RE: Scrambling Data

Mon, 15 Dec 2003 11:58:59 -0800

Systems that I have worked with in the past stored the password in a simple
VarChar field.  Therefore anyone with access to the database could do a
simple SELECT from the users table and get the password.


I'll take a look at HASH() and see what it does.


Hatton

   _____  

From: Ian Skinner [mailto:[EMAIL PROTECTED]
Sent: Monday, December 15, 2003 1:47 PM
To: CF-Talk
Subject: RE: Scrambling Data

Not sure what you mean by a SELECT grab, but I usually HASH() my passwords.
Of course this means you can never "tell" a user their forgotten password,
you'll have to use a verified reassignment process.

--------------
Ian Skinner
Web Programmer
BloodSource
www.BloodSource.org
Sacramento, CA

-----Original Message-----
From: C. Hatton Humphrey [mailto:[EMAIL PROTECTED]
Sent: Monday, December 15, 2003 10:43 AM
To: CF-Talk
Subject: Scrambling Data

I am working out a database schema for an intranet and need to figure out
some way to mask the password field in the users table from simple SELECT
grabs.

I know that CF has some built-in encryption tools but I can't remember what
they are.  Can someone point me in the right direction?

At this moment I'm just trying to figure out what to store in the database.
I know I'll need a field for the password but do I need to also provide a
field for a key or key pair?

Thanks!
Hatton

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.548 / Virus Database: 341 - Release Date: 12/5/2003
   _____
   _____  

[HYPERLINK "http://www.houseoffusion.com/lists.cfm?link=t:4"Todays Threads]
[HYPERLINK "http://www.houseoffusion.com/lists.cfm?link=i:4:147116"This
Message] [HYPERLINK
"http://www.houseoffusion.com/lists.cfm?link=s:4"Subscription] [HYPERLINK
"http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=2581.2460.4"Fast
Unsubscribe] [HYPERLINK "http://www.houseoffusion.com/signin/"User Settings]

   _____  

HYPERLINK "http://www.houseoffusion.com/banners/view.cfm?bannerid=37" \n

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.548 / Virus Database: 341 - Release Date: 12/5/2003

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.548 / Virus Database: 341 - Release Date: 12/5/2003
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]

Reply via email to