I Love ColdFusion

I have to prepare a PHP/IIS box for production. Sarbanes-Oxley and the responsibility to prove that I am compliant scares the bejesus out of me.

Last night I was doing my home work and pouring over article upon article about how best to Harden PHP.

I ran into this: A Study In - Scarlet Exploiting Common Vulnerabilities in PHP Applications by Shaun Clowes SecureReality (Shaun - dude you are a good writter)

OHHHH MYYYY GOOOODDD!!!

Not only is this a well written piece (get past the first page or 2), it describes many simple hacks to abuse and torture PHP and how they are done.

What blew my mind is how "Scary Open" PHP is compared to ColdFusion. Sure I get that you can code to protect yourself (what ever that means, shouldn't my platform help me do that) but … that much?!?!?! Maybe I am late to the party but WOW, with a default PHP 4.x install you can set, over ride, and kill Session and Global variables via the URL or FORM scopes. Eek!! Eek!!!

I liked reading about all the ways to hack PHP, and then transposing these ideas to ColdFusion and discovering that ColdFusion is truly an incredible language/platform. Just as powerful, just as easy, but waaaayyyyyyyyy more secure. Note: I am not bashing PHPer's, there are AWSOME PHP applications out there.

WOW, I Love ColdFusion, read that article and you will have a new found sense of: Piece Of Mind.

I guess you get what you pay for. I'll pay for security any day of the week.

Thanks Adobe for letting me sleep at night.