<cf_hunker down>...we are still not using 4.5.1. Any
suggestions for 4.0.1?
Christine
> Christine,
>
> If you are using 4.5.1 or greater, look at the hash()
function. You do a
> one way encryption of the password and store it in the
database, then when
> the user logs in you encrypt again and compare the
hashes. Never have to
> store the original password and there is no "key" to
leave behind as
> evidence... Downside is that passwords are not
recoverable...
>
> Jeff Garza
> Web Developer/Webmaster
> Spectrum Astro, Inc.
> 480.892.8200
>
> [EMAIL PROTECTED]
> http://www.spectrumastro.com
>
>
>
> -----Original Message-----
> From: Christine Kelley [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 01, 2001 11:57 AM
> To: CF-Talk
> Subject: Password Encrypted?
>
>
>
> Hello all!
> When using a simple login system of pulling a
username
> and password from a database and verifying based on that,
> is the password that is being pulled automatically
> encrypted? I'm thinking probably not. Is there a way to
> easily encrypt the password being passed around...perhaps
> cfusion_encrypt() and cfusion_decrypt()? I have a client
> who is very sensitive about their passwords and they want
> to make sure that encryption of some sort is taking place.
>
> Thank-you for any advice, it is greatly appreciated :)
> Christine
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
