Shaun Mccran

My digital playground

27
A
P
R
2009

Securing your release code with the compile command

In this article I examine the compilation feature of ColdFusion, and explore why you would want to do this to your release code.

A project that I worked on in the recent past was being hosted on a remote server, which was being supervised by a third party company. We were still responsible for the code base and suspected that some 'hot fixes' had gone in as live code changes implemented on the server.

Obviously this is not ideal, the sanctity of your code base is paramount, and if it is your responsibility you have to be absolutely sure you know what it contains, especially if there are tinkerers.

Another good use for this functionality is where you are selling the software as a service (SAAS). The normal occurrence here is that the client is renting or leasing the functionality of your application, not the actual code base itself. So a good way to deter them from peeking under the hood is to compile it.

view plain print about
1d:\cfusionmx7\bin\cfcompile.bat deploy
2
3d:\cfusionmx7\wwwroot d:\cfusionmx7\wwwroot\appsRoot d:\cfusionmx7\wwwroot\AppsRootcompiled

In the code above the first line executes the cfcompile command, using the –deploy switch. This tells the compilation engine to take the source directory (the second line) and compile it, and move it into the destination directory (the third line). Be careful not to specify the same directories here, as it will flip out. Also there is a chance it will overwrite your source dir, which is bad as you cannot undo this.

The destination directory should now contain an exact copy of your code base, but compiled. Open a file it looks like garbage, but works exactly like the original.

Note that Compiling is different from Encrypting. With encryption you can decrypt the code base, as long as you know the seed, or hash. Compilation is irreversible, you cannot un-compile it, so be careful with your original un-compiled code base!

TweetBacks
Comments (Comment Moderation is enabled. Your comment will not appear until approved.)
Back to top