Re: Protecting Code
Jennifer, you wrote (in response to Jeff's proposal to consider BlueDragon as an option to protect your ode) that: >Thanks Jeff, but beyond my budget .. > But I wonder if you're aware of an option that can make this not only "within your budget" but alsl far less than the cost of ColdFusion itself. These other boxes you want to distribute your code on, do they already have ColdFusion? Or would you have to buy new licenses to run on them? Either way, there is a way to bundle your application with BlueDragon whereby the price you pay can be far less than both ColdFusion and even our own list price. It is set as a percentage of *your product's price*. (Even if you aren't selling a commercial product in the traditional sense, there's flexibility.) To learn more about this, see the FAQ: Can I really bundle BlueDragon with my CFML application, to sell it as a solution, with BlueDragon costing me less than the list price? http://www.newatlanta.com/c/products/servletexec/self_help/faq/detail?faqId=311 /charlie ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228345 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Protecting Code
http://en.wikipedia.org/wiki/Obfuscated_code On 12/31/05, Jennifer Gavin-Wear <[EMAIL PROTECTED]> wrote: > Hi Ade, > > Obfuscation? -- CFAJAX docs and other useful articles: http://jr-holmes.coldfusionjournal.com/ ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228059 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Protecting Code
Thanks Jeff, but beyond my budget .. -Original Message- From: J W [mailto:[EMAIL PROTECTED] Sent: 29 December 2005 15:29 To: CF-Talk Subject: Re: Protecting Code Yeah, the Adobe Coldfusion (That doesn't roll off the tounge right) encryption is kind of weak. IF Blue Dragon is an option for you, it seems to have template encryption down pat.. http://www.newatlanta.com/c/products/bluedragon/self_help/faq/detail?faqId=2 33 Jeff ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228054 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Protecting Code
Hi Ade, Obfuscation? -Original Message- From: Adrian Lynch [mailto:[EMAIL PROTECTED] Sent: 29 December 2005 16:48 To: CF-Talk Subject: RE: Protecting Code What about obfuscation? Anyone done that, pros, cons? Ade ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228053 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Protecting Code
On 12/29/05, Adrian Lynch <[EMAIL PROTECTED]> wrote: > What about obfuscation? Anyone done that, pros, cons? Pros: the mistaken feeling that your code is somehow "safe" Cons: incredibly complex maintenance, programmer burnout, client frustration, the hint of paranoia, to name a few You can obsfucate, encrypt, *and* deploy sourceless (though that defeats the purpose of encryption, natch) -- but that's a lot of overhead for IMHO *very* little gain. You'd be better off putting that energy into new software, improvements, or finding better clients that you don't feel so worried about. Imagine a client sophisticated enough to do a code review -- not a good environment to show them you know your stuff, but a great way to show them you don't trust them. Imagine trying to bring in a subcontractor to help with maintenance. If you are *that* concerned about your code, license the use of it, retain the copyright and use it on your own machines. Or charge enough for the software that you feel that you got what it was worth. If you're trying to prevent client *change* to the code, your best approach is to clearly state in the contract that you won't support/warrant/etc code that's been changed from the release (and back that up w/ good version control and a physical release of the software delivered to the client or escrow). If you're trying to prevent client *distribution* of your code, get clear ownership in your contract and don't be afraid to enforce it. Or open source it and don't lose any more sleep :) > Ade > > -Original Message- > From: John Paul Ashenfelter [mailto:[EMAIL PROTECTED] > Sent: 29 December 2005 16:37 > To: CF-Talk > Subject: Re: Protecting Code > > > On 12/29/05, Jennifer Gavin-Wear <[EMAIL PROTECTED]> wrote: > > Hmm .. that's a thought .. maybe hosting a subdomain of theirs on my own > > server would be best? > > > I wouldn't waste the time encrypting the pages. It takes about 60s on > google to find a decryption tool for cf. It also complicates your > deployment b/c you have to encrypt everytime you push up a change -- > which may or may not be an issue for you. > > > -Original Message- > > From: Adkins, Randy [mailto:[EMAIL PROTECTED] > > Sent: 29 December 2005 15:20 > > To: CF-Talk > > Subject: RE: Protecting Code > > > > > > You could encrypt the pages but not a foolproof way of protecting the > > code. > > > > -Original Message- > > From: Jennifer Gavin-Wear [mailto:[EMAIL PROTECTED] > > Sent: Monday, December 26, 2005 11:40 AM > > To: CF-Talk > > Subject: Protecting Code > > > > Hi ... is there any way of protecting code. I could be installing a > > cart application on someone's CF server and I don't necessarily want > > them to have access to the code. > > > > Thanks, > > > > Jenny > > > > > > > > > > > > > > > > > > > > > > ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:227941 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Protecting Code
What about obfuscation? Anyone done that, pros, cons? Ade -Original Message- From: John Paul Ashenfelter [mailto:[EMAIL PROTECTED] Sent: 29 December 2005 16:37 To: CF-Talk Subject: Re: Protecting Code On 12/29/05, Jennifer Gavin-Wear <[EMAIL PROTECTED]> wrote: > Hmm .. that's a thought .. maybe hosting a subdomain of theirs on my own > server would be best? I wouldn't waste the time encrypting the pages. It takes about 60s on google to find a decryption tool for cf. It also complicates your deployment b/c you have to encrypt everytime you push up a change -- which may or may not be an issue for you. > -Original Message- > From: Adkins, Randy [mailto:[EMAIL PROTECTED] > Sent: 29 December 2005 15:20 > To: CF-Talk > Subject: RE: Protecting Code > > > You could encrypt the pages but not a foolproof way of protecting the > code. > > -Original Message- > From: Jennifer Gavin-Wear [mailto:[EMAIL PROTECTED] > Sent: Monday, December 26, 2005 11:40 AM > To: CF-Talk > Subject: Protecting Code > > Hi ... is there any way of protecting code. I could be installing a > cart application on someone's CF server and I don't necessarily want > them to have access to the code. > > Thanks, > > Jenny > > > > > > > > > ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:227894 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Protecting Code
On 12/29/05, Jennifer Gavin-Wear <[EMAIL PROTECTED]> wrote: > Hmm .. that's a thought .. maybe hosting a subdomain of theirs on my own > server would be best? I wouldn't waste the time encrypting the pages. It takes about 60s on google to find a decryption tool for cf. It also complicates your deployment b/c you have to encrypt everytime you push up a change -- which may or may not be an issue for you. > -Original Message- > From: Adkins, Randy [mailto:[EMAIL PROTECTED] > Sent: 29 December 2005 15:20 > To: CF-Talk > Subject: RE: Protecting Code > > > You could encrypt the pages but not a foolproof way of protecting the > code. > > -Original Message- > From: Jennifer Gavin-Wear [mailto:[EMAIL PROTECTED] > Sent: Monday, December 26, 2005 11:40 AM > To: CF-Talk > Subject: Protecting Code > > Hi ... is there any way of protecting code. I could be installing a > cart application on someone's CF server and I don't necessarily want > them to have access to the code. > > Thanks, > > Jenny > > > > > > > > > ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:227889 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Protecting Code
On 12/29/05, Snake <[EMAIL PROTECTED]> wrote: > Distribute the compiled bytecode and not the source. > This is only supported from cf7 tho. Sean talks about it here http://www.corfield.org/blog/index.cfm?do=blog.entry&entry=4879EDC2-F8C4-B633-C44FDABDDD608FDF since sourceless and j2ee (war/ear) deploys get confused. If you're trying to protect the code from *change* then both sourceless deploy and encryption are possibilities, though sourceless is far more robust. Decompiling is still possible, so it can be reverse engineered, but it's a lot more complicated than decrypting the CF encryption. If you're trying to protect your *intellectual property*, you'd be much better off focusing on your licensing agreement than spending time securing/obscuring your code. If you're under a simple work-for-hire (automatic default in many US jurisdictions is what I've been told), then you don't have the right to keep the code from the client once the contract is complete, etc etc, IANAL. -- John Paul Ashenfelter CTO/Transitionpoint (blog) http://www.ashenfelter.com (email) [EMAIL PROTECTED] ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:227887 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Protecting Code
Distribute the compiled bytecode and not the source. This is only supported from cf7 tho. Russ -Original Message- From: Adkins, Randy [mailto:[EMAIL PROTECTED] Sent: 29 December 2005 15:20 To: CF-Talk Subject: RE: Protecting Code You could encrypt the pages but not a foolproof way of protecting the code. -Original Message- From: Jennifer Gavin-Wear [mailto:[EMAIL PROTECTED] Sent: Monday, December 26, 2005 11:40 AM To: CF-Talk Subject: Protecting Code Hi ... is there any way of protecting code. I could be installing a cart application on someone's CF server and I don't necessarily want them to have access to the code. Thanks, Jenny ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:227872 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Protecting Code
Yeah, the Adobe Coldfusion (That doesn't roll off the tounge right) encryption is kind of weak. IF Blue Dragon is an option for you, it seems to have template encryption down pat.. http://www.newatlanta.com/c/products/bluedragon/self_help/faq/detail?faqId=233 Jeff On 12/29/05, Adkins, Randy <[EMAIL PROTECTED]> wrote: > > You could encrypt the pages but not a foolproof way of protecting the > code. > > -Original Message- > From: Jennifer Gavin-Wear [mailto:[EMAIL PROTECTED] > Sent: Monday, December 26, 2005 11:40 AM > To: CF-Talk > Subject: Protecting Code > > Hi ... is there any way of protecting code. I could be installing a > cart application on someone's CF server and I don't necessarily want > them to have access to the code. > > Thanks, > > Jenny > > > > > > > ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:227871 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Protecting Code
Hmm .. that's a thought .. maybe hosting a subdomain of theirs on my own server would be best? -Original Message- From: Adkins, Randy [mailto:[EMAIL PROTECTED] Sent: 29 December 2005 15:20 To: CF-Talk Subject: RE: Protecting Code You could encrypt the pages but not a foolproof way of protecting the code. -Original Message- From: Jennifer Gavin-Wear [mailto:[EMAIL PROTECTED] Sent: Monday, December 26, 2005 11:40 AM To: CF-Talk Subject: Protecting Code Hi ... is there any way of protecting code. I could be installing a cart application on someone's CF server and I don't necessarily want them to have access to the code. Thanks, Jenny ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:227869 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Protecting Code
You could encrypt the pages but not a foolproof way of protecting the code. -Original Message- From: Jennifer Gavin-Wear [mailto:[EMAIL PROTECTED] Sent: Monday, December 26, 2005 11:40 AM To: CF-Talk Subject: Protecting Code Hi ... is there any way of protecting code. I could be installing a cart application on someone's CF server and I don't necessarily want them to have access to the code. Thanks, Jenny ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:227864 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54