Encrypting adds a hurdle, so makes it more of a pain to get to the source.
Another hurdle would be to use a white space stripper on your .cfm files:
whenever i move anything up to the test server i strip out all excess
whitespace in .cfm files, using cffile and <cf_lesswhitespace justify=yes>
I tried using <cf_stripwhitespace, to turn the file into a one liner, but,
predicatably, it messed up the javascript - it wouldn't be too hard to write
a tag which left <script> tags alone....
Using confusing variable names would add another level of pain for anyone
trying to nick your code, but not very maintainable...
<cf_spontaneous_thought>
use a unique naming convention in all your variables, eg
attributes.qweqwe_flag, request.qweqwe_dsn, etc, then in your cunning form
which does a recursive loop and rips out white space and turns .cfm files
into one liners (see above), you also pick up all these "qweqwe_" variables,
add them to a request structure or maybe a dB table (unless they're already
in there) along with a UUID. Then you replace all occurences of the
"qweqwe_xxxx" with the coresponding UUID, so you end up with:
"request.6505F7EA-D2E1-11D4-B17000E0295FC366"
"attributes.6505F7EB-D2E1-11D4-B17000E0295FC366"
and even:
"request.6505F7EC-D2E1-11D4-B17000E0295FC366.6505F7ED-D2E1-11D4-B17000E0295F
C366.etc"
Again, its just another hurdle, but i reckon it would put most people off...
Anyone see any potential problems (apart from it being a little OTT:)
</cf_spontaneous_thought>
Bert
ps Do those UUID's look familiar or is it just me?
> -----Original Message-----
> From: Erik Voldengen [mailto:[EMAIL PROTECTED]]
> Sent: 20 December 2000 17:20
> To: Fusebox
> Subject: RE: source code protection....
>
>
> You can't protect your source code. You can encrypt it, but
> it can be de-crypted by anyone who really wants to do it. If
> you re-considered being an ASP for the product, that might be
> safe (but what a pain).
>
> With CF6, this might change, since I understand CF code will
> be compiled. I'm not sure if it's done once as it's deployed,
> or done on the fly, but maybe there is hope there.
>
> -Erik
>
>
>
> > -----Original Message-----
> > From: Sean Blenkhorn [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, December 20, 2000 10:13 AM
> > To: Fusebox
> > Subject: OT: source code protection....
> >
> >
> >
> > Hey all...
> >
> > We are in the early stages of designing a web product (piece
> > of software).
> > We are thinking of developing it in Cold Fusion for speed to
> > market. Now we
> > don't want to necessarily pigeon hole ourselves to being an
> > ASP for this
> > software, instead, we would also potentially like to sell the
> > software and
> > have users run it on their corporate LAN. Our problem is
> > that if we do sell
> > the software so that a client can install it on their
> > Intranet/Extranet...
> > how do we protect the source code?? (assuming we are selling
> > to a client
> > that has CF... or is ok with the licensing fees). What
> does everyone
> > think?? Is there better options for us?? Or is there ways
> > to protect CF
> > code from people tinkering??
> >
> > Thanks,
> > Sean
> >
> >
> >
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
