One way hash on passwords definitely the way to go...
-----Original Message----- From: S. Isaac Dealey [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 25, 2002 10:05 AM To: CF-Talk Subject: RE: Client Database question > Basically, this is why I've never set usernames and passwords as > client variables. However, not allowing SELECTs would stop anyone > from stealing them in this manner. I just always figured that > restricting SQL operations would also restrict CF from SELECTing, and > UPDATEing. But some testing shows it doesn't affect CF in writing or > accessing client variables. I wold still avoid setting either username or password as client variables personally... and tend to hash() passwords as they're going into the db also. For that matter, if I wanted to be particularly strict about security, I would hash the usernames also, :) since I never display the usernames. ( i.e. like AOL/AIM's login with your screenname that's readily available to everyone. ) Isaac Dealey www.turnkey.to 954-776-0046 ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
