This is all good info, and I will implement Steve and Phil's suggestions. My issue is with reverse engineering of the runtime appfiles by a customer. I would prefer to keep the inner workings (including the SQL queries) private, and making the appfile runtime only, the Dev Studio cannot read them. But if the customer has the files, they could turn on debug and obtain the essence of the appfile.
So my question is, beyond encrypting (in some way) the app files, does the server know not to debug run-only files? >Steve is correct. It is best to set DEBUGMODE in the witango.ini to >ForceOff on all production servers. This actually is just initialising >system$DEBUGMODE to be forceoff. This will ensure that all files will not >produce debug code on the server. It also means that the DEBUGMODE setting >can be over ridden by DEBUGMODE being defined in user or local scope >variable. > >This can be very useful in debugging a production/staging system. Take for >instance the following examples from the debug session at corroboree: > >--- > >Location based debug can turn debug on only when accessed from a particular >address (be careful of proxy servers here): > ><@if '<@CGIPARAM CLIENT_IP> = "127.0.0.1"'> > <@assign user$debugmode value="forceon"> ></@if> > >--- > >Toggle Debug on and off throughout a taf to only show debug in particular >actions. Just put this statement before and after the action(s) you wish to >debug: > ><@assign request$debugmode value='<@IF >"@@request$debugmode=ForceOn">ForceOff<@ELSE>ForceOn</@IF>'"> > >--- > >You can do Event based debugging. This can be less intrusive when >troubleshooting an issue in a large taf. Place conditional debug code in >different locations in a taf or tafs. > ><@ifempty '@@request$importantvar'> > <@if '<@CGIPARAM CLIENT_IP> = "10.1.1.1"'> > <@assign request$debugmode value="forceon"> > </@if> > <@debug> > <hr> > <font color="red">WARNING: request$importantvar is empty<br></font> > <hr> > </@debug> > <@assign request$debugmode value="forceoff"> ></@if> > > >Phil > >On 14/11/03 12:16 PM, "Steve Smith" <[EMAIL PROTECTED]> wrote: > >> I haven't set the debug mode in any individual taf file in over 3 >> years. I make use of the user-scope version of this variable. I use a >> developer taf that contains a variety of IF actions and ELSEIF actions. >> Two of them contain the following: >> >> <@ASSIGN SCOPE=USER NAME=debugMode VALUE=forceOn> >> >> and >> >> <@PURGE SCOPE=USER NAME=debugMode> >> >> This taf opens up and executes in a new window but because the >> userreference is the same it controls whether debug is turned on in the >> original window. This means that you can use this on a production site >> which is such a bonus. >> >> The system configuration for all of my systems has debug set to off. By >> using this method, I don't have to worry whether I have left debug on >> or not when I'm saving a taf file. >> >> Hope this helps, >> >> Steve Smith >> >> Oakbridge Information Solutions >> Office: (519) 624-4388 >> GTA: (416) 606-3885 >> Fax: (519) 624-3353 >> Cell: (416) 606-3885 >> Email: [EMAIL PROTECTED] >> Web: http://www.oakbridge.ca >> >> >> On Thursday, November 13, 2003, at 10:35 AM, Eric Weidl wrote: >> >>> Hi Bill, >>> >>> I recommend explicitly turning off debugging at the top of each TAF. >>> Use syntax similar to the following: >>> >>> <@ASSIGN SCOPE="local" NAME="debugMode" VALUE="forceOff"> >>> >>> Since you are assigning the debugMode flag in local scope, it will >>> override the global system setting. >>> >>> Eric >>> >>> >>> At 12:32 PM 11/12/2003, you wrote: >>>> If I deliver runtime only applications, I would also like to keep the >>>> internal operations hidden. So when appfiles are encrypted for >>>> runtime >>>> only deployment, is debugging automatically disabled on the server? >>>> >>>> Or do I have to explicitly force debug off at the beginning of each >>>> runtime appfile? >>>> >>>> >>>> >>>> Bill Conlon >>>> >>>> To the Point >>>> 345 California Avenue Suite 2 >>>> Palo Alto, CA 94306 >>>> >>>> office: 650.327.2175 >>>> fax: 650.329.8335 >>>> mobile: 650.906.9929 >>>> e-mail: mailto:[EMAIL PROTECTED] >>>> web: http://www.tothept.com >>>> >>>> >>>> ______________________________________________________________________ >>>> __ >>>> TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf >>> >>> _______________________________________________________________________ >>> _ >>> TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf >>> >>> >> >> ________________________________________________________________________ >> TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf > >________________________________________________________________________ >TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf > Bill Conlon To the Point 345 California Avenue Suite 2 Palo Alto, CA 94306 office: 650.327.2175 fax: 650.329.8335 mobile: 650.906.9929 e-mail: mailto:[EMAIL PROTECTED] web: http://www.tothept.com ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
