5 Replies Latest reply on Feb 15, 2008 10:34 AM by Steve Sommers

    Encryption with CF MX7

    Verrückter Level 1
      What is the best way to encrypt a page? I did just long time ago what was call "cfencrypt" not sure if I'm right but I recall that it was a small dos application .... Is there something similar now?
        • 1. Re: Encryption with CF MX7
          paross1 Level 2
          Are you referring to cfencode?

          ColdFusion security features

          Note: You can also use the cfencode utility, located in the cf_root/bin directory, to obscure ColdFusion pages that you distribute. Although this technique cannot prevent persistent hackers from determining the contents of your pages, it does prevent inspection of the pages.

          • 2. Re: Encryption with CF MX7
            Verrückter Level 1
            Yes cfencode, that was it. Is there any other tools that can "obscure" CF pages or is this the only/best way to do it?
            • 3. Re: Encryption with CF MX7
              Steve Sommers Level 4
              There is another thread on this same subject. My recommendation is "don't do it." It's a waste of time. It's just as easy or possibly easier to find CF decryption tools on the web so the protection is useless. The only thing it does is make it more difficult to support the application because you loose exception details if and when errors occur.
              • 4. Re: Encryption with CF MX7
                Verrückter Level 1
                Ok, I don't have time to waste ;-), to bad because I have a problem with a dump *** who keep fishing our financial website ..... I tought encrypted my source code would at least make it a little bit harder for him ..... I keep request that they closed the domain but every month another domain name show up .......
                • 5. Re: Encryption with CF MX7
                  Steve Sommers Level 4
                  Even if he fishes your site, it should not be exposing the source of your cfm templates. My guess is that he is harvesting the output of your cfm templates. If this is the case, cfencrypt would not help anyway.

                  I vaguely remember a thread years ago on this topic. The consensus at that time was to, once the fishing was detected, create some link traps that would point to dynamically generated massive and useless pages with even more links to more garbage pages. Just make sure you can detect the difference between this dumb *** and a search engine crawler or your SE ranking will plummet.