a great job of explaining the advantages of using ColdFusion by looking at some of its features and how they make web development easier. The topics he touched on include how easy it is to query a database, ColdFusion's built-in form validation, and its PDF generation and manipulation features (the CFDOCUMENT and CFPDF tags).

• Adobe ColdFusion for the Web Developer Part I
  
• ColdFusion for the Web Developer Part II
  

Articles like these are positive signs that ColdFusion's image in the press is changing for the better. Thank you to both Doug and Joe for helping to promote that change!

The Hack-Attack Article

This would be a poor news column if I didn't at least mention the article in Hacker Webzine that detailed exploits on ColdFusion sites. News of this article, and a series of attacks directed against ColdFusion sites, have appeared all over the ColdFusion blogosphere. Ben Forta noted that now that this information is out there, it should be a call to all of us to make sure we use CFQUERYPARAM to secure our queries and to make sure our sites are secured against the exploits mentioned in the article. While I'm not happy that these exploits were released, it's another sign that ColdFusion is being taken more seriously as a language. As a community, we need to make sure we're up to the challenge. I would be interested in running a series on Securing Your ColdFusion site here on Fusion Authority. If anyone would like to write it, please email me and we'll talk.

While I intend to cover only mainstream news, I will make an exception here and post some of the blog posts that have covered this subject, so that you can use the information to better secure your sites.

• Attacking ColdFusion (Hacker Webzine article, 7/12/08)
  
• Hacker Webzine Recommends Use of CFQUERYPARAM (Forta.com, July 23, 2008)
  
• Use CFQUERYPARAM! (cf.Objective(), July 23, 2008)
  
• A Few More Thoughts on SQL Injection (cf.Objective(), July 24, 2008)
  
• Mastering CFQUERYPARAM (Pete Freitag's blog, July 24, 2008)
  
• CFQUERYPARAM with LIKE and IN Clauses (Rabid Gadfly, July 23, 2008)
  
• Now that You've Changed Your CFQUERYs to use CFQUERYPARAM, Get Rid of That Blue and Grey Screen (Stephen Withington, July 24, 2008)
  
• Rash of Attacks Target Coldfusion (Gary Gilbert's Technology Blog, July 23, 2008)
  

Judith Dinowitz is the Editor-in-Chief of the House of Fusion magazines and journals, where she enjoys serving up ColdFusion and Flex goodness on a weekly and quarterly basis.

• Subscribe
• RSS

• Editorial
• Specials
• Community
• News
• Tech and Tags
• Views
• Reviews
• Techniques
• Security
• Best of ColdFusion Talk
• Knowledge Base
• Blog Watch

• Tipical Charlie