On 3/5/2013 7:15 AM, Torrent Girl wrote: > > Hello all > > I am implementing salt/password hash to an application that is being > redeveloped. > > Adding salt/hash to newly created accounts is going well but of course there > are hundreds of existing accounts. > > What would be the best practice for adding salt/hash to all of the existing > records?
A field for PasswordExpiration or MustResetPassword in the database is helpful for this and other things. You can check on login to see if it is set and force a password change. I've used both in different situations. That way, you can force the issue once you have your salt-hash function set up. -- LinkedIn: http://www.linkedin.com/pub/8/a4/60 Twitter: http://twitter.com/RogerTheGeek Google+: https://plus.google.com/117357905892731200369 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354824 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm