license key visible to all (should it be?)

Report · Jan 28, 2015

Hello,

Just looked in the CFAdmin (CF10) info area, and have noticed the license key is stored in plain text.

Should this be so?

My concern is as a hosting company we have purchased X amount of Enterprise licenses. Some of the servers are hosted as private VPSs, to which we provide admin access (server and CF).
If a customer of ours decided to go to a competitor there is nothing stopping them seeing our license key, copying it and installing CF themselves on a server not managed by us, thus getting a free license - and we would not know.

I really think the license key should be hashed.

Any opinions on this?

Thanks
Luke

Report · Jan 28, 2015

That's a good point. Maybe obscure all but the last 4-6 digits (like many merchants do with stored credit card numbers) so companies with multiple licenses can still identify which is on which machine. Want to submit an Enhancement Request to Adobe?

-Carl V.

Report · Feb 03, 2015

If a ColdFusion keycode has already been used and is registered with Adobe, how could someone take and use it? Doesn't the server send the data to Adobe to verify the code and also verify it hasn't been used already?

Justin

Report · Feb 03, 2015

I don't think so, at least not for ColdFusion. With the CF10/11 EULAs, you are allowed to use the same license key on multiple servers, as long as only one is a production server (the others would be for development, Q/A, staging, disaster recovery, etc.). There's no way Adobe could monitor that and tell whether a key was being abused or not.

-Carl V.

Adobe Community

license key visible to all (should it be?)