Bob-
You store the password hashed. You're right, you can't decrypt it. When
someone attempts to login to the system, you hash their attempted password.
If that matches the hashed password in the database, then they're in. If
not, whatever they typed doesn't match the "dehashed" value in the database.
This allows you to authenticate users, but guarantee that nobody can "read"
their password.
Norman Elton
Information Technology
College of William & Mary
-----Original Message-----
From: Robert Everland III [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 17, 2000 5:55 PM
To: CF-Talk
Subject: RE: Storing passwords in database as one way hash
But if it's a one way hash, why do you need to store it, you can't decrypt
it. What is the purpose?
Bob Everland
-----Original Message-----
From: Jon Tillman [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 17, 2000 4:39 PM
To: CF-Talk
Subject: RE: Storing passwords in database as one way hash
Who ever said it is going to be used one time?
I need to securely store the passwords for several dozen competing users....
On Tue, 17 Oct 2000, Robert Everland spake thusly:
> Why even bother storing a password in a one way hash if it's only gonna be
> used one time?
>
> Robert Everland III
> Web Developer
> Dixon Ticonderoga
>
>
> -----Original Message-----
> From: Cameron Childress [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, October 17, 2000 2:32 PM
> To: CF-Talk
> Subject: RE: Storing passwords in database as one way hash
>
>
> > anybody know of anything that does such?
> > I am looking for pretty much the same functionality as a standard
> > *NIX login
>
> Look up the function Hash(). I think it was introduced in CF 4.5.
> Actually, I just looks at the online cfdocs and don't see it in there, but
> it is... maybe introduced in 4.5.1?
>
> There's also a CFX_HASH in the tag gallery that give many more options of
> hash types.
>
> -Cameron
>
> --------------------
> Cameron Childress
> ElliptIQ Inc.
> p.770.460.7277.232
> f.770.460.0963
>
> --------------------------------------------------------------------------
--
> --
> Archives: http://www.mail-archive.com/[email protected]/
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
> --------------------------------------------------------------------------
----
> Archives: http://www.mail-archive.com/[email protected]/
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
--
***********************************************
Jon Tillman
LINUX USER: #141163
ICQ: 4015362
http://www.eruditum.org
[EMAIL PROTECTED]
JAPH
***********************************************
Be alert, the world needs more lerts
***********************************************
----------------------------------------------------------------------------
--
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
----------------------------------------------------------------------------
--
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
with 'unsubscribe' in the body to [EMAIL PROTECTED]
