I am happy to present Five Reasons to Learn CF in 2019. I'm trying to be honest here, but you may find some bias because I love ColdFusion. There, I confessed. Read on!
Five Reasons To Learn CFML
- It's SO EASY to write!!
- Super powerful - ldap, database, imap, pop, ftp and caching support built-in
- Great security - from ESAPI support to security dudes like Pete Frietag.
- Great job market, can command "unicorn" salaries
- Community is very tight-knit, lots of help from package maintainers
CF is So Easy To Write
If you take only one sentence away from this article, let it be this: You can build applications faster (and with fewer defects) in Coldfusion than any other language. You simply won't find an easier language to program in. (And please don't reply "Python" because I will shoot right back: "Whitespace!") Coldfusion has been designed around the Rapid Application Development methodology, and should fit in well with any team looking for rapid, iterative development. (Agile, anyone?)
But lest any think I bluff, here's why I think CF is so easy to write:
Why is CF So Easy to Write?
- CF has two familiar syntaxes - tag and script - both of which should be easy for frontend devs to pick up. These days most modern CFML trends towards the script syntax.
- No baloney whitespace requirements. Sorry, Python - that makes your code look beautiful, but definitely harder for new devs to pick up.
- Built-in features, as opposed to poorly-documented, inconsistently designed third-party libraries. I'm not trying to down third-party libraries and frameworks, but I posit that you should absolutely not need to install a library to perform basic language features (such as file manipulation, email, HTTP calls, etc.)
CF is Super Powerful
CF is so stinkin' useful and feature-packed that after eight years programming in CFML I still come across functionality I never knew existed. There is an abundance of wow-it-can-do-that?-type functionality baked in by default, and you can conceivably build startups or small web apps that focus on any of these:
- build CRUD apps
- deliver email newsletters
- import spreadsheets to the database
- write a blog engine
- send web forms to a fillable PDF
I'm going to follow with an excerpt from my Why CF? blog post, as just one example of functionality which is so easy in CF and so difficult in other languages:
I built a website for a painter several years ago using PHP and Bolt CMS. One additional request the client had was to embed a watermark into every image served on the website. Try as I might, I could not get this done within the client's minimal budget - PHP's image processing functionality is somewhat minimal without addon extensions such as
GD
.In CF, there is a single function which allows this:
imagePaste()
. Take a watermark image and paste it onto a second image, in the upper left corner. Write the image to a file. Done.
CF is Super Secure
Why is CF super secure?
- Built-in XSS sanitization library via OWASP ESAPI
- Built-in security functions for authentication, hashing and encryption
- A security-conscious community and industry
ColdFusion is highly secure from XSS vulnerabilities because of the built-in OWASP ESAPI library. The ESAPI library provides fantastic XSS-safe canonicalization functions such as encodeForHTMLAttribute()
or simply canonicalize()
.
A second reason for the great security of CFML is the plethora of built-in authentication functions. You can salt and hash a password in SHA-512
algorithm with 10,000 iterations with a single function call, encrypt user's email addresses, or build powerful role-based authentication with cflogin()
and isUserInRole()
.
Finally, remember that many CF applications are in the government, health or banking industries. This fact alone both proves CF's security prowess and pushes CFML security efforts forward. This is the reason we have smart dudes like Pete Frietag and Charlie Arehart specializing in Coldfusion security products. You can follow lockdown guides from Pete, Charlie or the Adobe team, purchase a CF-specific firewall, or use Fixinator.app to perform security scans in a CI build to limit the number of security defects released to production.
The Great CF Job Market
Let's face it: If you can program well in ColdFusion, you are a unicorn in a fairy tale. There are a lot of CF jobs with few developers to go around. Thus, a good ColdFusion developer enjoys good prospects and a high salary. (Seriously.) I was told recently on Twitter that with correct positioning, I could command a "unicorn salary" in Coldfusion consulting. A quick job search on Monster and Indeed finds multiple good-looking opportunities at a local medical university, among many others. And CF's JVM nature means it is easy to work your way into a similar JVM language, or Java, if you really felt the urge to leave the ecosystem.
The CF Community
The CF community is, quite frankly, awesome, and it all stems from the CFML Slack Group. Got a syntax question? Ask Slack. Struggling with getting started with the Coldbox framework? Ask Slack. Often questions concerning ORM usage are answered by none other than John Wish, author of THE book on Coldfusion ORM. I myself recently asked a question concerning the CommandBox CLI tool, and not only received an answer from Brad Wood, but he also updated CommandBox within 48 hours to prevent further such issues in the future. Pretty good customer service for an open-source project. ;)
Conclusion
I believe that ColdFusion is one of the best programming languages out there, and it is worth learning today. Disagree? my Twitter DMs are open! Agree? Share this post. :)
Top comments (9)
Why do you think a lot of people stopped using ColdFusion after an initial burst of popularity?
I tried to find it on the list of 100 most popular programming languages and I couldn’t find it. I don’t think popular == good, but being almost unknown doesn’t inspire confidence in the long term viability of Cold Fusion.
Here are languages 51-100 from the TIOBE index all more popular than Cold Fusion and I’ve never heard of most of these.
4th Dimension/4D, ABC, ActionScript, Alice, Avenue, BBC BASIC, bc, Bourne shell, C shell, CL (OS/400), Clipper, CoffeeScript, Common Lisp, Crystal, Elixir, Emacs Lisp, Factor, Forth, Hack, Haxe, Icon, Inform, Io, J#, Korn shell, LiveCode, Maple, Mercury, Monkey, MQL4, MS-DOS batch, NATURAL, OpenCL, OpenEdge ABL, PL/I, PostScript, PowerShell, Pure Data, Q, Red, Ring, RPG, S, Snap!, SPARK, Tcl, Tex, Vala/Genie, VBScript, VHDL
'Initial Burst' - not sure what you mean... if 10 years of being an ad agency - go-to language, and now being over 20 years old and selling more copies of ColdFusion than ever (according to Adobe) PLUS having a MORE popular open source version, means it's more popular than ever.
Industry doesn't code in 'fanboi' languages, they code in viable long term languages, which is why cfml is a standard part of most large enterprise stacks - it just has smarts that work today and for enternity, oh and it's way more secure than php or node or dotnet.
Considering pretty much EVERY major telco, power company, big pharma and government agency uses it right now, I think you've been in a cave mate.
As for 'Tiobe', (no-one takes them seriously)- it doesn't think cfml is a language, rather a XML variant (heads in the sand) So put it above Ruby as it's the same ballpark - you're looking at #16 - and i'd say now SASS compilers are no longer tied to Ruby, it should start dropping rapidly also.
Unlike other languages, cfml is easy to learn and use, hense less people needing to ask questions, stuff just works and questions like 'how do i open a connection to' don't exist as the server does this for you - removing 20% of the traffic to StackExchange that other langs have.
Thanks for all the info :-)
I did not know ColdFusion fell under the category of XML languages or that that even was a category. So the Tiobe Index is not very helpful with regards to ColdFusion.
With regards to what I meant with initial burst, I see a definite pattern in how many people search for ColdFusion. How would you interpret that graph? (Question 1)
If you're using any technology with succes and you're happy with it too: that's great! If you say it's used in a lot of places, cool! Do you have any sources for that?
Btw: I'm actually really interested because one of my employers is in the process of making a decision about a web-app builder, and that company is using ColdFusion.
I have more questions :-) I'd ❤️ it if you could enlighten me, and others of course.
Question 2:
What about ColdFusion makes it so easy to learn? Good documentation? Very little syntax to learn? Good editor support? Good error messages?
Question 3:
Would you say that there's less open source code for ColdFusion than in other language ecosystems, relatively speaking? Would you say the licensing is a factor in this?
Question 4:
I see that ColdFusion provides a lot of built-in libraries. What I've seen from Python is that this can be a good thing and a bad thing. Good because a lot of people tend to use the standard library, bad because evolution of any code in the standard is slow. Do you recognize this for ColdFusion? In which ways do you or don't you?
Question 5:
Wrt built-in libraries, how easy is it to create and use your own library for doing things if you're not happy about the standard library solution?
Question 6:
I've been using functional programming languages and techniques more for the past two years (not mutating data, passing functions around, composition). I don't think ColdFusion has language features for this (according to Wikipedia). Do you think Adobe will add this?
Question 7:
What would you say are drawbacks of ColdFusion?
Question 8:
Is ColdFusion single-threaded? If not: how does it do concurrency?
Question 9:
What kind of applications are great examples to use ColdFusion for?
Question 10:
For what kinds of problems would you definitely not use ColdFusion?
Question 11:
What's the most well known open source application in CF?
Thanks!
Lot of great questions here!
I think Chris' point was that Coldfusion is not a variant of XML, thus it is being unfairly removed from the ranking entirely.
As an answer to your Google Trends graph, allow me to point you to the Google Trends graph for HTML. Should we abandon HTML? It's obviously unpopular. ;)
I mentioned this briefly in my Why CF? article. In short, CF has two equally powerful syntaxes, and new developers can choose from an HTML-like syntax or a Javascript-like syntax. Error messages are simple and straightforward, unlike the mess you get with minified JS or C compiling, and most functions are designed and named consistently, unlike PHP in the older years.
Yes, there are fewer open source libraries for CF than other languages, mainly because most CF applications are classified or proprietary or both. I don't think the licensing has a factor - I haven't used the licensed version of Coldfusion in years. Most folks in my circles use Lucee, the open source variant. If you want to see CF open source stuff, check out ForgeBox Oh, you can also use any open source Java library within CF if you so choose, by the way, so the "lack" of native CF libraries is not really an issue. As an example, I used a Trulia-built Java library to build a set of RETS data imports really easily a few years ago.
Most of the time, CF's builtins are fantastic. Again, see my Why CF post for how awesome it is to send an email with three lines of code, or watermark/resize/downgrade images with 1-5 lines. There are a few instances where the implementation is poor, such as the built-in REST api. In this case, the community warns against it and advises folks to use open-source frameworks such as Coldbox or Taffy.
See my Why CF post, or this very post above. :) Yes, it is easy to create your own libraries, that was a main point I wrote about in this post. CF is easier (far easier) to build apps in than any other language I have programmed in.
Hmm, I'm not up on functional programming, so I don't know exactly which feature you are asking about. I do know that CF supports functions as a first-class citizen, and thus there are a lot of higher-order functions in CF which are useful for manipulating arrays, structs, lists and query objects. I'm slowly moving to the use of these higher-order functions, using member function syntax and Lucee's awesome new lambda expressions:
var submittedCommentIsVulgar = allBadWords.some((word) => return form.comments CONTAINS badWord);
I'm actually working on writing a post on Lucee higher-order functions which should be out in a few days.Drawbacks... CF is not perfect, and you are right that it is a less-used language. (Although it is a good deal more popular than most folks realize.) One big drawback of CF is Adobe itself - Adobe's high licensing costs, terrible (non-existent) marketing and poor treatment of the CF community has turned off many developers. I have moved from Adobe CF to Lucee, and there is a big improvement in features, community support (the Lucee team talks to and works with the community), and of course it's free so it's just a better situation all around. Also, because CF is based on Java it has a bit of overhead for starting up instances - think 20-60 seconds for a new server. This is not a large problem, because how often do you spin up a new server? Just something to consider. The Lucee team is working on shrinking the build size, and you can already download a
.jar
file with no extensions hovering at ~17MB.Yes, CF is multi-threaded. Each request is assigned a new thread, up to the specified thread limit. You can also bake in threading as necessary, for example: wrapping HTTP calls into a separate thread. Finally, a lot of new features like
arrayMap
andarrayEach
support aparallel
function, so you can loop over an array, perform complex/time-intensive processing on each item, and let Lucee thread the work based on machine capabilities.CF is awesome for CRUD apps, data processing, and web apps. Basically any app where you need to touch a database is so so easy in CF.
I would not use CF for implementing new encryption algorithms, powering a space shuttle, or heavy string parsing. Pretty much any real-world web application can be easily written in CF. Just make sure you follow standard best practices - don't do stupid things and then blame the language, as many CF detractors seem to do.
Most popular CF open source application is probably Coldbox, an MVC framework specializing in REST APIs.
I sure hope you appreciate this comment, cuz it took me like two hours. :) Thanks for your honest, intelligent questions!
Hey cool, thanks for the long answer :-)
I read it twice :-)
One more followup to the threading question, are you talking about OS-level threads there?
Thanks!
Well, are there any other kinds of threads? I know that it uses Java threads under the hood, so however Java does it is how Coldfusion does it.
With that said, here's an article of how Java threads work: geekyarticles.com/2011/08/java-thr...
Hope that helps!
I’ve been learning Elixir and that has very lightweight processes for concurrency, and I believe Go also has some lightweight concurrency built-in to the language.
Don't waste the time to learn Coldfusion. I suggest spending your time learning C#, F#, Clojure, Go, Elm, Typescript, Python and even PHP as Coldfusion has no ecosystem and imho has absolutely no advantage to any of the other languages I mentioned. There is a ton more resources available to you with the other languages and more of a "engineering" attitude as most the CF'ers I have come across can't explain what SOLID, DRY, closure, etc... is. I can't imagine any business making the decision to stay with Coldfusion or develop from scratch using Coldfusion and I have developed on two sizable enterprise apps in Coldfusion over the last 15 years.
Popularity is not the goal: