You aren't related to Dr. Evil are you?! Modified a site tracker proggie on one of our sites the other day so that it queries the RIPE database with IP addresses, there's been a few times that I've been tempted to ring somebody up and ask what they were doing :-)
Garry -----Original Message----- From: Douglas Humphris [mailto:[EMAIL PROTECTED]] Sent: 05 September 2002 11:55 To: [EMAIL PROTECTED] Subject: RE: [ cf-dev ] .cfm enryption With CFMX, you could write key parts of your app as CFCOMPONENTS and deploy them as webservices. Program your app to depend on running the components in order to work. For each component, have a required argument which takes a registration key. The first thing each component does is check your db that the registration key provided matches the registered IP/domain - if not email yourself, and return a warning message. Then to completely freak them out, phone them up as soon as the email comes in and tell them your solicitor will be in touch... Douglas -- Douglas Humphris, Programmer http://www.unitech.net -----Original Message----- From: Spike [mailto:[EMAIL PROTECTED]] Sent: 05 September 2002 11:39 To: [EMAIL PROTECTED] Subject: RE: [ cf-dev ] .cfm enryption It is perfectly possible to decrypt .cfm templates encrypted with all versions of cfencode. This includes CF5 and CFMX. If you are using CFMX there are several things you could do to protect your IP. 1. Ensure that the client signs a contract that puts them in legal hot water if they as much as look at even the encrypted templates. (This is mostly a deterrent, but it does give you legal grounds to go after any abusers) 2. Put legal notices in the templates that make it clear that by reading the notices they have broken the terms of their contract and that they should immediately delete the decrypted template. Some other well worded stuff on the legal implications of decrypting the template wouldn't go amiss either. (Again, this provides a deterrent and some more legal back-up. They may not have read or be aware of the contract that was signed, so putting the information in each templates makes sure that they know they should not be doing what they are doing.) 3. If you are using CFMX you can (in theory at least) deploy the class files for the application without the CFM templates themselves. That would be totally unsupported by MM, and would probably break as soon as a service pack or what-ever was applied to the server, but if you're really paranoid about your cfm templates being stolen it's worth investigating. 4. Create a COM Object, CFX tag, or similar external system on which your code heavily relies. Make sure that this will only work on one server. There are lots of ways you could go about this, but none of them are really simple and most are prone to the same sort of problems that you would get with deploying the app with class files only. 5. Write your code in such a way that no-one except you can understand it. This is actually a lot harder than it sounds if you've been programming for a long time, and it makes it a nightmare to debug and maintain. In general, unless you've come up with a killer app of some sort it's probably only worth going to the legal contract and warning notices route, as the potential hassle involved with the other solutions isn't worth the gain. Spike > -----Original Message----- > From: Garry Mills [mailto:[EMAIL PROTECTED]] > Sent: 05 September 2002 11:31 > To: '[EMAIL PROTECTED]' > Subject: RE: [ cf-dev ] .cfm enryption > > > > btw I don't think cfdecrypt can decrypt cf5 files, although > looking at > > the shrewm notice board, there seem to be people claiming they can > > (for a > fee). > > Interesting, anybody tried it with MX? > > Garry > > > -----Original Message----- > > From: Garry Mills [mailto:[EMAIL PROTECTED]] > > Sent: 05 September 2002 10:10 > > To: '[EMAIL PROTECTED]' > > Subject: [ cf-dev ] .cfm enryption > > > > > > We're rolling out a product to a customer soon, and bluntly > > speaking we > > don't want them to be able to copy the app onto another server. > > > > Know about cfencrypt, and also know about cfdecrypt and > > whilst it will stop > > the numpties getting into it doubt the tech department will > find it as > > difficult > > > > A google search for coldfusion dongle returns a load of > links to crack > > files... > > > > What do the rest of you do, or is cfentrpt our only option? > > (oh, and I tried > > CF encrypted files on a Cobalt once and it didn't seem to > > work, although > > thats a separate issue) > > > > Garry > > > > -- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > For human help, e-mail: [EMAIL PROTECTED] > > > > > -- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > For human help, e-mail: [EMAIL PROTECTED] > > > -- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > For human help, e-mail: [EMAIL PROTECTED] > > > -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
