Have you actually tried this?
It doesn't work like you are suggesting it does. You don't see CF code when
you view source, you see generated HTML.
--Jonathan
At 07:42 AM 7/20/2000 -0800, you wrote:
>I was pondering the following thought this morning...
>
>Thinking about security and Fusebox.
>Thinking that if somebody wanted to discern all of your CFINCLUDEd
>templates, all they need is a source view of index.cfm, which they could get
>easily by constructing their own page and (for Windows folks) right-clicking
>on the hyperlink to save the code locally, as in:
><a href="www.foo.com/index.cfm">I'm gonna steal your code</a>
>Then they could read the code, and by using the same technique as above,
>ultimately get all of your source code.
>
>Having never used CFCRYPT before, would it be an acceptible/worthwile
>measure to CFCRYPT index.cfm, thus preventing exposure of underlying CF
>templates?
>
>Alan McCollough
>Web Programmer
>Alaska Native Medical Center
>------------------------------------------------------------------------------
>To Unsubscribe visit
>http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
>send a message to [EMAIL PROTECTED] with 'unsubscribe' in
>the body.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
