Password expirations would definitely be the way I would have gone with
this.
If I didn't have that option id probably just hash them all with a single
update statement in SQL Server rather than involving CF at all.
update userTable set passwordColumn =
right(master.dbo.fn_varbintohexstr(hashBytes('MD5', cast(passwordColumn +
'mySalt' as nvarchar(max)))),32)
Then, to convert a submitted password to that in CF,
lcase(hash(passwordString & 'mySalt', 'MD5', 'UTF-16LE'))
On 3/7/13 3:00 PM, "Roger Austin" <[email protected]> wrote:
>
>---- Torrent Girl <[email protected]> wrote:
>
>> Did you have a problem with timeouts or out of memory errors?
>>
>> I have quite a bit of records
>
>This is why I suggested that you pre-expire everyone and have them update
>their credentials on next log in.
>It spreads out the load and you have to have the code anyway. You might
>check for a blank password field
>and then send them to change their password to the new salted hash
>version. Then, blank out the password
>field at the same time.
>--
>LinkedIn: http://www.linkedin.com/pub/roger-austin/8/a4/60
>Twitter: http://twitter.com/RogerTheGeek
>Google+: https://plus.google.com/117357905892731200369
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354882
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
