If someone can get access to your DB and the password field, is your problem bigger than that they found out users passwords? I don't encrypt/hash passwords now because of the perhaps mistaken view that if they can access database fields outside of the control of my program then they can easily break any scheme that I apply either through brute force or by finding the appropriate code. I do password protect access to the database.
Is this a good assumption/plan or should I also encrypt sensitive fields such as PW and credit card numbers Andy -----Original Message----- From: Tilbrook, Peter [mailto:[EMAIL PROTECTED] Sent: Monday, February 24, 2003 5:17 PM To: CF-Talk Subject: Password fields in MS SQL Server 2000 Hi there, Just wondering if there is a setting in SQL Server to hide password fields like in MS Access. At the moment the fields are just nvarchar which sort of defeats the purpose of having a password field in the database (even using SSL for logging in). Thanks! == Peter Tilbrook Internet Applications Developer Australian Building Codes Board GPO Box 9839 CANBERRA ACT 2601 AUSTRALIA WWW: http://www.abcb.gov.au/ E-Mail: [EMAIL PROTECTED] Telephone: +61 (02) 6213 6731 Mobile: 0439 401 823 Facsimile: +61 (02) 6213 7287 ********************************************************************** The information contained in this e-mail, and any attachments to it, is intended for the use of addressee and is confidential. If you are not the intended recipient, you must not use, disclose, read, forward, copy or retain any of the information. If you have received this e-mail in error, please delete it and notify the sender by return e-mail or telephone. The Commonwealth does not warrant that any attachments are free from viruses or any other defects. You assume all liability for any loss, damage, or other consequences which may arise from opening or using the attachments. ********************************************************************** ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
