>Password expirations would definitely be the way I would have gone with >this. > >If I didn't have that option id probably just hash them all with a single >update statement in SQL Server rather than involving CF at all. > >update userTable set passwordColumn = >right(master.dbo.fn_varbintohexstr(hashBytes('MD5', cast(passwordColumn + >'mySalt' as nvarchar(max)))),32) > >Then, to convert a submitted password to that in CF, >lcase(hash(passwordString & 'mySalt', 'MD5', 'UTF-16LE')) > > > >On 3/7/13 3:00 PM, "Roger Austin" <raust...@nc.rr.com> wrote: > > >
Thank you. I think I am going to take the SQL route. A few questions on your script. 1. How/where did you set the salt value? 2. Can I do multiple iterations of the salt? 3. Why MD5 and not SHA512? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354922 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm