Patrick Toomey

“Secure by Default” Doesn’t Seem to Be ColdFusion’s Motto

Adobe doesn’t have the best reputation when it comes to security (i.e. Flash). Well, that reputation seems to go beyond Flash, as I have had an occasion recently to review several ColdFusion based applications. As much as ColdFusion eases the development of web applications for developers, it is doing them a disservice when it comes to publishing a “secure by default” platform. Abstracting security details away from developers can be a great thing, but not when the abstractions themselves are insecure.