Re: Protecting Code

2006-01-04 Thread charles arehart
Jennifer, you wrote (in response to Jeff's proposal to consider BlueDragon as 
an option to protect your ode) that:

>Thanks Jeff, but beyond my budget ..
>

But I wonder if you're aware of an option that can make this not only "within 
your budget" but alsl far less than the cost of ColdFusion itself. These other 
boxes you want to distribute your code on, do they already have ColdFusion? Or 
would you have to buy new licenses to run on them?

Either way, there is a way to bundle your application with BlueDragon whereby 
the price you pay can be far less than both ColdFusion and even our own list 
price. It is set as a percentage of *your product's price*. (Even if you aren't 
selling a commercial product in the traditional sense, there's flexibility.)

To learn more about this, see the FAQ:

Can I really bundle BlueDragon with my CFML application, to sell it as a 
solution, with BlueDragon costing me less than the list price?

http://www.newatlanta.com/c/products/servletexec/self_help/faq/detail?faqId=311

/charlie

~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228345
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54


Re: Protecting Code

2005-12-30 Thread James Holmes
http://en.wikipedia.org/wiki/Obfuscated_code

On 12/31/05, Jennifer Gavin-Wear <[EMAIL PROTECTED]> wrote:
> Hi Ade,
>
> Obfuscation?

--
CFAJAX docs and other useful articles:
http://jr-holmes.coldfusionjournal.com/

~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228059
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54


RE: Protecting Code

2005-12-30 Thread Jennifer Gavin-Wear
Thanks Jeff, but beyond my budget ..

-Original Message-
From: J W [mailto:[EMAIL PROTECTED]
Sent: 29 December 2005 15:29
To: CF-Talk
Subject: Re: Protecting Code


Yeah, the Adobe Coldfusion (That doesn't roll off the tounge right)
encryption is kind of weak. IF Blue Dragon is an option for you, it seems to
have template encryption down pat..

http://www.newatlanta.com/c/products/bluedragon/self_help/faq/detail?faqId=2
33

Jeff




~|
Find out how CFTicket can increase your company's customer support 
efficiency by 100%
http://www.houseoffusion.com/banners/view.cfm?bannerid=49

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228054
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54


RE: Protecting Code

2005-12-30 Thread Jennifer Gavin-Wear
Hi Ade,

Obfuscation?



-Original Message-
From: Adrian Lynch [mailto:[EMAIL PROTECTED]
Sent: 29 December 2005 16:48
To: CF-Talk
Subject: RE: Protecting Code


What about obfuscation? Anyone done that, pros, cons?

Ade




~|
Find out how CFTicket can increase your company's customer support 
efficiency by 100%
http://www.houseoffusion.com/banners/view.cfm?bannerid=49

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228053
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54


Re: Protecting Code

2005-12-29 Thread John Paul Ashenfelter
On 12/29/05, Adrian Lynch <[EMAIL PROTECTED]> wrote:
> What about obfuscation? Anyone done that, pros, cons?

Pros: the mistaken feeling that your code is somehow "safe"
Cons: incredibly complex maintenance, programmer burnout, client
frustration, the hint of paranoia, to name a few

You can obsfucate, encrypt, *and* deploy sourceless (though that
defeats the purpose of encryption, natch) -- but that's a lot of
overhead for IMHO *very* little gain. You'd be better off putting that
energy into new software, improvements, or finding better clients that
you don't feel so worried about.

Imagine a client sophisticated enough to do a code review -- not a
good environment to show them you know your stuff, but a great way to
show them you don't trust them.

Imagine trying to bring in a subcontractor to help with maintenance.

If you are *that* concerned about your code, license the use of it,
retain the copyright and use it on your own machines. Or charge enough
for the software that you feel that you got what it was worth.

If you're trying to prevent client *change* to the code, your best
approach is to clearly state in the contract that you won't
support/warrant/etc code that's been changed from the release (and
back that up w/ good version control and a physical release of the
software delivered to the client or escrow).

If you're trying to prevent client *distribution* of your code, get
clear ownership in your contract and don't be afraid to enforce it.

Or open source it and don't lose any more sleep :)

> Ade
>
> -Original Message-
> From: John Paul Ashenfelter [mailto:[EMAIL PROTECTED]
> Sent: 29 December 2005 16:37
> To: CF-Talk
> Subject: Re: Protecting Code
>
>
> On 12/29/05, Jennifer Gavin-Wear <[EMAIL PROTECTED]> wrote:
> > Hmm .. that's a thought ..  maybe hosting a subdomain of theirs on my own
> > server would be best?
>
>
> I wouldn't waste the time encrypting the pages. It takes about 60s on
> google to find a decryption tool for cf. It also complicates your
> deployment b/c you have to encrypt everytime you push up a change --
> which may or may not be an issue for you.
>
> > -Original Message-
> > From: Adkins, Randy [mailto:[EMAIL PROTECTED]
> > Sent: 29 December 2005 15:20
> > To: CF-Talk
> > Subject: RE: Protecting Code
> >
> >
> > You could encrypt the pages but not a foolproof way of protecting the
> > code.
> >
> > -Original Message-
> > From: Jennifer Gavin-Wear [mailto:[EMAIL PROTECTED]
> > Sent: Monday, December 26, 2005 11:40 AM
> > To: CF-Talk
> > Subject: Protecting Code
> >
> > Hi ... is there any way of protecting code.  I could be installing a
> > cart application on someone's CF server and I don't necessarily want
> > them to have access to the code.
> >
> > Thanks,
> >
> > Jenny
> >
> >
> >
> >
> >
> >
> >
> >
> >
>
>
>
> 

~|
Discover CFTicket - The leading ColdFusion Help Desk and Trouble 
Ticket application

http://www.houseoffusion.com/banners/view.cfm?bannerid=48

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:227941
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54


RE: Protecting Code

2005-12-29 Thread Adrian Lynch
What about obfuscation? Anyone done that, pros, cons?

Ade

-Original Message-
From: John Paul Ashenfelter [mailto:[EMAIL PROTECTED]
Sent: 29 December 2005 16:37
To: CF-Talk
Subject: Re: Protecting Code


On 12/29/05, Jennifer Gavin-Wear <[EMAIL PROTECTED]> wrote:
> Hmm .. that's a thought ..  maybe hosting a subdomain of theirs on my own
> server would be best?


I wouldn't waste the time encrypting the pages. It takes about 60s on
google to find a decryption tool for cf. It also complicates your
deployment b/c you have to encrypt everytime you push up a change --
which may or may not be an issue for you.

> -Original Message-
> From: Adkins, Randy [mailto:[EMAIL PROTECTED]
> Sent: 29 December 2005 15:20
> To: CF-Talk
> Subject: RE: Protecting Code
>
>
> You could encrypt the pages but not a foolproof way of protecting the
> code.
>
> -Original Message-
> From: Jennifer Gavin-Wear [mailto:[EMAIL PROTECTED]
> Sent: Monday, December 26, 2005 11:40 AM
> To: CF-Talk
> Subject: Protecting Code
>
> Hi ... is there any way of protecting code.  I could be installing a
> cart application on someone's CF server and I don't necessarily want
> them to have access to the code.
>
> Thanks,
>
> Jenny
>
>
>
>
>
>
>
>
>



~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:227894
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54


Re: Protecting Code

2005-12-29 Thread John Paul Ashenfelter
On 12/29/05, Jennifer Gavin-Wear <[EMAIL PROTECTED]> wrote:
> Hmm .. that's a thought ..  maybe hosting a subdomain of theirs on my own
> server would be best?


I wouldn't waste the time encrypting the pages. It takes about 60s on
google to find a decryption tool for cf. It also complicates your
deployment b/c you have to encrypt everytime you push up a change --
which may or may not be an issue for you.

> -Original Message-
> From: Adkins, Randy [mailto:[EMAIL PROTECTED]
> Sent: 29 December 2005 15:20
> To: CF-Talk
> Subject: RE: Protecting Code
>
>
> You could encrypt the pages but not a foolproof way of protecting the
> code.
>
> -Original Message-
> From: Jennifer Gavin-Wear [mailto:[EMAIL PROTECTED]
> Sent: Monday, December 26, 2005 11:40 AM
> To: CF-Talk
> Subject: Protecting Code
>
> Hi ... is there any way of protecting code.  I could be installing a
> cart application on someone's CF server and I don't necessarily want
> them to have access to the code.
>
> Thanks,
>
> Jenny
>
>
>
>
>
>
>
>
> 

~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:227889
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54


Re: Protecting Code

2005-12-29 Thread John Paul Ashenfelter
On 12/29/05, Snake <[EMAIL PROTECTED]> wrote:
> Distribute the compiled bytecode and not the source.
> This is only supported from cf7 tho.

Sean talks about it here

http://www.corfield.org/blog/index.cfm?do=blog.entry&entry=4879EDC2-F8C4-B633-C44FDABDDD608FDF

since sourceless and j2ee (war/ear) deploys get confused.

If you're trying to protect the code from *change* then both
sourceless deploy and encryption are possibilities, though sourceless
is far more robust. Decompiling is still possible, so it can be
reverse engineered, but it's a lot more complicated than decrypting
the CF encryption.

If you're trying to protect your *intellectual property*, you'd be
much better off focusing on your licensing agreement than spending
time securing/obscuring your code. If you're under a simple
work-for-hire (automatic default in many US jurisdictions is what I've
been told), then you don't have the right to keep the code from the
client once the contract is complete, etc etc, IANAL.

--
John Paul Ashenfelter
CTO/Transitionpoint
(blog) http://www.ashenfelter.com
(email) [EMAIL PROTECTED]

~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:227887
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54


RE: Protecting Code

2005-12-29 Thread Snake
Distribute the compiled bytecode and not the source.
This is only supported from cf7 tho. 

Russ 

-Original Message-
From: Adkins, Randy [mailto:[EMAIL PROTECTED]
Sent: 29 December 2005 15:20
To: CF-Talk
Subject: RE: Protecting Code

You could encrypt the pages but not a foolproof way of protecting the code. 

-Original Message-
From: Jennifer Gavin-Wear [mailto:[EMAIL PROTECTED]
Sent: Monday, December 26, 2005 11:40 AM
To: CF-Talk
Subject: Protecting Code

Hi ... is there any way of protecting code.  I could be installing a cart
application on someone's CF server and I don't necessarily want them to have
access to the code.

Thanks,

Jenny








~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:227872
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54


Re: Protecting Code

2005-12-29 Thread J W
Yeah, the Adobe Coldfusion (That doesn't roll off the tounge right)
encryption is kind of weak. IF Blue Dragon is an option for you, it seems to
have template encryption down pat..

http://www.newatlanta.com/c/products/bluedragon/self_help/faq/detail?faqId=233

Jeff

On 12/29/05, Adkins, Randy <[EMAIL PROTECTED]> wrote:
>
> You could encrypt the pages but not a foolproof way of protecting the
> code.
>
> -Original Message-
> From: Jennifer Gavin-Wear [mailto:[EMAIL PROTECTED]
> Sent: Monday, December 26, 2005 11:40 AM
> To: CF-Talk
> Subject: Protecting Code
>
> Hi ... is there any way of protecting code.  I could be installing a
> cart application on someone's CF server and I don't necessarily want
> them to have access to the code.
>
> Thanks,
>
> Jenny
>
>
>
>
>
>
> 

~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:227871
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54


RE: Protecting Code

2005-12-29 Thread Jennifer Gavin-Wear
Hmm .. that's a thought ..  maybe hosting a subdomain of theirs on my own
server would be best?


-Original Message-
From: Adkins, Randy [mailto:[EMAIL PROTECTED]
Sent: 29 December 2005 15:20
To: CF-Talk
Subject: RE: Protecting Code


You could encrypt the pages but not a foolproof way of protecting the
code.

-Original Message-
From: Jennifer Gavin-Wear [mailto:[EMAIL PROTECTED]
Sent: Monday, December 26, 2005 11:40 AM
To: CF-Talk
Subject: Protecting Code

Hi ... is there any way of protecting code.  I could be installing a
cart application on someone's CF server and I don't necessarily want
them to have access to the code.

Thanks,

Jenny








~|
Find out how CFTicket can increase your company's customer support 
efficiency by 100%
http://www.houseoffusion.com/banners/view.cfm?bannerid=49

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:227869
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54


RE: Protecting Code

2005-12-29 Thread Adkins, Randy
You could encrypt the pages but not a foolproof way of protecting the
code. 

-Original Message-
From: Jennifer Gavin-Wear [mailto:[EMAIL PROTECTED] 
Sent: Monday, December 26, 2005 11:40 AM
To: CF-Talk
Subject: Protecting Code

Hi ... is there any way of protecting code.  I could be installing a
cart application on someone's CF server and I don't necessarily want
them to have access to the code.

Thanks,

Jenny






~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:227864
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54