I've been tasked with creating a deployable version of a ColdFusion web app to be installed on a clients server. I'm trying to find a way to give them a compiled version of our code, and my first inclination was to use the CFCompile utility that I found here. However, after running CFCompile, most of the code in the CFM files is still readable. The only thing that appears to be obfuscated at all is the actual ColdFusion code - all of the SQL Queries are still perfectly readable. (Example in the screenshot below)
The HTML and JavaScript are also still readable in the compiled code, but that doesn't matter as those can be seen in a web browser anyways.
Is there another way to distribute my source code in a format that is completely unreadable to the user? I'm guessing that for whatever method I choose, there will be some way of decompiling the code. That's not an issue, I just need to find a way to make it more difficult than opening the file and seeing the queries.
Hostek has a pretty good write up on the subject over on their site - How to Encrypt or Compile ColdFusion Files.
Basically, from that article:
Using cfcompile.bat
The cfcompile.bat utility will compile all .cfm and .cfc files within a given directory into Java bytecode. This has the effect of making your source code unreadable, and it also prevents ColdFusion from having to compile your ColdFusion files on first use which provides a small performance enhancement.
More details about using cfcompile.bat can be found in ColdFusion's Documentation
Using cfencode.exe
The cfencode.exe utility will apply basic encryption to a specific file or directory. If used to encrypt a directory, it will apply encryption to ALL files in the directory which can break any JS, CSS, images, or other non-ColdFusion files.
They do also include this note at the bottom:
Note: Encrypting your site files with cfencode does not guarantee absolute security of your source code, but it does add a layer of obfuscation to help prevent unauthorized individuals from viewing the source.
The article goes on to give basic instructions on how to use each.
Adobe has this note on their site regarding cfencode:
Note: You can also use the cfencode utility, located in the cf_root/bin directory, to obscure ColdFusion pages that you distribute. Although this technique cannot prevent persistent hackers from determining the contents of your pages, it does prevent inspection of the pages. The cfencode utility is not available on OS X.
I would also add that it will be trivial for anyone familiar with ColdFusion to decode anything encoded with this utility because they also provide the decoder.
We have inherited a silverlight application used in banks. This is a huge silverlight application with a single xap file of 6.5MB size.
Recently one the core banking applications has updated their services to delete the entire browser cache from the users machine on daily basis.
This impacts the silverlight application directly. We cannot afford to download the 6 MB file every day. On a long term basis I know we need to break this monolith in to smaller manageable pieces and load them dynamically.
I wanted to check if there are any short term alternatives.
Can we have the silverlight runtime load the xap in to different director ?
Will making the application Out of Browser application give us any additional flexibility in terms of where we are loading the xap from ?
Any other suggestions which can help us to give a short term solution will be helpful.
What is inside your xap file ? (change extension to .zip and check what is inside)
Are you including images, sound inside your xap file ?
Are all dlls used necessary ?
Short-term alternatives are :
do some cleanup of your application (remove unused dlls, images, code,...)
rezip your xap file using a more powerful compression tool to save some place
Also, some tools exists to "minify" the size of your xap file. (but I never tried them)
Here is a link that has helped me to reduce my xap size :
http://www.silverlightshow.net/items/My-XAP-file-is-5-Mb-size-is-that-bad.aspx
Edit to answer your comment :
I would suggest using the Isolated Storage.
Quote from http://www.silverlightshow.net/items/My-XAP-file-is-5-Mb-size-is-that-bad.aspx :
Use Isolated Storage: keep in cache XAP files, DLL’s, resources and application data. This won't enhance the first load of the application, but in subsequent downloads you can check whether the resource is already available on the client local storage and avoid downloading it from the server. Three things to bear in mind: It’s up to you building a timestamp mechanism to invalidate the cached information, by default isolated storage is limited to 1 Mb size (by user request it can grow), and users can disable isolated storage on a given app. More info:Basics about Isolated Storage and Caching and sample.
Related links :
http://msdn.microsoft.com/en-us/magazine/dd434650.aspx
http://timheuer.com/blog/archive/2008/09/24/silverlight-isolated-storage-caching.aspx
I just purchased and installed a application from 3 Cds using registration key in pendrive. After installation, I just got a MFC Application (.exe). When i viewed the files, I found a data folder inside which I found many .scd files. The data is accessible within the application.
Now I would like to extract that scd files and need those data alone
separately.
I tried with FileViewPro, Scribus and many exe reader Software, but not successful.
Please someone help me to read the .scd files to extract the data from it.
Thanks in Advance,
First of all, please clarify what is the MFC application you are referring to? Was it installed? How do you know that it is MFC app?
Secondly, by giving just a file extension you do not provide enough information about a file. it could be MD scheduler, MS system management, TurboTax and many more.
The only way to do what you need is to find an application that does that or learn about a file format from documentation and write your own application.
It may be impossible if the file is proprietary format and there is no documentation released.
Collecting the admin-media files from different django application is one of the not-so-good things about django. Usually you have to file copying from the module distributions to your directory every time one you install/update/remove a module.
When you are using several django application that do have their own media/admin files, some of them even overriding others you need a proper way of collecting them and building a correct media directory.
A proper solution should be able to recreate the directory by collecting the required files
from the modules in a specific order, allowing them to override each other.
Useful links
Proposal: installmedia command - A story for distributing media with apps
What solution do you have for this issue?
I just stack multiple Alias directives one on top of each other, grafting the media to the appropriate place on the tree.
For the moment the best solution I found was to use http://djangosnippets.org/snippets/1068/
but I'm still looking for better approaches.
IMPORTANT: The accepted answer was accepted post-bounty, not necessarily because I felt it was the best answer.
I find myself doing things over and over when starting new projects. I create a folder, with sub-folders and then copy over some standard items like a css reset file, famfamfam icons, jquery, etc.
This got me thinking what the ideal starting template would be. The reason I'm asking is that I'm going through once again and am wondering what I should include in my template so that I don't have to go back in the future and do this all over again with every new site I start.
What I currently have follows:
Project Template Folder
index.html -- XHTML 1.0 Strict Doctype. Meta Tags. CSS/js Files Referenced.
css/
default.css -- Empty. Reserved for user-styles.
960/ -- 960 Grid System for CSS Layouts.
960.css
reset.css
text.css
js/
default.js -- Empty. Reserved for user-scripts.
jQuery/ -- Light-Weight Javascript Framework
jquery-1.3.1.min.js
img/
famfamfam/ -- Excellent collection of png icons
icons/
accept.png
add.png
...etc
I have a similar structure and naming convention but for CSS, I use BluePrint which I find is more extensible. Also prefer jQuery having recently switched from prototype. In addition I have a common.js file that is an extension with custom functions for jQuery.
A /db/ folder with .sql files containing schema definitions. A /lib/ folder for common middle-tier libraries.
I will also have a /src/ folder which will sometimes have raw files such as Photoshop templates, readme's, todo lists etc.
If you have a lot of projects with a lot of static content in common (e.g. jquery, css framework, etc) make yourself a media server to serve all these. Then, instead of creating a bunch of folder structure from a "template" all you do is include the right files in your project's html. If you really want a template, your template becomes one html file instead of a directory structure.
This also gives you an easy way to update the static media for your sites (e.g. moving to the next version of 960). you only have to do it in one place. Of course, you still have to make sure that your updates don't break existing sites! :)
You can make the scheme a bit more complicated if certain projects have overlapping needs but are different from others. Just have a directory at the top level of the server for each setup and to each setup corresponds one html "template". The main idea is to have to deal with only one copy of everything that is common.
You can certainly do this on a small VM (e.g. linode) for $20/mo or a virtual web-server on your current web server. You don't really need a server, for that matter, you just need a folder. However, I think you can have some significant performance gains by having a dedicated media servers. I'd recommend using a fine-tuned apache or nginx for this purpose.
As for site-specific static files, it is also a good idea that they live on the media server and the directory structure would probably be exactly what you have, but they would/should be empty directories.
My web development framework sits in a git repository. Common code, such as general purpose PHP classes gets developed in the master branch. All work for a particular website gets done on a branch, and then changes that will help in future work get merged back into master.
This approach works well for me because I have full revision control of all the websites, and if I happen to fix a bug or implement a new feature while working on a branch I can do the merge, and then everything benefits.
Here's what my template looks like:
/
|-.htaccess //mod_rewrite skeleton
|-admin/ //custom admin frontend to the CMS
|-classes/ //common PHP classes
|-dwoo/ //template system
|-config/ //configuration files (database, etc)
|-controllers/ //PHP scripts that handle particular URLs
|-javascript/
|-tinyMCE/
|-jquery/
|-modules //these are modules for our custom CMS
|-news/
|-mailing_list/
|-others
|-private/ //this contains files that won't be uploaded (.fla, .psd, etc)
|-.htaccess //just in case it gets uploaded, deny all
|-templates/ //template source files for dwoo
I use a similar layout, but with one major exception: all of these directories live under a top-level media/ directory. This is for a few reasons:
This directory is rsync'd to two other servers which handle all of the static media requests.
Having multiple hosts allows some browsers to make more parallel requests for support files.
The media/ directory has its own .htaccess file which strips off a psuedo directory from the path which is the date-time last modified of the image (or whatever).
A custom template tag (I have used this with 2 Django projects, but you could do it in PHP, etc.) generates urls which a) semi-randomly choose one of the media servers, b) add the time-based pseudo directory to the path, and c) give the object an Expires time of now + 10 years.
I think the structure is good. The addition of a few other folders depends on what type of work you are completing.
For freelancing and the like, the addition of PSD folders, client comments would be a nice addition.
A very MS skewed view, but my SOP right now is along the lines of:
documentation/
architecture/ (what you might call code documentation)
communications/ (important client docs)
spec/
whitepapers/
graphics/
*.psd
source/
com.mycompany.projectname.solutionA/
com.mycompany.projectname.solutionB/
com.mycompany.projectname.solutionC/
com.mycompany.projectname.solutionX/ (project in the business sense here)
businesslogic/
*.cs (or whatever)
(further projects - in the visual studio sense)
site/
handlers/ (rarely do I use actual .html these days)
modules/
resources/
img/ (pngs jpegs, gifs whatever)
skin/
icons/
backgrounds/
js/ (compressed when published)
library/ (standard code)
common/ (app specific code)
*.js (app specific code, hopefully nil)
css/
skinX/ (even if there is only "default")
extension.css
base.css
transforms/(always hidden from public by config or build process)
*.xslt
unittests/
mocks/
testmain.cs (or whatever)
thirdparty/
dependencies
I definitely love the idea of having a skeleton template folder like this, but if you use a few different technologies, definitely pay close attention to the structure. My VB.net folder structure has a totally different setup compared to PHP. It sounds like common sense, but I have seen people approach both the same way.
At work we use Code Igniter as a PHP framework for our web applications and have created a new project template which does exactly that: Simple directory structure, Blueprint CSS, jQuery and the Code Igniter application folder, filled with a couple of commonly used libraries (Authentication, some speciales models for often used databases...).
The main motto here is: It's always easier to delete components than to add them. So fill your template up.
(And when I'm starting a new project in my spare time I sorely miss that template...)
I think what you have here is great.... What you've listed is of course all about the public front end of your app. My only addition to this, is to keep all your backend code and source out of the public web space if possible, as the less things you have in the public space, the more secure your app is.
So I'd suggest you take your entire tree, and put it in:
httpdocs/(all you had in your project template folder)
then put all your backend code (e.g. php libraries, sql files, etc) in adjacent subdirectories:
httpdocs/(all you had in your project template folder)
phplibs/
sql/
etc.
And, even for your front end stuff, make sure you don't copy in any example files that may come with your front end libraries, as the examples themselves may have security problems that would allow people to XSS or otherwise compromise your site.
I have been using the following setup for a while now with great results:
/site: This is where my actual working website will live. I'll install my CMS or platform in this directory after the templates are created.
.htaccess (basic tweaks I usually find myself enabling anyway)
robots.txt (so I don't forget to disallow items like /admin later)
/source: Contains any comps, notes, documents, specifications, etc.
/templates: Start here! Create all static templates that will eventually need to be ported into the CMS or framework of /site.
/behavior
global.js (site-specific code; may be broken out into multiple files as needed)
/media: Images, downloadable files, etc. Organized as necessary
/style: I prefer modular CSS development so I normally end up with many stylesheet for each unique section of the website. This is cleaned up greatly with Blender - I highly recommend this tool!
behavior.css (any styling that requires a JS-enabled browser)
print.css (this eventually gets blended, so use #media print)
reset.css (Eric Meyer's)
screen.css (for #media screen, handheld)
/vendor: all 3rd party code (jQuery, shadowbox, etc.)
Blendfile.yaml (for Blender; see above)
template.html (basic starting template; can be copied and renamed for each unique template)
I like OPs as a default start point. your standard template should err on simplicity, with the ability to add complexity only if it's needed.
one addition:
/robots.txt