Storing the passwords in plain text within a database is not a good idea. Many people use the same password for their email, online-banking or social network accounts and probably your app. So the passwords should be safe if your database gets into the wrong hands.
So how do you safely store a password?
Coldfusion 9.0.1 is essentially disqualified to be used with NoSQL datastores where JSON is involved.
We have used Coldfusion since 3.0 in 1998 upgrading to 4.0, 5.0, 6.1, 7.0, 8.0 and 9.0. We did this upgrade for our servers and for even more of our customers servers that use our software.
The standard history.back() does not work in Chrome and probably Safari and other Webkit browsers.
It took me a while to figure this out.
We are using CSS files with embedded images on some sites. Have a look at Nicholas C. Zakas excellent cssembed utility.
The good thing: Just after loading the CSS most of the images needed to display the site are at the client. No longer does a new visitor request dozens of small 1KB PNG files for backgrounds, bullets and tiny icons. It’s all right there in the CSS. This really pays of when you target mobile users where latency and slow connections let page rendering times go thru the roof with lots of small requests.
If you use Coldfusion to create Javascript endpoints - e.g. for Ajax Requests, then everything might work just fine at first sight.
Later some users might report that in Internet Explorer (6.0, 7.0 and 8.0) content that you refresh via Ajax requests might not get updated.
Amazon S3 is awesome for scalable hosting especially for images, videos and other assets.
If you still want to show your visitors your own domain instead of the s3.amazonaws.com domain for your assets then you can setup a CNAME record for your domain pointing to the S3 bucket.
So we used Google Analytics on many of our projects - but no longer do.
Still most of our visitors have those lifetime cookies __utma and __utmz set and send those to our servers with every request.
Just a quick note - as I keep forgeting this.
With its standard setting Internet Explorer will fetch the same URL from its cache if called a second time within the same browser session. That is if the URL had no special Headers set.