If you use Encrypt, you will need the same key to Decrypt the data back. There are multiple types of encryption that CF supports, so you may want to research into which one fits you best.
You may want to look up the ideas of adding an additional string to your encryption. A good idea is to have a UUID and a the string you want to encrypt concatenated together to provide that much more level of complexity to decrypt. I have heard this called "adding salt." Also, when you pass the value to some action page, it is in clear text, so you might want to put the process to encrypt a string for DB insertion in a SSL encrypter folder. I have seen the key stored in the application.cfm and .cfc files for ease of decryption or stored in a file that is not in the webroot. Either way, you need to make sure it is not stored in a publically accessible area. Teddy On 9/25/06, Ray Champagne <[EMAIL PROTECTED]> wrote: > > So, first time I've ever ran into the need to encrypt data in my DB, and I > already have a question. When using the Encrypt function in CF, one must > supply a key, I'm using the GenerateSecretKey function to get said > key. My > question is, once I've stored the encrypted field in the database, where > do > I store the key so that I can use the decrypt function on the other side > to > retrieve the data? Should generate a new key for every string, or use one > that will work on the entire DB? Never been down this road before, so any > pointers would be helpful. > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254119 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
