Shaun Mccran

My digital playground

01
N
O
V
2010

Securing server side Coldfusion code with cfcompile

Posted By : Shaun McCran
Related Categories: Security, Coldfusion

If you ever need to protect your intellectual property, or you have suspicions that your code maybe be accessed on a server to be tampered with, then your best option is to compile your code base.

This article addresses how to use the cfcompile command, and what it actually does to your code base.

Running the cfcompile command will compile your Coldfusion code base into java bytecode. This means that the Coldfusion server engine will not have to compile it at run time.

The cfcompile command can be found in your 'cf_root/bin' directory (wherever you installed Coldfusion. To run it the syntax is as below:

view plain print about
1c:\coldfusion8\bin\cfcompile.bat -deploy
2c:\inetpub\wwwroot
3c:\Inetpub\wwwroot\normal
4c:\Inetpub\wwwroot\compiled

This code runs the compile command with a deploy option, this tells the command to create a deploy set of code. Next you list your webroot directory, then the source directory and finally the destination directory.

Be careful to specify different source and destination directories, and DO NOT do this to your real code base, as it is irreversible.

Comments Comments (13) | Send Send | del.ico.us del.icio.us | Digg It! Digg It! | Linking Blogs Linking Blogs |
Answer Questions
TweetBacks
Comments (Comment Moderation is enabled. Your comment will not appear until approved.)
[Add Comment] [Subscribe to Comments]
Adam Bellas's Gravatar Thanks, Shaun. This is great, I think I'm going to add this to my ANT script as things get deployed to the server farm. For those interested, here's a direct link to the CF9 docs on cfcompile: http://help.adobe.com/en_US/ColdFusion/9.0/Admin/W...
# Posted By Adam Bellas | 01/11/2010 14:22
Jason Haritou's Gravatar You mentioned that if you compile the code the CF server doesn't need to compile it at run time. Is there any significant speed improvement with this method?
# Posted By Jason Haritou | 01/11/2010 14:35
Shaun's Gravatar @adam, thats a pretty good idea, if you have an automated deployment routine that this could be integrated into, would be a seamless step in the chain then. Ideal as you really don't want to do this to code you ever need to change.

@Jason, you raise an interesting point. The file size after compilation is usually a fair bit larger than the normal cf code version, I'm not sure if that has an impact on load times (probably not). I may write a test or two to create a few thousand records in a struct and loop through them, and see what the time difference is.

I'd guess that it should be quicker.
# Posted By Shaun | 01/11/2010 14:43
Jason Haritou's Gravatar @Shaun, yeah I'd think it'd be marginally quicker since the compiler doesn't have to do as much work. Although tbh I think for most of us with simple push-pull apps (and when you break down most apps to their basic components, what isn't??), the work needed at compile time is tiny, if not insignificant.

Nice tip through!
# Posted By Jason Haritou | 01/11/2010 14:51
Ryan Stille's Gravatar Do you know why its necessary to specify the webroot? If you are already specifying a destination directory, why does it need to know the webroot?

What if I'm compiling a set of files for distribution, which will be used on my different servers with different webroots?
# Posted By Ryan Stille | 18/10/2011 11:39
Shaun McCran's Gravatar Hi Ryan,
Thats an intersting question. I'm not sure if the compile command needs to know the webroot because it is locating the compile.bat command or because it embeds a reference to the webroot location into the compiled java bytecode.

I'll try it on a small site and see if I can move it around my webroot and it still work.
# Posted By Shaun McCran | 18/10/2011 14:01
Ryan Stille's Gravatar Someone just informed me that the webroot argument is only for cfimport resolution. So if you aren't using cfimport in your code, there should be no problems compiling on a server with one particular webroot, then deploying the files on a server with a different webroot.
# Posted By Ryan Stille | 18/10/2011 14:41
E3-1240v2's Gravatar So if you aren't using cfimport in your code, there should be no problems compiling on a server with one particular webroot, then deploying the files on a server with a different webroot.
# Posted By E3-1240v2 | 19/12/2015 02:51
pure slim cleanse's Gravatar there should be no problems compiling on a server with one particular webroot, then deploying the files on a server with a different webroot.
# Posted By pure slim cleanse | 07/01/2016 01:05
Victorino Noval Foundation sets the record straigh's Gravatar I thought it was going to be some boring old post, but it really compensated for my time. I will post a link to this page on my blog. I am sure my visitors will locate that extremely useful...
# Posted By Victorino Noval Foundation sets the record straigh | 11/01/2016 01:03
packers and movers in pune's Gravatar but it really compensated for my time. I will post a link to this page on my blog. I am sure my visitors will locate that extremely useful...
# Posted By packers and movers in pune | 13/01/2016 22:06
jaipur to delhi cab's Gravatar So if you aren't using cfimport in your code, there should be no problems compiling on a server with one particular webroot, then deploying the files on a server with a different webroot.
# Posted By jaipur to delhi cab | 14/01/2016 03:56
http://brightcab.com/jaipur-to-ajmer-taxi/'s Gravatar it is very useful and knowledgeable. therefore. I would like to thank you for the efforts you have made in writing this article…
# Posted By http://brightcab.com/jaipur-to-ajmer-taxi/ | 04/02/2016 01:17
[Add Comment]
Back to top
Subscribe
Enter your email address to subscribe to this blog.


Associated links