ColdFusion MVC Frameworks and what you should know
Tags: Coldfusion
Anyone who picks up ColdFusion the first thing that comes to hand is how easy it is to get a small application up and running, but there are some serious draw backs to this implementation as it stands in ColdFusion. Over the next few articles I will go into a bit more depth as to why we might use a framework that supports an MVC pattern, as well as give you a run down on some of the more popular frameworks being used and the pros and cons of each one.
But first lets talk about why MVC frameworks have come to be very helpful when developing a ColdFusion Application, whether you are using an RIA client connection or even just a HTML page connection.
ColdFusion as we all should know began its days as being described as a Rapid Application Development toolkit, or application depending on who you talk to. These days it has had some major enhancements and one can really call it a suite of tools, that is built using a CFML engine to deliver an Application.
However in a previous post I tried to show that even today, ColdFusion is still not a secure software and promotes bad practices and sometimes extremely bad practices. This is just going to get worse over time until something is done by Adobe, and over the course of the new few posts you might understand why this is a problem and why some of the MVC frameworks exist.
So with that in mind what are some of the problems facing ColdFusion now, well lets look at a page that has the following code in it.
select * from customers where customerId = #url.customerid#
</cfquery>
//More code here that outputs the data.
Now I have made this as simple as possible in the above code, but that is code that is legal and commonly used by a lot of people who are new to ColdFusion. The number one problem here is that it doesn't handle what has become a major issue with Web Developers and that is SQL Injection. In the short term instead of tackling the problem in another way, the best thing that was offered is that we can now use a cfqueryparam to encapsulate the where clause to stop the SQL Injection.
But what is another problem that ColdFusion is promoting here, it promotes that we can create a template anywhere in the webroot and call it from the URL. And that is what opens the application up to more work by the developer, to try and protect the information and the application in preventing errors, or handling pages that should not be run out of the order that we don't expect them to be run in.
So now now lets look at an MVC pattern, every entry point into the application would be entered through a controller. It would be up to the controller to decide if the user has the rights to view the page or even continue if not logged in. Ok, it is maybe a little more complicated than that, but the point is that I would not be trying to run /somedir/somepage.cfm anymore. Instead I would be more inclined to see /controller/action/value and that normally would not reflect the place the files are stored in the Application.
So as you can see at its briefest an MVC framework has been born in ColdFusion, to overcome some problems developers have been trying to get their heads around for years. But the question is which MVC framework is best for me?
In the next few articles I will go through what to look for, what to avoid and which ones I have used and which ones I would highly recommend.
-
This looks to be an interesting topic. At the risk of nit-picking, I might not that I would love to see writings on MVC in ColdFusion that didn't deal with problems not solved by MVC (SELECT * and no cfqueryparam, for example).
I don't bring that up just to be critical, but rather to say that I think the examples would be more powerful if they zero in on the specific problems being solved by using MVC in ColdFusion.
I am interested to read more, keep them coming!# Posted By Steve Bryant | 6/1/09 7:31 PM -
Steve,
No you ae not being critical, I used that as an example. Because it was the first thing that popped into my head to illustrate that CFML templates can be called from the url, regrdless of their location.
I hope to answer that in some more detail soon.# Posted By Andrew Scott | 6/1/09 9:11 PM -
It's good to see posts about "good practices" especially when backed up by solid reasoning, so I hope you continue your posts.
I might be misunderstanding what you're trying to get across, but I would like to point out that saying that ColdFusion is not secure is a bit misleading as that is down to the code that a developer writes and the MVC pattern will not solve that. An insecure application can be written in any language. I think that you are also referring more to the front controller pattern rather than the MVC pattern when you talk about requests all being routed through a single template.
I'm not trying to be critical, just clarify what your saying :)# Posted By John Whish | 6/2/09 4:36 AM
TweetBacks