Christine,
If you are using 4.5.1 or greater, look at the hash() function. You do a
one way encryption of the password and store it in the database, then when
the user logs in you encrypt again and compare the hashes. Never have to
store the original password and there is no "key" to leave behind as
evidence... Downside is that passwords are not recoverable...
Jeff Garza
Web Developer/Webmaster
Spectrum Astro, Inc.
480.892.8200
[EMAIL PROTECTED]
http://www.spectrumastro.com
-----Original Message-----
From: Christine Kelley [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 01, 2001 11:57 AM
To: CF-Talk
Subject: Password Encrypted?
Hello all!
When using a simple login system of pulling a username
and password from a database and verifying based on that,
is the password that is being pulled automatically
encrypted? I'm thinking probably not. Is there a way to
easily encrypt the password being passed around...perhaps
cfusion_encrypt() and cfusion_decrypt()? I have a client
who is very sensitive about their passwords and they want
to make sure that encryption of some sort is taking place.
Thank-you for any advice, it is greatly appreciated :)
Christine
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
