Kevin
Can't disagree with you on the IIS patch thing - I usually drop them a line
(unless they are one of "the MEENIEs"...).
But i think you misunderstood how i was using cf_lesswhitespace: i don't run
it as a custom tag (well i did, but performance took a hit). What i do is,
once i have finished developing, i move all my files up to the test server,
then loop through each template, read the contents of each file (using
CFFILE) into a variable, and then run that variable through
cf_lesswhitespace, and save it back to the file.
So I remove the whitespace from the actual .cfm files:
myfile.cfm before:
<TABLE>
<CFIF FOO is BAR>
<CFLOOP FROM="1" TO="100" INDEX="i">
<TR>
<TD>
<CFIF bar IS foo>
<CFSET foo="bar">
<CFOUTPUT>#foo#</CFOUTPUT>
<CFELSE>
<CFSET bar="foo">
<CFOUTPUT>#bar#</CFOUTPUT>
</CFIF>
</TD>
</TR>
</CFLOOP>
</CFIF>
</TABLE>
myfile.cfm after:
<TABLE>
<CFIF FOO is BAR>
<CFLOOP FROM="1" TO="100" INDEX="i">
<TR>
<TD>
<CFIF bar IS foo>
<CFSET foo="bar">
<CFOUTPUT>#foo#</CFOUTPUT>
<CFELSE>
<CFSET bar="foo">
<CFOUTPUT>#bar#</CFOUTPUT>
</CFIF>
</TD>
</TR>
</CFLOOP>
</CFIF>
</TABLE>
I agree that proper coding is best, but this seems a quick and easy way to
reduce the size of the page down loaded with out trawling through old stuff.
Ideally it would use cf_stripwhitespace and produce a one line cfm template:
<TABLE><CFIF FOO is BAR><CFLOOP FROM="1" TO="100" INDEX="i"><TR><TD><CFIF
bar IS foo><CFSET foo="bar"><CFOUTPUT>#foo#</CFOUTPUT><CFELSE><CFSET
bar="foo"><CFOUTPUT>#bar#</CFOUTPUT></CFIF></TD></TR></CFLOOP></CFIF></TABLE
>
or even better, with the UUID obfuscation:
<TABLE><CFIF 6505F7EA-D2E1-11D4-B17000E0295FC366 is
6505F7EB-D2E1-11D4-B17000E0295FC366><CFLOOP FROM="1" TO="100"
INDEX="i"><TR><TD><CFIF 6505F7EB-D2E1-11D4-B17000E0295FC366 IS
6505F7EA-D2E1-11D4-B17000E0295FC366><CFSET
6505F7EA-D2E1-11D4-B17000E0295FC366="6505F7EB-D2E1-11D4-B17000E0295FC366"><C
FOUTPUT>#6505F7EA-D2E1-11D4-B17000E0295FC366#</CFOUTPUT><CFELSE><CFSET
6505F7EB-D2E1-11D4-B17000E0295FC366="6505F7EA-D2E1-11D4-B17000E0295FC366"><C
FOUTPUT>#6505F7EB-D2E1-11D4-B17000E0295FC366#</CFOUTPUT></CFIF></TD></TR></C
FLOOP></CFIF></TABLE>
Cheers
Bert
> -----Original Message-----
> From: Kevin Bridges [mailto:[EMAIL PROTECTED]]
> Sent: 21 December 2000 13:33
> To: Fusebox
> Subject: RE: source code protection...
>
>
> The biggest error that I see that allows for people to view
> your code on a production server is people using IIS without
> upgrading for the latest security patches! You would be
> surprised at the number of asp and cf sites you can just
> waltz through by doing things like adding a few symbols to
> the end of the url! If you are trying to protect anything
> make sure and take a good look at your server!
>
> Not to sure about lesswhitespace (never used it), but another
> major disadvantage of stripwhitespace is the processing time
> that it adds to the pages. It can be a very processor intensive tag.
>
> I tend to use the application.cfm tag to do two things ...
> the security check (make sure that everything is called
> through index.cfm) and then setting the <cfsetting
> enablecfoutputonly="yes"> directive. Because it is in the
> application file it's behavior gets inherited all the way
> down the app and only outputs whitespace that you put between
> cfoutput tags.
>
> then in each dsp_ file I set the directive to no at the top
> and yes at the bottom (stops me from encapsulating the entire
> display block in cfoutput). This (along with a few other
> tricks) makes the final pages look like they were coded in
> strict html when you view the source code without adding the
> extra processing of an additional tag.
>
> Goes back to the old addage ... nothing beats proper coding
> to begin with.
>
> >-----Original Message-----
> >From: Bert Dawson [mailto:[EMAIL PROTECTED]]
> >Sent: Thursday, December 21, 2000 5:13 AM
> >To: Fusebox
> >Subject: RE: source code protection....
> >
> >
> >....
> > i strip out all excess
> >whitespace in .cfm files, using cffile and
> <cf_lesswhitespace justify=yes>
> >I tried using <cf_stripwhitespace, to turn the file into a
> one liner, but,
> >predicatably, it messed up the javascript - it wouldn't be
> too hard to write
> >a tag which left <script> tags alone....
> >
> >Using confusing variable names would add another level of
> pain for anyone
> >trying to nick your code, but not very maintainable...
> >
> >
> >IMPORTANT NOTICE:
> >This e-mail and any attachment to it is intended only to be
> read or used by
> >the named addressee. It is confidential and may contain
> legally privileged
> >information. No confidentiality or privilege is waived or
> lost by any
> >mistaken transmission to you. If you receive this e-mail in
> error, please
> >immediately delete it from your system and notify the
> sender. You must not
> >disclose, copy or use any part of this e-mail if you are not
> the intended
> >recipient. The RTA is not responsible for any unauthorised
> alterations to
> >this e-mail or attachment to it.
> >
> >
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
