Ooops... Guess it was on list...<G>
Jeff Garza
Web Developer/Webmaster
Spectrum Astro, Inc.
480.892.8200
[EMAIL PROTECTED]
http://www.spectrumastro.com
-----Original Message-----
From: Garza, Jeff [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 01, 2001 5:18 PM
To: CF-Talk
Subject: RE: RE: Password Encrypted?
Off-list,
What database are you using? You may be able to do it on the DB instead.
Otherwise, you have the encrypt/decrypt functions that you can use. What I
did before the new functions in 4.5.1 (i.e., hash()) was to place a cfm
template somewhere outside of the web root and create a mapping to it in
CFADMIN. Within that cfm template would be the key to encrypt/decrypt the
passwords. Using <CFINCLUDE> you pull it in, and do your dirty work. At
least it keeps the key and data separate.
Cheers,
Jeff Garza
Web Developer/Webmaster
Spectrum Astro, Inc.
480.892.8200
[EMAIL PROTECTED]
http://www.spectrumastro.com
-----Original Message-----
From: Christine Kelley [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 01, 2001 3:52 PM
To: CF-Talk
Subject: Re: RE: Password Encrypted?
<cf_hunker down>...we are still not using 4.5.1. Any
suggestions for 4.0.1?
Christine
> Christine,
>
> If you are using 4.5.1 or greater, look at the hash()
function. You do a
> one way encryption of the password and store it in the
database, then when
> the user logs in you encrypt again and compare the
hashes. Never have to
> store the original password and there is no "key" to
leave behind as
> evidence... Downside is that passwords are not
recoverable...
>
> Jeff Garza
> Web Developer/Webmaster
> Spectrum Astro, Inc.
> 480.892.8200
>
> [EMAIL PROTECTED]
> http://www.spectrumastro.com
>
>
>
> -----Original Message-----
> From: Christine Kelley [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 01, 2001 11:57 AM
> To: CF-Talk
> Subject: Password Encrypted?
>
>
>
> Hello all!
> When using a simple login system of pulling a
username
> and password from a database and verifying based on that,
> is the password that is being pulled automatically
> encrypted? I'm thinking probably not. Is there a way to
> easily encrypt the password being passed around...perhaps
> cfusion_encrypt() and cfusion_decrypt()? I have a client
> who is very sensitive about their passwords and they want
> to make sure that encryption of some sort is taking place.
>
> Thank-you for any advice, it is greatly appreciated :)
> Christine
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
