What is the error message? I don't think it matters where you generate
your key. Are you generating a new key on each page request or have
you hard-coded a key in the request scope?
You could generate a secret key for each user session, which would be
more secure than generating a key once an using it everywhere,
assuming you are only using the encryption to secure form variables
and url variables within a user session.
<cffunction name="OnSessionStart" access="public" returntype="void" output="no">
<cfset session.sessionKey = GenerateSecretKey("BLOWFISH")>
</cffunction>
-Mike Chabot
http://www.linkedin.com/in/chabot
On Sun, Jun 20, 2010 at 7:32 PM, Matthew P. Smith <[email protected]>
wrote:
>
> <cfset attributes.form.value = decrypt(attributes.form.value,
> request.encryption.secretkey, request.encryption.algorithm,
> request.encryption.encoding)>
>
> Can't figure out why.
>
> Does it matter where you generate the key?
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:334669
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
