>Password expirations would definitely be the way I would have gone with
>this.
>
>If I didn't have that option id probably just hash them all with a single
>update statement in SQL Server rather than involving CF at all.
>
>update userTable set passwordColumn =
>right(master.dbo.fn_varbintohexstr(hashBytes('MD5', cast(passwordColumn +
>'mySalt' as nvarchar(max)))),32)
>
>Then, to convert a submitted password to that in CF,
>lcase(hash(passwordString & 'mySalt', 'MD5', 'UTF-16LE'))
>
>
>
>On 3/7/13 3:00 PM, "Roger Austin" <raust...@nc.rr.com> wrote:
>
>
>Thank you. I think I am going to take the SQL route. A few questions on your script. 1. How/where did you set the salt value? 2. Can I do multiple iterations of the salt? 3. Why MD5 and not SHA512? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354922 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
