Ask a Jedi: Encrypting ColdFusion Templates

This post is more than 2 years old.

Here is a great question:

Does anyone encrypt their templates anymore? Someone once told me this was a good practice to do on production servers.

First off - I don't think this is a good idea for production servers per se. The idea behind encrypting templates was to protect your intellectual property. So for example - one could write a custom tag, encrypt it, and share it with the world. Of course, the Open Source Zealots would be down your throat (grin), but it was an option. Unfortunately, the encryption used to encrypt templates wasn't very strong. It was broken years ago. It would stop honest people, but then again, honest people respect copyrights anyway. CFMX7 allows for sourceless deployment - so that is an option.

To be honest - I don't worry about it. All of my code is free, period, I just guilt folks into buying crap from my wish list. In theory someone could steal my code and put their name on it - but I'd be willing to bet it would be noticed. At the company level, Mindseye uses a contract to control our intellectual property. Also, many of our ColdFusion-based clients actually like to be able to modify the code. So my gut answer is to tell you to either use the law - or don't worry about it.

I'd be very curious to see if any of my readers still worry about encrypting templates.

Raymond Camden's Picture

About Raymond Camden

Raymond is a developer advocate for HERE Technologies. He focuses on JavaScript, serverless and enterprise cat demos. If you like this article, please consider visiting my Amazon Wishlist or donating via PayPal to show your support. You can even buy me a coffee!

Lafayette, LA