Difference between revisions of "How to Encrypt or Compile ColdFusion Files"
m (→Using cfencode.exe) |
(→Using cfcompile.bat) |
||
(7 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
+ | __FORCETOC__ | ||
+ | |||
If you wish to obscure your ColdFusion source code before deploying it to Hostek, you have a couple options: '''cfcompile.bat''' and '''cfencode.exe'''. In order to use either of these options, you must first download and install a copy of ColdFusion to your local computer. To obtain a free developer-edition of Coldfusion, follow the link at [http://www.adobe.com/support/coldfusion/downloads.html#cf10productdownloads Adobe's ColdFusion Support Center]. | If you wish to obscure your ColdFusion source code before deploying it to Hostek, you have a couple options: '''cfcompile.bat''' and '''cfencode.exe'''. In order to use either of these options, you must first download and install a copy of ColdFusion to your local computer. To obtain a free developer-edition of Coldfusion, follow the link at [http://www.adobe.com/support/coldfusion/downloads.html#cf10productdownloads Adobe's ColdFusion Support Center]. | ||
Line 4: | Line 6: | ||
The cfcompile.bat utility will compile all '''.cfm''' and '''.cfc''' files within a given directory into Java bytecode. This has the effect of making your source code unreadable, and it also prevents ColdFusion from having to compile your ColdFusion files on first use which provides a small performance enhancement. | The cfcompile.bat utility will compile all '''.cfm''' and '''.cfc''' files within a given directory into Java bytecode. This has the effect of making your source code unreadable, and it also prevents ColdFusion from having to compile your ColdFusion files on first use which provides a small performance enhancement. | ||
− | Cfcompile | + | Cfcompile uses the following syntax: |
− | *Example: <pre>c:\ | + | *Example: <pre>c:\ColdFusion11\cfusion\bin\cfcompile.bat -deploy HOSTEKWEBROOT SOURCE COMPILED</pre> |
+ | ''(If your site and local installation use ColdFusion 10, be sure to update the path to '''cfcompile.bat''' accordingly.)'' | ||
In the above example, make the following changes: | In the above example, make the following changes: | ||
Line 16: | Line 19: | ||
Once cfcompile.bat has finished executing, you can copy the contents of your COMPILED directory to your site's Web root at Hostek (through FTP). Once the compiled files have been uploaded, ColdFusion will begin using them immediately. | Once cfcompile.bat has finished executing, you can copy the contents of your COMPILED directory to your site's Web root at Hostek (through FTP). Once the compiled files have been uploaded, ColdFusion will begin using them immediately. | ||
+ | |||
+ | More details about using cfcompile.bat can be found in [https://learn.adobe.com/wiki/display/coldfusionen/Deploying+ColdFusion+Applications#DeployingColdFusionApplications-Usingthecfcompileutility ColdFusion's Documentation]. | ||
==Using cfencode.exe== | ==Using cfencode.exe== | ||
Line 23: | Line 28: | ||
#*'''Example''': <pre>C:\Program Files (x86)\Windows Resource Kits\Tools\robocopy.exe c:\SOURCE c:\ENCODED *.cfm *.cfc /E</pre> (Where '''SOURCE''' is the location of your unmodified site files, and '''ENCODED''' is your temporary working directory) | #*'''Example''': <pre>C:\Program Files (x86)\Windows Resource Kits\Tools\robocopy.exe c:\SOURCE c:\ENCODED *.cfm *.cfc /E</pre> (Where '''SOURCE''' is the location of your unmodified site files, and '''ENCODED''' is your temporary working directory) | ||
#Run cfencode.exe against the files in your temporary working directory | #Run cfencode.exe against the files in your temporary working directory | ||
− | #*'''Example''': <pre>c:\ | + | #*'''Example''': <pre>c:\ColdFusion11\cfusion\bin\cfencode.exe c:\ENCODED /r /v 2</pre> (Where '''ENCODED''' is the path to your temporary working directory from the previous step) |
#At this point, you can copy the contents of c:\ENCODED to your site at Hostek (through FTP), and the server will begin using the encrypted versions of your '''.cfm''' and '''.cfc''' files immediately. | #At this point, you can copy the contents of c:\ENCODED to your site at Hostek (through FTP), and the server will begin using the encrypted versions of your '''.cfm''' and '''.cfc''' files immediately. | ||
− | ''Note: Encrypting your site files does not guarantee absolute security of your source code, but it does add a layer of obfuscation to help prevent unauthorized individuals from viewing the source.'' | + | ''Note: Encrypting your site files with cfencode does not guarantee absolute security of your source code, but it does add a layer of obfuscation to help prevent unauthorized individuals from viewing the source.'' |
+ | |||
+ | |||
+ | [[Category:Windows]] | ||
+ | [[Category:ColdFusion]] | ||
+ | [[Category:ColdFusion-VPS]] |
Latest revision as of 21:48, 9 June 2014
If you wish to obscure your ColdFusion source code before deploying it to Hostek, you have a couple options: cfcompile.bat and cfencode.exe. In order to use either of these options, you must first download and install a copy of ColdFusion to your local computer. To obtain a free developer-edition of Coldfusion, follow the link at Adobe's ColdFusion Support Center.
Using cfcompile.bat
The cfcompile.bat utility will compile all .cfm and .cfc files within a given directory into Java bytecode. This has the effect of making your source code unreadable, and it also prevents ColdFusion from having to compile your ColdFusion files on first use which provides a small performance enhancement.
Cfcompile uses the following syntax:
- Example:
c:\ColdFusion11\cfusion\bin\cfcompile.bat -deploy HOSTEKWEBROOT SOURCE COMPILED
(If your site and local installation use ColdFusion 10, be sure to update the path to cfcompile.bat accordingly.)
In the above example, make the following changes:
- HOSTEKWEBROOT should be the path to your site's wwwroot folder at Hostek.
- Eg: d:\home\mysite.com\wwwroot
- SOURCE should be the path to the un-compiled ColdFusion site files on your computer.
- Eg: c:\SOURCE
- COMPILED should be where cfcompile.bat will save the compiled ColdFusion files.
- Eg: c:\COMPILED
Once cfcompile.bat has finished executing, you can copy the contents of your COMPILED directory to your site's Web root at Hostek (through FTP). Once the compiled files have been uploaded, ColdFusion will begin using them immediately.
More details about using cfcompile.bat can be found in ColdFusion's Documentation.
Using cfencode.exe
The cfencode.exe utility will apply basic encryption to a specific file or directory. If used to encrypt a directory, it will apply encryption to ALL files in the directory which can break any JS, CSS, images, or other non-ColdFusion files. As such, use the following directions to encrypt ONLY your .cfm and .cfc files:
- Use robocopy to copy only your site's .cfm and .cfc files to a temporary working directory. If you do not have robocopy, it can be easily installed as part of the Windows Server Resource Kit.
- Example:
C:\Program Files (x86)\Windows Resource Kits\Tools\robocopy.exe c:\SOURCE c:\ENCODED *.cfm *.cfc /E
(Where SOURCE is the location of your unmodified site files, and ENCODED is your temporary working directory)
- Example:
- Run cfencode.exe against the files in your temporary working directory
- Example:
c:\ColdFusion11\cfusion\bin\cfencode.exe c:\ENCODED /r /v 2
(Where ENCODED is the path to your temporary working directory from the previous step)
- Example:
- At this point, you can copy the contents of c:\ENCODED to your site at Hostek (through FTP), and the server will begin using the encrypted versions of your .cfm and .cfc files immediately.
Note: Encrypting your site files with cfencode does not guarantee absolute security of your source code, but it does add a layer of obfuscation to help prevent unauthorized individuals from viewing the source.