thirdalarmpro
asked on
Encrypting a Cold Fusion Template
Is there a program, extension, tag that will allow me as a developer to "encrypt" my source code? I have seen encrypted versions of tags, etc. and am wondering how they did it! Marked urgent because a customer is not paying me!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the info, I will look into the 3rd party app. Not really looking into too high of security, just enough to make it a pain in the ... to decrypt and use it. Thanks!
trailblazzyr55, the command line version is meant for template encryption, but yes does have the same bugs.
I agree that I don't know of CF 7 changing that, but it hasn't been out long enough for people to discredit Macromedia's statement of something along the lines of "The encrypt functionality will be fixed so as not to be so easily exploitable in future releases" BUt they didn't specifically say version 7 was the "future release" they were mentioning.
;o)
I agree that I don't know of CF 7 changing that, but it hasn't been out long enough for people to discredit Macromedia's statement of something along the lines of "The encrypt functionality will be fixed so as not to be so easily exploitable in future releases" BUt they didn't specifically say version 7 was the "future release" they were mentioning.
;o)
I haven't used a command line encrypt/decrypt before.. in doing that, could someone who wanted to decrypt the template simply run the same command? CF7 aside..
;o)
;o)
Yes but they need
1) the source files
2) the key to decrypt (yes it uses a key) OR one of the freely available crack programs
1) the source files
2) the key to decrypt (yes it uses a key) OR one of the freely available crack programs
that may be a good alternative to purchasing 3rd party software then...
if the templates to be encrypted weren't so important that a determined hack could cause any harm to
the company. If someone was to purchase the encrypted source file, they have requirement 1 already. To get the open source version they just crack that..
not sure then how that would differ from other 3rd party software other than stronger encryption ;o)
if the templates to be encrypted weren't so important that a determined hack could cause any harm to
the company. If someone was to purchase the encrypted source file, they have requirement 1 already. To get the open source version they just crack that..
not sure then how that would differ from other 3rd party software other than stronger encryption ;o)
guess it depends on the level of file security they're looking for...
Why do all this???
If you package it into a Java Enterprise Application Archive, or a Web Application Archive, the code is all put in to the archive in one file as Java Byte code. This is practically irreversable and the other bonus here is you can deploy it to any J2EE server using only one file.
In CFMX7 - its really easy to do through the administrator. In 6.1 - Brandon Purcell has a good blog entry on how this can be done: http://www.bpurcell.org/blog/index.cfm?mode=entry&entry=953
The MM docs on this topic in 6 are sadly lacking the previous link and this one http://livedocs.macromedia.com/coldfusion/6.1/htmldocs/instala7.htm
If you package it into a Java Enterprise Application Archive, or a Web Application Archive, the code is all put in to the archive in one file as Java Byte code. This is practically irreversable and the other bonus here is you can deploy it to any J2EE server using only one file.
In CFMX7 - its really easy to do through the administrator. In 6.1 - Brandon Purcell has a good blog entry on how this can be done: http://www.bpurcell.org/blog/index.cfm?mode=entry&entry=953
The MM docs on this topic in 6 are sadly lacking the previous link and this one http://livedocs.macromedia.com/coldfusion/6.1/htmldocs/instala7.htm
Version 7 is encrypted to byte code.
So is Version 6.1
So is Version 6.1
awaiting feedback ;o)
trailblazzyr55,
Just a quick note:
It really isn't helpful to comment "awaiting feedback" on these questions. In most cases that is the problem - the asker abandoned the question or forgot about it so of course the experts are awaiting feedback.
Instead it is more useful if you look at what has been posted so far and decide if you think there is a valid solution or if there is not yet enough information since the asker stopped responding. After review you can post saying how you think the question should be closed in the absence of the asker doing it themselves.
Thanks.
Just a quick note:
It really isn't helpful to comment "awaiting feedback" on these questions. In most cases that is the problem - the asker abandoned the question or forgot about it so of course the experts are awaiting feedback.
Instead it is more useful if you look at what has been posted so far and decide if you think there is a valid solution or if there is not yet enough information since the asker stopped responding. After review you can post saying how you think the question should be closed in the absence of the asker doing it themselves.
Thanks.
;o) gotcha.. will look back at them, was busy, but was looking for the person asking to get the message we're still here to help ;o)
~trail
~trail
I think mmc98dl1 has the right idea, I wasn't sure about CF 7 enough to say "this is how you do it", but mmc98dl1 seems to have the better info related to this question ;o)
~trail
~trail
Thanks - your recent comments are much more helpful. And the user will get the message when my "ping" is posted - often they just forgot.
;o)
;o)
Thanks trail, the EAR or WAR file is the most secure method because the CF is compiled into Java bytecode, and this is very hard to uncompile. Its dead easy to do in CF7 thru the administrator and I know its possible in 6.1 but I cant find any resources to show the process.
yep yep, not a problem... mmc98dl1, it's good information to know, just starting to go through cf 7 and figuring out the new additions ;o)
~trail
~trail
oops - sorry trail, just noticed you already put this in.. :-)
;o)
ASKER
Guys, thanks for all of your help. My E-Mail notification wasnt working, I thought no one was answering! Please accept my apologizes for not awarding points! John
not to tread on what you mentioned,
the idea of a third party app, which you suggested I think is best fro what they are doing.
CF7 to my knowledge as well hasn't changed that fact.
>Note that there are many known simple ways to decrypt it in previous versions < you are right!
thirdalarmpro, reason being there are no keys or passwords invloved.