What you need to do is take the input password and encrypt it in the same way that the database password was originally encrypted. Then do a string compare on the two of them.
Typically when you store passwords you don't encrypt them, you hash them. Encryption is symmetric; encrypted things can be decrypted. Hashing is one-way; once something is hashed there is no way to get back to the original, but you don't lose the identity of the original (since a given input will always generate the same hash). This makes it perfect for passwords (though it is usually combined with "salt" to prevent dictionary attacks). cheers, barneyb On Tue, Jan 5, 2010 at 7:59 PM, Nathan Chen <nathan.c...@cu.edu> wrote: > > All: > > > > I need to query an Oracle user table where username and encrypted > password are stored. I need to compare the user input password with the > encrypted password in the table. Can the CF Decrypt function do the > work? Can someone give me a pointer? > > > > Nathan > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329430 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
