Even Allaire (I say Allaire because they're the one's who released this
advisory) recommends against it:
http://www.allaire.com/handlers/index.cfm?ID=10969
---
Billy Cravens
Web Development, EDS
[EMAIL PROTECTED]
-----Original Message-----
From: John Wilker [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 20, 2001 1:54 PM
To: CF-Talk
Subject: RE: Intellectual Property (warning)
Just as an add on in support of not encrypting CF code, but finding an
alternative, Encrypting the CF code even in the weak built in encryption
is a performance hit. Now before the CF server can do it's thing it has
to decrypt the page. Adding stronger encryption would just further slow
down the server.
I would have to agree, if you are that bent on protecting some function
or algorithm put it in a COM object or something else you can compile.
That way you aren't slowing the system down.
In addition, how secure is it likely to be if you encrypt your CF code.
Chances are some one would just scrap your code and recreate the
functionality of your code themselves. Encrypting code merely makes it
inconvenient to some one who wants to make mods or steal some bits or
pieces.
John Wilker
Web Applications Consultant
Macromedia Certified ColdFusion Developer
www.red-omega.com <http://www.red-omega.com>
What does Snoop Dogg use to do his laundry? Blee-otch!
-----Original Message-----
From: Billy Cravens [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 20, 2001 11:26 AM
To: CF-Talk
Subject: RE: Intellectual Property (warning)
Do a quick search on Yahoo! for "cfdecrypt". It's hardly a secret.
I agree that those that make any product deserve the right to protect
themselves. Perhaps better stated, if you're gonna protect yourself,
investigate the protection that you choose to use; make sure it's truly
protection. I'm no encryption expert, but I believe that ColdFusion
uses a fairly weak DES hash for encryption purposes (I'm sure my use of
terminology is incorrect). Perhaps this will open the door for someone
to come along with an add-on to CF that has stronger encryption?
On the other hand, it is extremely difficult, if not impossible, to
"decompile" binary code. As such, I feel that it is a better model for
"protection". Rather than attempt to "hide" your code, you bypass your
source code altogether. Not to mention the benefit that n-tier
development gives you. Additionally, this can increase your market: by
using encapsulation, you provide an API for users to utilize and extend
your functionality (many applications have well documented APIs). In
some cases, you might get increased performance (has anyone benchmarked
encrypted CFML vs. unencrypted CFML?), which is what you should strive
for if you're wanting to sell your product.
Most importantly, put most of your energies into protecting your brand,
not just your code. Superior product and service are what sell.
---
Billy Cravens
Web Development, EDS
[EMAIL PROTECTED]
-----Original Message-----
From: Jeffry Houser [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 20, 2001 2:00 PM
To: CF-Talk
Subject: RE: Intellectual Property (warning)
At 09:08 AM 08/20/2001 -0500, you wrote:
>Why would you use encrypted templates? If they're custom tags you
>pulled off of Developer's Exchange, consider whether or not you could
>duplicate the functionality. If you're encrypting code you wrote in
>order to "protect" it, this is silly. Easily decrypted
>(www.shrewm.net/cfd).
Of course, this decryption is not widely known, compared to the number
of people who know that ColdFusion exists.
>Personally, I'm against the idea of encrypting
>script - if you want to protect yourself, encapsulate logic in a binary
>format (ie, COM, Java classes, CFX tags, etc.)
Whatever the language it was written it, I see no problems with trying
to protect yourself. I see no reason to write something in Java just to
protect myself when ColdFusion is a better chose.
--
Jeffry Houser | mailto:[EMAIL PROTECTED]
AIM: Reboog711 | ICQ: 5246969 | Phone: 860-229-2781
--
I'm looking for a room-mate in the Hartford CT area, starting in August
--
Instant ColdFusion 5.0 | ISBN: 0-07-213238-8
http://www.instantcoldfusion.com
--
DotComIt, LLC
database driven web data using ColdFusion, Lotus Notes/Domino
--
Far Cry Fly, Alternative Folk Rock
http://www.farcryfly.com | http://www.mp3.com/FarCryFly
--
If you lived here, it wouldn't be my house; it'd be yours.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
