RE: A way to hide the CF source on a website?
You can encrypt it, or you can disable the right mouse click. However, most browsers have a view source button or drop down which will still work. The problem is that once the code has reached the end user's 'puter, it is visible by necessity so the browser knows what to do with it. -Original Message- From: Charles Nahm [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 11:33 AM To: CF-Talk Subject: A way to hide the CF source on a website? Is there a way to do this? Thanks, Charles __ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: A way to hide the CF source on a website?
Depends on what you mean by hide and who you are wanting to hide it from. Ken -Original Message- From: Charles Nahm [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 11:33 AM To: CF-Talk Subject: A way to hide the CF source on a website? Is there a way to do this? Thanks, Charles __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: A way to hide the CF source on a website?
Is there a way to do this? What do you mean hide the CF source? Do you mean hide the fact that the page that a user is accessing is a ColdFusion page? Stephen __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: A way to hide the CF source on a website?
Except the CF source does not appear at the browser, that is server-side code. What appears at the browser is just the (HTML) or whatever mime info is being sent. Who is viewing the source that shouldn't? Is it the client/browser? They should not be seeing any CF. Is it the web host? Then encrypting the source should hide it from being read on the server. Jerry Johnson [EMAIL PROTECTED] 04/23/02 11:20AM You can encrypt it, or you can disable the right mouse click. However, most browsers have a view source button or drop down which will still work. The problem is that once the code has reached the end user's 'puter, it is visible by necessity so the browser knows what to do with it. -Original Message- From: Charles Nahm [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 11:33 AM To: CF-Talk Subject: A way to hide the CF source on a website? Is there a way to do this? Thanks, Charles __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: A way to hide the CF source on a website?
You can't see the CF source on a website as its been processed server side 1st. All you see on the website is the resulting html. SteG. -Original Message- From: Charles Nahm [mailto:[EMAIL PROTECTED]] Sent: 23 April 2002 16:33 To: CF-Talk Subject: A way to hide the CF source on a website? Is there a way to do this? Thanks, Charles __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: A way to hide the CF source on a website?
An excellent method I have used in the past is to include a file at the top of ech page with the following characters: !--- and another in the footer of each page with: //--- Good luck, M -Original Message- From: Charles Nahm [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 11:33 AM To: CF-Talk Subject: A way to hide the CF source on a website? Is there a way to do this? Thanks, Charles __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: A way to hide the CF source on a website?
Try the encryption utility. Or if you have the time, write a utility like py2exe (python's executable generator). On Tue, 23 Apr 2002, Charles Nahm wrote: Is there a way to do this? Thanks, Charles __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: A way to hide the CF source on a website?
I'll be honest, there is not way! yes you can encrypt it with cfencrypt and I can download a program that will unencrypt it. there is no way for someone to right-click in their browser to view your CF code.(NOTE: this is possible with the .htr and a bunch of other security flaws. are you up to date on all your security patches?) the only thing you can do is way until CFMX hits. if you happened to watch the presentation that they did for it at CFSOUTH, (can't remember which one, anyone know? they had this posted on MM site for awhile) supposedly you can now compile your CFM templates to JAVA CLASS files and delete the CFM templates from the server. Thus protecting your code. Anthony Petruzzi Webmaster 954-321-4703 [EMAIL PROTECTED] http://www.sheriff.org -Original Message- From: Ken Wilson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 11:23 AM To: CF-Talk Subject: RE: A way to hide the CF source on a website? Depends on what you mean by hide and who you are wanting to hide it from. Ken -Original Message- From: Charles Nahm [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 11:33 AM To: CF-Talk Subject: A way to hide the CF source on a website? Is there a way to do this? Thanks, Charles __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: A way to hide the CF source on a website?
Yes, I guess I was not quite clear. Since the CF source does NOT appear, I only assumed that she meant the resultant HTML code. -Original Message- From: Jerry Johnson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 11:29 AM To: CF-Talk Subject: RE: A way to hide the CF source on a website? Except the CF source does not appear at the browser, that is server-side code. What appears at the browser is just the (HTML) or whatever mime info is being sent. Who is viewing the source that shouldn't? Is it the client/browser? They should not be seeing any CF. Is it the web host? Then encrypting the source should hide it from being read on the server. Jerry Johnson [EMAIL PROTECTED] 04/23/02 11:20AM You can encrypt it, or you can disable the right mouse click. However, most browsers have a view source button or drop down which will still work. The problem is that once the code has reached the end user's 'puter, it is visible by necessity so the browser knows what to do with it. -Original Message- From: Charles Nahm [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 11:33 AM To: CF-Talk Subject: A way to hide the CF source on a website? Is there a way to do this? Thanks, Charles __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: A way to hide the CF source on a website?
Subject: A way to hide the CF source on a website? Is there a way to do this? It depends on what you mean by this. The CFML within your script isn't sent to the browser; only the output of your script is sent to the browser. If you want to hide the CFML source from other people with access to the server's filesystem, there's an encryption utility, CFENCODE.EXE, in your \CFUSION\BIN directory. It's relatively common knowledge that there are publicly available decryption tools, however, so you can't really rely on that in an absolute sense, but encrypting your scripts will prevent most people from looking at them. You can also use filesystem permissions to limit who can see those files, perhaps. If you want to prevent people who browse your site from knowing that you're using CF, on most web servers you can change the file extension to which CF is mapped. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: A way to hide the CF source on a website?
http://shrewm.net/cfd/ Anthony Petruzzi Webmaster 954-321-4703 [EMAIL PROTECTED] http://www.sheriff.org -Original Message- From: Alex [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 11:28 AM To: CF-Talk Subject: Re: A way to hide the CF source on a website? Try the encryption utility. Or if you have the time, write a utility like py2exe (python's executable generator). On Tue, 23 Apr 2002, Charles Nahm wrote: Is there a way to do this? Thanks, Charles __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: A way to hide the CF source on a website?
-Original Message- From: Ken Wilson [mailto:[EMAIL PROTECTED]] Depends on what you mean by hide and who you are wanting to hide it from. I guess by hide I mean things like file locations, IPs, certain keys and strings and such for server side processing of tasks such as CC validation or account manipulation. If only the HTML of the page shows up, then that's fine, but if everything shows up, then I guess it would be a small concern. I guess hiding my poor excuse for code is another thing too. :) Charles __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: A way to hide the CF source on a website?
Keep in mind that the Java .class file portability is only something that was mentioned in early whitepapers and some early demo's - until this is confirmed as being in the next product, I would caution against basing any business models on what is, until in a production-level product, vapor-ware. --- Billy Cravens -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 10:31 AM To: CF-Talk Subject: RE: A way to hide the CF source on a website? I'll be honest, there is not way! yes you can encrypt it with cfencrypt and I can download a program that will unencrypt it. there is no way for someone to right-click in their browser to view your CF code.(NOTE: this is possible with the .htr and a bunch of other security flaws. are you up to date on all your security patches?) the only thing you can do is way until CFMX hits. if you happened to watch the presentation that they did for it at CFSOUTH, (can't remember which one, anyone know? they had this posted on MM site for awhile) supposedly you can now compile your CFM templates to JAVA CLASS files and delete the CFM templates from the server. Thus protecting your code. Anthony Petruzzi Webmaster 954-321-4703 [EMAIL PROTECTED] http://www.sheriff.org -Original Message- From: Ken Wilson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 11:23 AM To: CF-Talk Subject: RE: A way to hide the CF source on a website? Depends on what you mean by hide and who you are wanting to hide it from. Ken -Original Message- From: Charles Nahm [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 11:33 AM To: CF-Talk Subject: A way to hide the CF source on a website? Is there a way to do this? Thanks, Charles __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: A way to hide the CF source on a website?
the only thing you can do is way until CFMX hits. if you happened to watch the presentation that they did for it at CFSOUTH, (can't remember which one, anyone know? they had this posted on MM site for awhile) supposedly you can now compile your CFM templates to JAVA CLASS files and delete the CFM templates from the server. Thus protecting your code. I remember one of the first things I found for Java was a decompiler. I think it was called Mocha, or was that the obfuscator written by the same person? Maybe Crema was the decompiler, and Mocha was the obfuscator. No, Google says that I had it right the first time. In any case, the guy who wrote both of these very soon after Java was released, Hanpeter Van Vliet, was a good coder who unfortunately died of cancer at a very young age a few years back. The point of this trip down memory lane is that if someone has access to your code, the fact that it's compiled in some way or other is no guarantee that your code is secure. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: A way to hide the CF source on a website?
-Original Message- From: Tim Claremont [mailto:[EMAIL PROTECTED]] Yes, I guess I was not quite clear. Since the CF source does NOT appear, I only assumed that she meant the resultant HTML code. I did not realize the CF source does not appear. I am sorry for the confusion. I am still a rookie at this whole business. Thanks everyone for your help and patience. Charles __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: A way to hide the CF source on a website?
AFAIK, you cannot encrypt HTML source as it is interpreted by the browser itself Of course you can hide CFML as its parsed by the Server side (unless you append +.htr after a .cfm call and they haven't patched the server - then you can see it all!) - you will be surprised how many people have not patched their IIS install. Encrypting HTML/Javascript is also pointless. Neil __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: A way to hide the CF source on a website?
Tony, Prepare to be flamed. That happened to me when I posted that link once. How dare you! You have totally ruined my entire business model! I'm going to lose all sorts of money due to people decrypting my five line encrypted custom tag that I'm charging $149 for! It's all your fault, because there's no way that a five-second search on Google could have found that link! --- Billy Cravens -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 10:35 AM To: CF-Talk Subject: RE: A way to hide the CF source on a website? http://shrewm.net/cfd/ Anthony Petruzzi Webmaster 954-321-4703 [EMAIL PROTECTED] http://www.sheriff.org -Original Message- From: Alex [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 11:28 AM To: CF-Talk Subject: Re: A way to hide the CF source on a website? Try the encryption utility. Or if you have the time, write a utility like py2exe (python's executable generator). On Tue, 23 Apr 2002, Charles Nahm wrote: Is there a way to do this? Thanks, Charles __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: A way to hide the CF source on a website?
I am sure decrypting an encrpyted template, especially a 3rd party one, it against the software agreement :-? __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: A way to hide the CF source on a website?
Personally, I'm glad the Decrypt link was posted - it reminded me that secure is only secure til someone else decides they want to find a way to make it un-secure, and then it will only be a matter of time before they or someone else succeeds. At 10:55 AM 04/23/2002 -0500, you wrote: Tony, Prepare to be flamed. That happened to me when I posted that link once. How dare you! You have totally ruined my entire business model! I'm going to lose all sorts of money due to people decrypting my five line encrypted custom tag that I'm charging $149 for! It's all your fault, because there's no way that a five-second search on Google could have found that link! --- Billy Cravens -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 10:35 AM To: CF-Talk Subject: RE: A way to hide the CF source on a website? http://shrewm.net/cfd/ Anthony Petruzzi Webmaster 954-321-4703 [EMAIL PROTECTED] http://www.sheriff.org -Original Message- From: Alex [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 11:28 AM To: CF-Talk Subject: Re: A way to hide the CF source on a website? Try the encryption utility. Or if you have the time, write a utility like py2exe (python's executable generator). On Tue, 23 Apr 2002, Charles Nahm wrote: Is there a way to do this? Thanks, Charles __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: A way to hide the CF source on a website?
I have noticed links to it posted on several user groups Web sites... it really is a useful tool when you consider the troubling situation of having an encrypted file with no plaintext backup. M -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 11:55 AM To: CF-Talk Subject: RE: A way to hide the CF source on a website? Tony, Prepare to be flamed. That happened to me when I posted that link once. How dare you! You have totally ruined my entire business model! I'm going to lose all sorts of money due to people decrypting my five line encrypted custom tag that I'm charging $149 for! It's all your fault, because there's no way that a five-second search on Google could have found that link! --- Billy Cravens -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 10:35 AM To: CF-Talk Subject: RE: A way to hide the CF source on a website? http://shrewm.net/cfd/ Anthony Petruzzi Webmaster 954-321-4703 [EMAIL PROTECTED] http://www.sheriff.org -Original Message- From: Alex [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 11:28 AM To: CF-Talk Subject: Re: A way to hide the CF source on a website? Try the encryption utility. Or if you have the time, write a utility like py2exe (python's executable generator). On Tue, 23 Apr 2002, Charles Nahm wrote: Is there a way to do this? Thanks, Charles __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists