One thing about hash() is that a hash created from another system will not work in CF. Been there with regard to having a user want to import hashed passwords from a linux system (php?) into a copy of AccessMonger he bought from me.
I'm pretty sure a tag just showed up at the MM devex that purports to hash something in *n*x format. If portability is a concern give that a look. As for your questions: 1. Salted hash using CF's hash() function and a UUID I place in the file. A lot of times I plant a UUID in a record as part of the initial creation process and I find they are useful for all sorts of things down the road; this being one of them. 2. Nobody gets to 'see' their password as its a)waaay bad for security and b)an admin who can see a password can be bothered by a zillion users who have forgotten their password. Instead I give the user the ability to recover their own password in a self-service process. User keys in their email address and gets an encrypted, timed link (good for 24 hrs) back to the server. The link is emailed to them. When they click on the link they are given a password reset form, and asked a secret question. Answer the question right and the reset is considered authentic and goes thru. The question is set up the very first time a user visits the system. I like to send them a 'welcome' email that sends them the encrypted link described above. This lets them pick their password and explains the hint/answer scene; letting them pick their question (whatever they want) and answer. -- --mattRobertson-- Janitor, MSB Web Systems mysecretbase.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:201902 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
