Highlighted

license key visible to all (should it be?)

Community Beginner ,
Jan 28, 2015

Copy link to clipboard

Copied

Hello,

Just looked in the CFAdmin (CF10) info area, and have noticed the license key is stored in plain text.

Should this be so?

My concern is as a hosting company we have purchased X amount of Enterprise licenses. Some of the servers are hosted as private VPSs, to which we provide admin access (server and CF).
If a customer of ours decided to go to a competitor there is nothing stopping them seeing our license key, copying it and installing CF themselves on a server not managed by us, thus getting a free license - and we would not know.

I really think the license key should be hashed.

Any opinions on this?

Thanks
Luke

Views

240

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

license key visible to all (should it be?)

Community Beginner ,
Jan 28, 2015

Copy link to clipboard

Copied

Hello,

Just looked in the CFAdmin (CF10) info area, and have noticed the license key is stored in plain text.

Should this be so?

My concern is as a hosting company we have purchased X amount of Enterprise licenses. Some of the servers are hosted as private VPSs, to which we provide admin access (server and CF).
If a customer of ours decided to go to a competitor there is nothing stopping them seeing our license key, copying it and installing CF themselves on a server not managed by us, thus getting a free license - and we would not know.

I really think the license key should be hashed.

Any opinions on this?

Thanks
Luke

Views

241

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Jan 28, 2015 1
Most Valuable Participant ,
Jan 28, 2015

Copy link to clipboard

Copied

That's a good point.  Maybe obscure all but the last 4-6 digits (like many merchants do with stored credit card numbers) so companies with multiple licenses can still identify which is on which machine.  Want to submit an Enhancement Request to Adobe?

-Carl V.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 28, 2015 0
New Here ,
Feb 03, 2015

Copy link to clipboard

Copied

If a ColdFusion keycode has already been used and is registered with Adobe, how could someone take and use it?  Doesn't the server send the data to Adobe to verify the code and also verify it hasn't been used already?

Justin

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Feb 03, 2015 0
Most Valuable Participant ,
Feb 03, 2015

Copy link to clipboard

Copied

I don't think so, at least not for ColdFusion.  With the CF10/11 EULAs, you are allowed to use the same license key on multiple servers, as long as only one is a production server (the others would be for development, Q/A, staging, disaster recovery, etc.).  There's no way Adobe could monitor that and tell whether a key was being abused or not.

-Carl V.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Feb 03, 2015 0