Yes, CF encryption is breakable. There is a site where you can go and decrypt them. However, it is unlikely your customer will know how to do that and they would have to pay someone to do it for them, so odds are if you encrypt them the won't be able to do anything with them.
Now I am going to discuss some ideas that could be illegal, Im not sure. So you've been warned. If you are really worried they may leave and take your code without paying you, I would add a few "features" to the admin that you will need to bury as deeply as possible. I would put in a very simple backdoor to the admin that will allow you to bypass any security you put in place and allow you to execute a command to delete the whole web root. That way, if they leave and take the code with them, you can nuke it. If your not as mean spirited as I am, you could just have it so you can shut the app down and show a message on all of the pages of the site stating the site has been shut down for non-payment. This is an idea we kicked around for awhile. Add a call from the app to one of your sites that checks a web service that simply asks, is this client in good standing. If you have flagged this client as bad, it then shuts the app down. HTH, and if you do use any of my suggestion, I did'nt tell you to do it, I dont know you and you are legally on your own. =] -- Alan Rother Macromedia Certified Advanced ColdFusion MX 7 Developer ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:240436 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54