Skip to main content
T
ttdolan
Participant
March 11, 2009
Question

Need to protect page views from showing CF coding

  • March 11, 2009
  • 2 replies
  • 529 views
I am building an application for a client that involves a considerable amount of cfml. I've spent a hundred hours building and testing this code. I would like to somehow protect this code from being copied (or downloaded) and re-used (or modified once downloaded) by someone other than me. In other words I don't the client cloning my code and making it work in-house. Not that they would but... you never know who they may hire down the road. Since I'm a novice ColdFusion user I need a simple solution. Protecting on a file-by-file or directory basis would be great. Any help would be greatly appreciated.

    This topic has been closed for replies.

    2 replies

    tclaremont
    tclaremont
    Inspiring
    March 12, 2009
    Bring up one of your own CFM pages, and do a view source. You do not see any of the CFM code. Remember, ColdFusion is server side, not client side. The only thing sent back to the client is pure HTML, and there is not much you can do to prevent that from being viewed.

    You can implement lame java script hacks to prevent the unskilled from using the right mouse button and choosing "view source" but anyone even remotely interested in viewing your code will defeat that stuff in a heartbeat.
    T
    tdol
    Participant
    March 19, 2009
    OK, got it. Thanks.
    N
    Newsgroup_User
    Inspiring
    March 11, 2009

    ColdFusion has the encode utility that can be run on your templates to
    make them harder to read. The documentation will tell you how.

    http://livedocs.adobe.com/coldfusion/8/htmldocs/appSecurity_02.html

    At the bottom of the page: "Note: You can also use the cfencode utility,
    located in the cf_root/bin directory, to obscure ColdFusion pages that
    you distribute. Although this technique cannot prevent persistent
    hackers from determining the contents of your pages, it does prevent
    inspection of the pages. The cfencode utility is not available on OS X."

    I believe CF8 and maybe CF7 now supports the ability to just export the
    compiled Java byte code for your application so you do not have to give
    the source code, but I have never done this.

    http://livedocs.adobe.com/coldfusion/8/htmldocs/deploying_5.html#117556

    Neither of these are full proof. There are known tools that are capable
    of un-encoding encoded ColdFusion templates and reverse Java byte code
    back into source code. But it at leasts inconveniences the casual
    sneak, just like locking your doors does.
    T
    ttdolanAuthor
    Participant
    March 12, 2009
    Thanks. The cfencode only encrypts the .cfm when viewing/editing the file. If the file is fetched by a browser the code shows up unencrypted if view|page source and can then be saved in it's normal unencrypted state. The encode only seems to be effective for distributing code.

    Really need the ability to scramble the contents of the file so a browser's page view will not show the unencrypted code.

    Appreciate any help.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices