Don't store the password in plain text in the database. Only save a hash of
the password. Then when you need to authenticate a user, you take the
password they give, immediately hash it using the same algorithm, and
compare it to the hash in the database. If they match, then they are the
same password.
This way, if someone cracks your database, the passwords are still secure.
--b
Bryan Batchelder
Web Application Developer
ConnectWise, Inc.
Phone: 813-935-7100 x 425
Email: [EMAIL PROTECTED]
> -----Original Message-----
> From: Christine Kelley [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 01, 2001 2:57 PM
> To: CF-Talk
> Subject: Password Encrypted?
>
>
>
> Hello all!
> When using a simple login system of pulling a username
> and password from a database and verifying based on that,
> is the password that is being pulled automatically
> encrypted? I'm thinking probably not. Is there a way to
> easily encrypt the password being passed around...perhaps
> cfusion_encrypt() and cfusion_decrypt()? I have a client
> who is very sensitive about their passwords and they want
> to make sure that encryption of some sort is taking place.
>
> Thank-you for any advice, it is greatly appreciated :)
> Christine
>
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
