Make the login go through the web service?
At 12:28 05/09/02 +0100, you wrote: > > Only problem is, what if the client's server is all nice and securely > > firewalled off from the outside world and it starts trying to talk to the > > outside world??? > >Good point. The app wouldn't run at all in this case. > > > re: performance : You wouldn't need to keep hitting the licencing web > > service, just hit it randomly once a day or something like that.... > >the problem here is that if the app doesn't depend on checking the license >everytime, then what's to stop the user from fiddling with the code to >stop it from checking the license at all. There needs to be a key part of >the app's functionality which is only accessible through the webservice, >then the user can't bypass this and avoid the licensing check. > >Douglas > >----- Original Message ----- >From: "Spike" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Thursday, September 05, 2002 12:07 PM >Subject: RE: [ cf-dev ] .cfm enryption > > > > That's an interesting suggestion... > > > > How would you stop the nasty evil code thief from rewriting the > > component so that it skipped the DB check for the registration key? > > > > Or were you suggesting that the component should reside on a separate > > server not controlled by the client? > > > > If so, then you're probably going to run into some performance issues. > > Having said that, I think it's exactly the way it should be done > > (performance aside), and is a major feature of webservices. > > > > Spike > > > > > -----Original Message----- > > > From: Douglas Humphris [mailto:[EMAIL PROTECTED]] > > > Sent: 05 September 2002 12:55 > > > To: [EMAIL PROTECTED] > > > Subject: RE: [ cf-dev ] .cfm enryption > > > > > > > > > With CFMX, you could write key parts of your app as > > > CFCOMPONENTS and deploy them as webservices. Program your app > > > to depend on running the components in order to work. For > > > each component, have a required argument which takes a > > > registration key. The first thing each component does is > > > check your db that the registration key provided matches the > > > registered IP/domain - if not email yourself, and return a > > > warning message. > > > > > > Then to completely freak them out, phone them up as soon as > > > the email comes in and tell them your solicitor will be in touch... > > > > > > Douglas > > > > > > -- > > > Douglas Humphris, Programmer > > > http://www.unitech.net > > > > > > > > > -----Original Message----- > > > From: Spike [mailto:[EMAIL PROTECTED]] > > > Sent: 05 September 2002 11:39 > > > To: [EMAIL PROTECTED] > > > Subject: RE: [ cf-dev ] .cfm enryption > > > > > > > > > It is perfectly possible to decrypt .cfm templates encrypted > > > with all versions of cfencode. This includes CF5 and CFMX. > > > > > > If you are using CFMX there are several things you could do > > > to protect your IP. > > > > > > 1. Ensure that the client signs a contract that puts them in > > > legal hot water if they as much as look at even the encrypted > > > templates. (This is mostly a deterrent, but it does give you > > > legal grounds to go after any > > > abusers) > > > > > > 2. Put legal notices in the templates that make it clear that > > > by reading the notices they have broken the terms of their > > > contract and that they should immediately delete the > > > decrypted template. Some other well worded stuff on the legal > > > implications of decrypting the template wouldn't go amiss > > > either. (Again, this provides a deterrent and some more legal > > > back-up. They may not have read or be aware of the contract > > > that was signed, so putting the information in each templates > > > makes sure that they know they should not be doing what they > > > are doing.) > > > > > > 3. If you are using CFMX you can (in theory at least) deploy > > > the class files for the application without the CFM templates > > > themselves. That would be totally unsupported by MM, and > > > would probably break as soon as a service pack or what-ever > > > was applied to the server, but if you're really paranoid > > > about your cfm templates being stolen it's worth investigating. > > > > > > 4. Create a COM Object, CFX tag, or similar external system > > > on which your code heavily relies. Make sure that this will > > > only work on one server. There are lots of ways you could go > > > about this, but none of them are really simple and most are > > > prone to the same sort of problems that you would get with > > > deploying the app with class files only. > > > > > > 5. Write your code in such a way that no-one except you can > > > understand it. This is actually a lot harder than it sounds > > > if you've been programming for a long time, and it makes it a > > > nightmare to debug and maintain. > > > > > > In general, unless you've come up with a killer app of some > > > sort it's probably only worth going to the legal contract and > > > warning notices route, as the potential hassle involved with > > > the other solutions isn't worth the gain. > > > > > > Spike > > > > > > > -----Original Message----- > > > > From: Garry Mills [mailto:[EMAIL PROTECTED]] > > > > Sent: 05 September 2002 11:31 > > > > To: '[EMAIL PROTECTED]' > > > > Subject: RE: [ cf-dev ] .cfm enryption > > > > > > > > > > > > > btw I don't think cfdecrypt can decrypt cf5 files, although > > > > looking at > > > > > the shrewm notice board, there seem to be people claiming they can > > > > > (for a > > > > fee). > > > > > > > > Interesting, anybody tried it with MX? > > > > > > > > Garry > > > > > > > > > -----Original Message----- > > > > > From: Garry Mills [mailto:[EMAIL PROTECTED]] > > > > > Sent: 05 September 2002 10:10 > > > > > To: '[EMAIL PROTECTED]' > > > > > Subject: [ cf-dev ] .cfm enryption > > > > > > > > > > > > > > > We're rolling out a product to a customer soon, and > > > bluntly speaking > > > > > we don't want them to be able to copy the app onto another server. > > > > > > > > > > Know about cfencrypt, and also know about cfdecrypt and whilst it > > > > > will stop the numpties getting into it doubt the tech department > > > > > will > > > > find it as > > > > > difficult > > > > > > > > > > A google search for coldfusion dongle returns a load of > > > > links to crack > > > > > files... > > > > > > > > > > What do the rest of you do, or is cfentrpt our only > > > option? (oh, and > > > > > I tried CF encrypted files on a Cobalt once and it didn't seem to > > > > > work, although > > > > > thats a separate issue) > > > > > > > > > > Garry > > > > > > > > > > -- > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > For human help, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > -- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > For human help, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > -- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > For human help, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > -- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: > > > [EMAIL PROTECTED] For human help, e-mail: > > > [EMAIL PROTECTED] > > > > > > > > > > > > -- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: > > > [EMAIL PROTECTED] For human help, e-mail: > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > -- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > For human help, e-mail: [EMAIL PROTECTED] > > > > > > > > > >-- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] >For human help, e-mail: [EMAIL PROTECTED] > > > >-- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] >For human help, e-mail: [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
