Ray and all,
The issue with the out-of-the-box ColdFusion encrypt/decrypt functions is
that it doesn't limit itself to "safe" characters when doing the encrypting.
Specifically, there's the possibility that the encrypt() function will
generate an encrypted string with single quotes ('), spaces ( ), pound signs
(#), line feeds or line breaks. Once an encrypted string with any of
these characters has been generated, it can cause problems when trying to
decrypt and get the original string. In some cases, this throws the
all-too-familiar "The value to be decrypted is not valid" error message.
Most of the time, this occurs when you take your string, encrypt it, stuff
it into the database, retrieve the value from the database and attempt to
decrypt it.
If the encrypt() function were a little less dangerous, perhaps more people
would use it. The headaches caused by this function can also be evidenced
by going to the Allaire site and searching the ColdFusion Support Forums for
"encrypt" and "decrypt" - you'll find tons of messages that describe this
very same problem and recommend, as an alternative, to use the undocumented
cfusion_encrypt() and cfusion_decrypt() functions.
Unfortunately, the release of ColdFusion 5.0 apparently has not corrected
this problem either.
Hope this helps,
Tyson
------------------------------------------------
Tyson Vanek, Technical Lead
duoDesign, The eBusiness Architects
Building your business online
847.491.3000 main | [EMAIL PROTECTED]
847.491.3100 fax | www.duodesign.com
847.491.4270 direct | www.chicagoangels.org
Come to our free 2-hour seminar "The eBusiness Squeeze"
http://www.duodesign.com/squeeze/seminar.html
-----Original Message-----
From: Raymond Camden [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 27, 2001 2:54 PM
To: CF-Talk
Subject: RE: Encryption differences in ColdFusion 4.5 and 5.0?
Errr, this doesn't help you, but why did you use that function instead of
the "real" function, Encrypt? Wasn't it a bit dangerous to use the
"unofficial" function in the first place?
I'm not saying you are stupid or anything, and I'm not speaking for MACR,
but it does seem like something that should have been a bit obvious...
right? Or are many users out there using the "unofficial" functions?
You may be able to simply run a massive cfusion_decrypt on a temporary CF4.5
machine, then restore them using encrypt instead of cfusion_encrypt.
=======================================================================
Raymond Camden, Principal Spectra Compliance Engineer for Macromedia
Email : [EMAIL PROTECTED]
Yahoo IM : morpheus
"My ally is the Force, and a powerful ally it is." - Yoda
> -----Original Message-----
> From: Dave Feltenberger [mailto:[EMAIL PROTECTED]]
> Sent: Monday, August 27, 2001 3:49 PM
> To: CF-Talk
> Subject: Encryption differences in ColdFusion 4.5 and 5.0?
>
>
>
> I recently upgraded ColdFusion 4.5.2 to 5.0 on a website I'm
> using, and now
> some users can't log in to the site. I'm using the
> CFusion_Encrypt (string,
> key) function, and it seems that the encryption is slightly different
> between the two versions of ColdFusion. The key hasn't changed, and this
> problem just started when we upgraded to 5.0. Can anyone help me out? Is
> there a difference in the encryption, or is CF 5's encrypt syntax slightly
> different? This is urgent, as we have several thousand users in our
> database that work with 4.5.2 but not with 5.0, and going back to 4.5.2
> doesn't look like an option at this point... Thanks.
>
> - Dave Feltenberger
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
