This content has been marked as final. Show 5 replies
Are you referring to cfencode?
ColdFusion security features
Note: You can also use the cfencode utility, located in the cf_root/bin directory, to obscure ColdFusion pages that you distribute. Although this technique cannot prevent persistent hackers from determining the contents of your pages, it does prevent inspection of the pages.
Yes cfencode, that was it. Is there any other tools that can "obscure" CF pages or is this the only/best way to do it?
There is another thread on this same subject. My recommendation is "don't do it." It's a waste of time. It's just as easy or possibly easier to find CF decryption tools on the web so the protection is useless. The only thing it does is make it more difficult to support the application because you loose exception details if and when errors occur.
Ok, I don't have time to waste ;-), to bad because I have a problem with a dump *** who keep fishing our financial website ..... I tought encrypted my source code would at least make it a little bit harder for him ..... I keep request that they closed the domain but every month another domain name show up .......
Even if he fishes your site, it should not be exposing the source of your cfm templates. My guess is that he is harvesting the output of your cfm templates. If this is the case, cfencrypt would not help anyway.
I vaguely remember a thread years ago on this topic. The consensus at that time was to, once the fishing was detected, create some link traps that would point to dynamically generated massive and useless pages with even more links to more garbage pages. Just make sure you can detect the difference between this dumb *** and a search engine crawler or your SE ranking will plummet.