RE: Scrambling Data

Mon, 15 Dec 2003 12:39:55 -0800

Sonofa....

Learn something new every day.  Jeez.

Thanks Tom.

OK, so let me change that... if you'd like to hash using a different
(non-MD5) algorithm, check out the Dev Exchange 8^).

--
Mosh Teitelbaum
evoch, LLC
Tel: (301) 942-5378
Fax: (301) 933-3651
Email: [EMAIL PROTECTED]
WWW: http://www.evoch.com/

-----Original Message-----
From: Tom Kitta [mailto:[EMAIL PROTECTED]
Sent: Monday, December 15, 2003 2:27 PM
To: CF-Talk
Subject: RE: Scrambling Data

How about hash()?
http://livedocs.macromedia.com/coldfusion/6/CFML_Reference/functions-pt1113.
htm#1105551

I think this together with some salt should be fine for most users.

TK
  -----Original Message-----
  From: Mosh Teitelbaum [mailto:[EMAIL PROTECTED]
  Sent: Monday, December 15, 2003 2:19 PM
  To: CF-Talk
  Subject: RE: Scrambling Data

  Hatton:

  I prefer salting and hashing passwords stored in a database.  The hashing
  provides one-way encryption and the salting protects against people who
have
  the same password.  MSDN has a good intro to password security at
  http://msdn.microsoft.com/msdnmag/issues/03/08/securitybriefs/default.aspx

  ColdFusion doesn't have any built-in hashing functions but there are some
  good CustomTags available at the Dev Exchange that do hashing.

  --
  Mosh Teitelbaum
  evoch, LLC
  Tel: (301) 942-5378
  Fax: (301) 933-3651
  Email: [EMAIL PROTECTED]
  WWW: http://www.evoch.com/

  -----Original Message-----
  From: C. Hatton Humphrey [mailto:[EMAIL PROTECTED]
  Sent: Monday, December 15, 2003 1:43 PM
  To: CF-Talk
  Subject: Scrambling Data

  I am working out a database schema for an intranet and need to figure out
  some way to mask the password field in the users table from simple SELECT
  grabs.

  I know that CF has some built-in encryption tools but I can't remember
what
  they are.  Can someone point me in the right direction?

  At this moment I'm just trying to figure out what to store in the
database.
  I know I'll need a field for the password but do I need to also provide a
  field for a key or key pair?

  Thanks!
  Hatton

  ---
  Outgoing mail is certified Virus Free.
  Checked by AVG anti-virus system (http://www.grisoft.com).
  Version: 6.0.548 / Virus Database: 341 - Release Date: 12/5/2003
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]

Reply via email to