----- Original Message ----- From: "Matt Liotta" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Saturday, June 22, 2002 1:41 PM Subject: RE: CFEncrypt Utility
> Without giving it all away... It allows you to package up some CF code > and lock it down with a key. Then you distribute it to some destination > server. The person on that end gives the tool the correct key to unlock > it, and the tool gets CF to compile all the code into classes and then > removes any trace of the source. There are lots more details to it > including how it protects against various types of attacks on stealing > the source, but those are implementation details you can't have. > I was under the impression that while Ben Forta showed in an early demo that the CF source code could be removed from the server that in the CFMX release it is not really possible to do this (I realise you are not sending around java classes, but still). Whatever the case you are still going to end up putting the source in clear text (or cfencrypted at least) on the server even if only for a short time, it would be trivial to have something watch the directory the files are installed (temporarily) to and whip off a copy somewhere before your tool scrubs them, no ? Unless CFMX can be coaxed into decrypting - in memory (the way it does with cfencrypted files) - source code files encrypted with some high quality algorithm, using a private key that is retrieved from some means not accessible to anything other than the CF server and never stored on disk (perhaps it could be retrieved over the web at run time, or wired into a server dongle (that's not a bad idea, if MM equiped CF server with unique dongles we could encrypt the files against the customers dongle ID)), then I don't see how it will be possible to protect source code with significant success (of course, you can never be 100% successfull, it's all just a bunch of bits in the end). --- James Sleeman Innovative Media Ltd Ph: (03) 377 6262 http://www.websolutions.co.nz CAUTION: The information contained in this email message is confidential and may be legally privileged. If the reader of this message is not the intended recipient you are notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please notify the sender immediately and destroy the original message and any attachments. Views expressed in this communication may not be those of Innovative Media Ltd. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.370 / Virus Database: 205 - Release Date: 6/16/2002 ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
