Can IIS be hacked in any fashion or form to where RAW is displayed? Today I was told that it is possible to view RAW Server Side code by using a apache webserver and some type of "GET" statement. Just wanted to know if this is true or not.

I've sure there have been exploits that allow you to do this in some fashion. You would also see source code if the directory in IIS you are accessing has does not have script permissions set.

There is a cfencrypt.exe tool that (I can't remember the exact name), but it encrypts the .cfm files, and you can put these on your production environment. There is a decrypt tool floating around out there, but at least the common user would not be able to see the code by mistake.

I really wish, CF Admin had some kind of option that makes the server overwrites your templates, with some kind of reference to the class files. This way your code would not actually be on the server, except for the first time it was processed. This wouldn't be too far off from what actually goes on now. MX doesn't even use the .cfm files unless it is new.

Ask and sometimes you'll actually receive.

Blackstone the next version of CF will have sourceless deployment. Not sure exactly how it will work. But I imagine it will be some kind of Java WAR/EAR file that gets deployed on the server. I have no idea how this will work out with shared hosting, but I guess we'll find out.

you could parse the query_string:


place the above in your application template and if any query_strings are found containing "GET" the process will abort.