Then you need to figure out how to make sure your customers can't get hold of the secret key value.
I guess if you're encrypting your code then you could just put the key in there somewhere, but there's a law of diminishing returns on making it difficult for them to retrieve the key value.
Ultimately I think it's probably better to move the server scoped stuff to application scope or do as a few people have suggested and promote it as a feature.
Spike
Barry L Beattie wrote:
thanx for your reply Precia
To disable security on .cfc file browsing, use the ColdFusion
Administrator to disable the RDS password.
it's not browsing, per se, it's access. these people have their own webmasters (who can turn browsing back on) as well as having their own dev teams.
we encrypt the files to protect IP (which helps but the blakstone deployable JAR's will be a better idea) but how do you stop people coding against components stored in server scope?
any suggestions most welcome thanx barry.b
--
-------------------------------------------- Stephen Milligan Code poet for hire http://www.spike.org.uk
Do you cfeclipse? http://cfeclipse.tigris.org
----------------------------------------------------------
You are subscribed to cfcdev. To unsubscribe, send an email
to [EMAIL PROTECTED] with the words 'unsubscribe cfcdev' in the message of the email.
CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com).
An archive of the CFCDev list is available at www.mail-archive.com/[EMAIL PROTECTED]
