I did think of that. However, if someone got into the code, they'd just remove the need to look up whatever security your required.
Paolo > -----Original Message----- > From: Rich Wild [mailto:[EMAIL PROTECTED]] > Sent: 05 September 2002 11:45 > To: '[EMAIL PROTECTED]' > Subject: RE: [ cf-dev ] .cfm enryption > > > heh - that would be cool. > > > -----Original Message----- > > From: Douglas Humphris [mailto:[EMAIL PROTECTED]] > > Sent: 05 September 2002 11:55 > > To: [EMAIL PROTECTED] > > Subject: RE: [ cf-dev ] .cfm enryption > > > > > > With CFMX, you could write key parts of your app as > > CFCOMPONENTS and deploy them as webservices. Program your app > > to depend on running the components in order to work. For > > each component, have a required argument which takes a > > registration key. The first thing each component does is > > check your db that the registration key provided matches the > > registered IP/domain - if not email yourself, and return a > > warning message. > > > > Then to completely freak them out, phone them up as soon as > > the email comes in and tell them your solicitor will be in touch... > > > > Douglas > > > > -- > > Douglas Humphris, Programmer > > http://www.unitech.net > > > > > > -----Original Message----- > > From: Spike [mailto:[EMAIL PROTECTED]] > > Sent: 05 September 2002 11:39 > > To: [EMAIL PROTECTED] > > Subject: RE: [ cf-dev ] .cfm enryption > > > > > > It is perfectly possible to decrypt .cfm templates > encrypted with all > > versions of cfencode. This includes CF5 and CFMX. > > > > If you are using CFMX there are several things you could do > to protect > > your IP. > > > > 1. Ensure that the client signs a contract that puts them > in legal hot > > water if they as much as look at even the encrypted > > templates. (This is > > mostly a deterrent, but it does give you legal grounds to > go after any > > abusers) > > > > 2. Put legal notices in the templates that make it clear that > > by reading > > the notices they have broken the terms of their contract > and that they > > should immediately delete the decrypted template. Some other > > well worded > > stuff on the legal implications of decrypting the template > wouldn't go > > amiss either. (Again, this provides a deterrent and some more legal > > back-up. They may not have read or be aware of the contract that was > > signed, so putting the information in each templates makes sure that > > they know they should not be doing what they are doing.) > > > > 3. If you are using CFMX you can (in theory at least) > deploy the class > > files for the application without the CFM templates themselves. That > > would be totally unsupported by MM, and would probably break > > as soon as > > a service pack or what-ever was applied to the server, but if you're > > really paranoid about your cfm templates being stolen it's worth > > investigating. > > > > 4. Create a COM Object, CFX tag, or similar external system on which > > your code heavily relies. Make sure that this will only work on one > > server. There are lots of ways you could go about this, but > > none of them > > are really simple and most are prone to the same sort of > problems that > > you would get with deploying the app with class files only. > > > > 5. Write your code in such a way that no-one except you can > understand > > it. This is actually a lot harder than it sounds if you've been > > programming for a long time, and it makes it a nightmare to > debug and > > maintain. > > > > In general, unless you've come up with a killer app of some > sort it's > > probably only worth going to the legal contract and warning notices > > route, as the potential hassle involved with the other > solutions isn't > > worth the gain. > > > > Spike > > > > > -----Original Message----- > > > From: Garry Mills [mailto:[EMAIL PROTECTED]] > > > Sent: 05 September 2002 11:31 > > > To: '[EMAIL PROTECTED]' > > > Subject: RE: [ cf-dev ] .cfm enryption > > > > > > > > > > btw I don't think cfdecrypt can decrypt cf5 files, although > > > looking at > > > > the shrewm notice board, there seem to be people claiming > > they can > > > > (for a > > > fee). > > > > > > Interesting, anybody tried it with MX? > > > > > > Garry > > > > > > > -----Original Message----- > > > > From: Garry Mills [mailto:[EMAIL PROTECTED]] > > > > Sent: 05 September 2002 10:10 > > > > To: '[EMAIL PROTECTED]' > > > > Subject: [ cf-dev ] .cfm enryption > > > > > > > > > > > > We're rolling out a product to a customer soon, and bluntly > > > > speaking we > > > > don't want them to be able to copy the app onto another server. > > > > > > > > Know about cfencrypt, and also know about cfdecrypt and > > > > whilst it will stop > > > > the numpties getting into it doubt the tech department will > > > find it as > > > > difficult > > > > > > > > A google search for coldfusion dongle returns a load of > > > links to crack > > > > files... > > > > > > > > What do the rest of you do, or is cfentrpt our only option? > > > > (oh, and I tried > > > > CF encrypted files on a Cobalt once and it didn't seem to > > > > work, although > > > > thats a separate issue) > > > > > > > > Garry > > > > > > > > -- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > For human help, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > -- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > For human help, e-mail: [EMAIL PROTECTED] > > > > > > > > > -- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > For human help, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > -- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > For human help, e-mail: [EMAIL PROTECTED] > > > > > > > > -- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > For human help, e-mail: [EMAIL PROTECTED] > > > > > -- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > For human help, e-mail: [EMAIL PROTECTED] > > -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
