It was a bright, sunny day when, after years of construction, Disneyland opened in California in 1955, proclaiming itself the theme park of the future. Unfortunately, as good as it all looked, the park wasn't quite as ready for the hordes of visitors as it thought it was. On opening day almost all of the rides broke down...there were too few trashcans, causing overflows of garbage...the lines were far too long...and not enough water fountains were operating. To compound the situation, thousands of counterfeit invitations had been distributed, so the park was overloaded with many more visitors than it could handle. Because of this, the roads leading to Disneyland were jammed with bumper-to-bumper cars filled with some very cranky passengers. It was by no means a good beginning. Lucky for them, things seem to have turned out quite well today.

What does Disney have to do with ColdFusion? Not a lot really, on the surface - but it's a great analogy if you think of how many Web sites these days have the same kind of openings as Disneyland. The disasters that Web site problems can result in can be much more catastrophic than the teacups not spinning around. With ColdFusion and the wonderful world of the Web, the possibilities for disaster are much worse. Just look at all the news articles these days about teenage hackers breaking into large e-commerce sites and stealing the credit card numbers of thousands of customers.

The security problems that lots of sites are having aren't just little cracks in a big wall; it's a series of wide-open doors that are just inviting people to break in. Remember, for every single problem that's being caught and talked about, there are probably twice as many occurrences that we don't know about yet. The problems that are being reported don't involve any major hacking attempts or schemes. They're tiny - little problems that are relatively easy to find and exploit, and even easier to fix.

The simplest of the problems that are cropping up is that plaintext databases connected right to the Web are easily viewable because the data isn't hidden or encrypted in any way. Another common one is that people are using preset default user ID/password combinations instead of changing them to their own unique ones. Remember, if it's the default password, not only will you know it, but so will anyone else who has ever used the program. I shudder to think of all the bigger problems out there that no one knows about...or, worse than that, about the select bunch of individuals who are exploiting it.

So what's the cause of this problem? More important, what's the solution? In today's superfast Web world, the priority isn't on taking the time to do things right. Instead, it's on getting things done yesterday, which is the only time that's soon enough to keep up with the fast pace. The only goal these days seems to be putting things up online quickly. Today's priorities are all about the bottom line. How much money are you making?...How many people are coming to your site?...And - most of all - what can that do for your stock price?

Quality just isn't the main concern anymore - it's an afterthought. That's extremely evident throughout the industry. Look at how many patches are out for the software you use every day. It's all about getting the product out on time, no matter what, so the balance sheets for the quarter look nice. Why worry about the problem of security now and take the time to do it right, when you can worry about it later?...After something horrible happens, of course.

More time needs to be spent on doing things well, and that's the only true solution. In the long run your customers will appreciate it and your boss will appreciate it. And if you avoid a disaster, then your company's investors will appreciate it too.