Re: Adding Salt and Password Hash to existing acocunts

Wed, 06 Mar 2013 07:31:42 -0800 

Here you go.

<Cfquery name="GetUserPasswords">
select memberid, password from users
</cfquery>
<cfoutput>#getUserPasswords.RecordCount#</cfoutput><!---Just to see how
many we have --->
<Cfset salt = ''/>
<cfset newpassword = ''/>
<Cfset count = 0/>
<cfloop query="GetUserPasswords">
<cfset salt = generateSecretKey("DESEDE" )/>
<Cfset newpassword = hash( hash(password[currentrow]) &
user.salt,"SHA-256","us-ascii")/>
 <cfquery name="updateUser">
UPdate users set password = '#user.password#', salt = '#user.salt#'
where memberid = '#memberid[currentrow]#'
 </cfquery>
<Cfset salt= ''/>
        <cfset newpassword = ''/>
<Cfset count = count +1/>
</cfloop>
  and we changed <cfoutput>#count#</cfoutput>

Again, you will want to change one account and test it to make sure that
your login routine will validate the password and login the user.  Then you
can just run this on the whole table, no muss no fuss.  You won't have to
make the users change anything, their passwords will just be secure.  You
will also have to come up with a Forgot Password routine, since the
passwords are irretrievable.

Cheers,

Rob


On Wed, Mar 6, 2013 at 9:33 AM, Torrent Girl <[email protected]> wrote:

>
> >When I performed this same task a few months ago, I basically wrote a page
> >that did all the salting and updating as a loop.  Obviously I had decided
> >on the actual process for login and tested it to make sure it worked.  I
> >just increased the size of the password column, added a salt column and
> ran
> >all users through the salting processing page.  I can find the code if you
> >are interested.
> >
> >Rob
> >On 2013-03-05 7:15 AM, "Torrent Girl" <[email protected]> wrote:
> >
> >>
>
>
> Rob that would be GREAT.
>
> Thank you
>
> 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354852
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Reply via email to