key string was available inside one of the admin templates. All you had to
do was decrypt the proper template, and you could get the key for decrypting
arbitrary admin passwords. That was in CF 4.5. I'd imagine that MM has
been clever enough to switch to a one way hash for the admin and RDS
passwords, but the datasource passwords must be decryptable so they can be
passed to the DB. Thus, the "decrypt the relevant cf admin template" attack
should still work for getting the encryption key of datasource. Of course,
decrypting the CF admin is a violation of the license agreement, but that's
your call to make.
Cheers,
barneyb
> -----Original Message-----
> From: Phill B [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, July 06, 2004 12:29 PM
> To: CF-Talk
> Subject: retrieve datasource password
>
> How can I retrieve a CF datasource password? Is it even possible?
> --
> Phillip B.
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
