ColdFusion - Sometimes the Pros are the Cons

CFM Best Practices

With Coldfusion some of it's best features are also it's biggest problems.


Date : 2006-05-05
Cold Fusion, currently owned by Macromedia, began clear back in 1995. That same year saw the release of PHP 1.0 with ASP 1.0 being released the following December 1996. With all of these technologies being released at about the same time it is not surprising that there was fierce competition between them. Cold Fusion has been through 7 releases at the time of this article and is still improving. I started in CFM in 1998 and was immediately impressed with how quickly a dynamic web application could be created. My first application was a small time-card application that was used internally by the business I was then employed by.

When I think about the pros and cons of Cold Fusion I find they are mostly the same list. Some of Cold Fusionís best features are also its biggest problems. At a theoretical level, often the speed and ease with which you can develop an application also leads to not thinking things through. I have found a lot of CFM code that was a horrible mess of session variables for no good reason, cookies saving form input, multiple pages doing a single job and every other coding nightmare you can think of. To be fair there is probably just as much badly written PHP and ASP code out there. The point is that writing code of any kind in a hurry is going to turn out badly. So if people are attracted to CFM simply because it is fast then the chances are higher of bad code being written.

Some examples of easy code being bad code:

    1 You can create an editable data grid to edit database content with just a couple tags. The problem is this requires calling an applet in your browser that has been full of security issues since its inception.
    2 You can insert a form submission into a database table with one CFM tag. The problem is people doing this rarely bother to check the form submission for content, or rely on Javascript form validation, leaving them much more vulnerable to form based attacks such as javascript insertion.

I believe that ColdFusion is a great high level web development platform. Unfortunately it also seems to attract developers who are less concerned with quality and security and more concerned with the bottom line and how quickly a project can be finished. If someone were willing to spend the time to make a great application in CFM I believe that it would be just as good, and according to all the data I can collect, just as fast as an application written in ASP, PHP, or .NET. Unfortunately that is not what we usually see.

Comments :

No comments yet
  • Search For Articles