does salting a hashed password really make a difference? Is the goal such that if a hacker gets to the database they won't have the salt used to hash the pw making it more difficult to crack the pw? Just curious...
Thanks, mike -----Original Message----- From: "Barney Boisvert" <[email protected]> Subj: Re: Beefing up authentication Date: Wed Jan 14, 2009 6:23 pm Size: 1K To: cf-talk <[email protected]> When you say "beef up" what do you mean? What is the business objective? For the basics, make sure you're storing passwords as salted hashes. Beyond that, it'll depend on what the goal is. cheers, barneyb On 1/14/09, Doug Smidt <[email protected]> wrote: > The small company I work for has been discussing different options to beef > up our authentication. Currently, we're just an old fashioned enter > username/password, check user table, login if credentials match system. > We've been exploring options, but I was curious as to what other companies > are up to these days. I'm looking to see what has worked, what hasn't, what > was inexpensive but effective, expensive but awesome, and anything in > between. > > We're also considering two-factor authentication, most likely using RSA > SecurID (key fob). If anyone has any experience with implementation of this > (CF or otherwise), I'd love to hear anything you could tell me about your > experience. > > I realize it's a broad topic, so if anyone has a question that might lead me > to getting better info, please don't hesitate to ask. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:317971 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
