I keep hearing criticism from others that ColdFusion is old-fashioned and dead. Not so. Not by a long shot.
This year (2020) in October, we will attend the ColdFusion Summit (a developers and managers conference) for the sixth year in a row. It is a two-day conference with multiple, simultaneous sessions. Sessions focus heavily on new features of the ColdFusion world, future enhancements and security.
The newest version of ColdFusion will be released later this year and will expand on becoming the hub in a net of disparate microservices as well as a tool to create microservices. It is every bit a modern tool that keeps evolving. Every two years a new version is available.
What about cost?
ColdFusion server costs money. If you host your own server (or server farm), licensing is a serious issue. Years ago I discovered Hostek. They provide ColdFusion (and many other elements of the necessary stack) in a wide range of service models. You can have a site on a shared box for as little as $6 per month. Or, you can have managed services with dozens of boxes via their Managed Services model. Plus, everything in between. Best of all they are a major sponsor of the ColdFusion Summits and I have seen them working closely with the Adobe ColdFusion team.
Having your site at Hostek is secure (and GDPR compliant) and very affordable. No need for updating the servers or server software nor for making backups. I had a client clobber a database and call me at 7am in a panic. I called Hostek and they asked me if I wanted the 6am, the 2am or the previous 10pm backup restored. I selected the 2am backup and a couple minutes later the database was restored.
What about security?
I use a combination of Hostek, ColdFusion and MySQL (among other tools) for my applications. Hostek provides the physical security and the ColdFusion production server lockdown protection. ColdFusion has over 50 elements where the server can be locked down to prevent unauthorized access.
ColdFusion provides a <cfqueryparam> tag that prevents SQL Injection Attacks plus helps the database create query cache plans that help improve performance. Key fields (columns) in my database are encrypted on save and decrypted on view so a stolen database will avail nothing. Finally, every page checks for a valid, secure login using tools to auto-logout users if idle time is exceeded and to create a secure login based on user ID and password values.
ColdFusion also truncates a string variable upon seeing a carriage return/line feed. This helps prevent javascript injection attacks via the subject line of a Contact Us form (for instance).
It is not possible to totally prevent a serious hacker from doing damage. Just like it is not possible to prevent data from being stolen from an in-house server system. However, there are enough tools available with ColdFusion to protect sensitive data in the normal case.
What else?
67% of all data loss (deliberate or accidental) is caused by employees. Password sharing is a common issue. Disallowing multiple simultaneous logins with the same credentials is prohibited in my code (ColdFusion makes this easy). Also, logins from unusual devices, locations or times of day can be controlled.
Simple Interface and Feature Rich
Besides security and cost benefits, ColdFusion is a tag based (or script based for java and javascript developers) language that is very easy to learn. Developing robust applications and consuming 3rd party services is very easy. Therefore cost to the client for development or application evolution is far less expensive. The code is compact and easy to maintain.
These are just some of the benefits. The biggest for me is that ColdFusion is evolved in a logical and thoughtful way by the Adobe corporation. They are a powerhouse in the Internet community and have the resources to produce a quality product. Other languages provide excellent tools and are to be considered. However, they are developed by smaller companies or are open source and not subject to strong quality control. The good news is that, in most cases, these tools can be used in conjunction with ColdFusion.