I'm using the coldfusion encryption functions (like decrypt()) to save some credit card info on a database. However, the problem is that the password is in plain sight as part of the coldfusion code.
So my question is, is there a way to define an Application.level variable from the Coldfusion Administrator, and then access that variable from my coldfusion code?
Could it be possible to pass the variable as a JVM argument? If yes, how would I specify it and how would I read it from Coldfusion code?
This seems like a no-brainer thing for coldfusion to have, but I cannot seem to find this feature in the documentation.
Password in plain sight? Password for what?
By the way, even if you could set an application variable in the administrator, it would still be visible when debugging is turned on.
You know you can encrypt/obfuscate your CF source code so that its run-able on the server, but appears as gibberish for anyone viewing the CFM file via a text editor. Do a google search for "encrypt CF template"
Of course, if you are storing sensitive information on a server but don't trust the people who have physical access to the machine then you may have bigger issues to deal with...
Hope that helps!