Binary Deployment of ColdFusion Applications

I saw some talk on the BACFUG list today about binary deployment of ColdFusion applications. I know this has been discussed at length in the past, but I would like to get some fresh feedback about what people are looking for. Specifically:

  1. Are you just looking for a convenient way to deploy your ColdFusion applications?
  2. Are you looking for a secure way to distribute your applications (which implies encryption or obfuscation in addition to compilation)?
  3. Would it be enough to just deploy Java byte code, even though Java byte code can easily be decompiled (in other words, is it just the CFML that you want to protect, or the CFML and the Java source code)?
  4. In what circumstances would you find this feature useful, and do you think your clients would go for it?

Thanks for the input!

14 Responses to Binary Deployment of ColdFusion Applications

  1. John Farrar says:

    Deploying applications is to general. Deploying sites is not the same thing as deploying applications. A site may have a faq program, a shopping cart program, and more… and they all together make up the site.So… if we had a binary deploy… it should have modular intelligence to allow actual functional applications to be deployed within the site.

  2. Steve says:

    In my personal opinion and from what I have typically heard from peers the protection of the CFML is the number one reason that deploying compiled code is sought after. Even though the Java Byte code could be decompiled, you wouldn’t end up with beautiful formatted CFML that would be easy to steal or worse modified to bypass your license security code. That said, the more secure the code could be to prevent that, the better. I also think that most people wanting this situation are delivering code to customers or to production/hosted environments where they feel they are at risk of having their code stolen. In this scenario, losing things like lines of raw code in error messages or even debug would not be a big deal. As for what the clients think, that all comes down to how you license your code to them. Open or closed source.

  3. Anthony says:

    I agree with Steve, anything is better than giving out the CFML. Especially when the code will end up on a server you don’t have full control over.

  4. Ted Patrick says:

    Christian,I would like to see the ability to package CF/Java apps/components including license management and activation. Ideally and end user could select an application, install the app, and license it inside the CF/JRUN manager. It would work identically to the try/buy framework for Central but on the server side. Currently server applications are difficult to sell due to the high % of piracy and dificulty in installation/configuration. Make installing and licensing server software easy and the 3rd party market for JRUN/CF will bloom. my 2 cents.ted 😉

  5. Pete Freitag says:

    Hi Christian,I’d like to be able to package an application and be able to specify in something like a web.xml file relative CustomTag paths, java classpaths, CFX tag settings, datasource settings, global variables, and any other application specific info.

  6. Tarantor says:

    I do not want to share my codes with my customers. I can create a project for their needs but that does not mean that they can edit my codes later and make new projects for themselves or their customers.I just want to sell projects, not my know-how.

  7. Samuel Neff says:

    I’m primarily interesetd in being able to distribute code without source. Although Java can be easily decompiled from the class files, that is not really modifiable or subject to theft–it’s pretty hard to use Java generated by CF.I think one of the reasons why this is such a big issue is that it was actually promised. Ben Forta even demonstrated it at DevCon 2001 in front of hundreds of people.Guess now I understand why MM doesn’t talk about future products. 🙂

  8. Christian Cantrell says:

    I don’t know anything about Ben’s demonstration, but in general, you are right, Sam. This is one of the best reasons why we don’t discuss future products or features. You never know what is going to happen. Imagine if we discussed or demonstrated something that was big enough to have affected our stock price. We would have much bigger problems than some angry developers.

  9. Jim Biancolo says:

    I realize this is kinda pie-in-the-sky, but I’d like the ability to create completely self-contained distributable CF applications that include the CF runtime itself, and the built-in web server. This would make it possible to create “desktop website” style applications and distribute them to users that don’t run CF servers. In effect, CF becomes a language for developing client-side apps rather than just being a server-side tool. Of course, hopefully this “distributable CF” scheme would create installers smaller than the 100+ MB install needed for the CF proper. 🙂

  10. Geoff Bowers says:

    For what it’s worth, I saw Ben do the demo at DevCon. He was showing that CF compiles to class files and runs from the Java rather than CF templates. Deleting the templates was supposed to “prove” beyond doubt that it was running as Java *not* a promise that the code could be distributed as binary.

  11. Christian Cantrell says:

    Thanks for the clarification, Geoff. I suspected there was more to that story.Christian

  12. Scott Keene says:

    I’d like to be able to jar and distribute CFC packages as single units. (So I too am interested in releasing code without source, at least for CFCs.)

  13. Jason Clark says:

    I’d like to see some degree of obfuscation beyond what exists at this time. Whether it’s java byte code, or some other format doesn’t really matter. The average coldfusion developer is not going to be able to untangle java byte code and understand the architecture of the application in CFML. Nothing is hack proof, but there needs to be something more robust than CFENCODE.Cheers

  14. Buy.com says:

    I would like to see the ability to package CF/Java apps/components including license management and activation. Ideally and end user could select an application, install the app, and license it inside the CF/JRUN manager. It would work identically to the try/buy framework for Central but on the server side. Currently server applications are difficult to sell due to the high % of piracy and dificulty in installation/configuration. Make installing and licensing server software easy and the 3rd party market for JRUN/CF will bloom. my 2 cents.