I tried this <cfset id = encrypt(member.new_id, getKey.skey, "DES", "Hex" )>
with storing the key in the database and I get An error occurred while trying to encrypt or decrypt your input string: '' Can not decode string "[my_secret_key]".. when I take out the "DES" and "Hex" I get a string I can't decode... something like %' ,(SP< (with no URL encoding).. On Tue, Sep 6, 2011 at 9:06 AM, Cameron Childress <[email protected]> wrote: > > On Tue, Sep 6, 2011 at 9:53 AM, Greg Morphis <[email protected]> wrote: > >> All I'm doing with it is encrypting the user's ID so they don't see >> "1003" and then try to mess with it and change it to 2003 or 134567.. >> all it is is the user's ID encrypted. >> > > If I am understanding what you are doing, I'd be able to change someone > else's password if I knew the page to visit. If you give me a public URL to > test I can show you how. :) > > >> I just ran 5 iterations of this and not once did it tell me that one >> didn't equal the other > > > That may be, but it's not really an accurate representation of what you are > doing. If you are sending it via email, I could see it getting double > URLencoded perhaps... To simulate your problem, you might try saving the SK > as a session var too, then going through the entire email process, clicking > the link in the email, and THEN outputting and comparing the session SK with > the URL SK values. > > I am not sure what the difference would be, but doing that would likely > expose it to you. > > -Cameron > > -- > Cameron Childress > -- > p: 678.637.5072 > im: cameroncf > facebook <http://www.facebook.com/cameroncf> | > twitter<http://twitter.com/cameronc> | > google+ <https://profiles.google.com/u/0/117829379451708140985> > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:347230 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
