RE: Security Question

Josh Remus Wed, 25 Apr 2001 13:26:15 -0700
Well, I'm not sure what the actually security of it is, but we use the
encrypt and decrypt functions included in CF to store the passwords in our
SQL 7 database.  It wasn't all that difficult to implement.  I've heard talk
on other lists about more secure ways to encrypt / decrypt the password
field, but I can't put my finger on them right now.

-----Original Message-----
From: Saidi; Marwan [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 25, 2001 12:22 PM
To: CF-Talk
Subject: Security Question


Just wanted some input from the list....

We have a security system on our site. User ids and passwords are stored in
a SQL 7 DB. My question is how do you secure it? Because of IS policies,
access to the database is based on mixed SQL and NT authentication. Password
protecting the database and the datasource are a given. But is this enough.
The powers that be are concerned that storing the passwords unencrypted in
the database is less than secure, and I agree. What do you all do.

One thought that we have had was to set the password field to binary, then
use the ToBinary and ToBase64 functions to convert text into binary before
checking against the DB. Any thoughts to whether this would work or not? Any
warnings/considerations? How do you all handle this aspect of security?

Thank in advance for any input.

Marwan Saidi
Webmaster
CED - Concord IS
[EMAIL PROTECTED]
407.741.8645


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Security Question

Reply via email to
