>
> Hello Michael
> I have two proposals:
> 1. Use https
> 2. Encrypt passwords (a simple algorithm should be enough) before
> you write them into the database and decrypt them after you
> select them from the db.
>
Regarding encrypting passwords:
If you are using CF4.5.1 then there is a function that you can use to
encrypt passwords. hash() uses a one way encryption algorithm. What you
should do is store the passwords encrypted using hash() :
insert into users
(fields...., password)
values
(fieldvalues..., '#hash(attributes.formpassword)#')
then when you recover the users information from the database compare the
encrypted password against the password given by the user again using the
hash() function.
SELECT details FROM users
WHERE username = '#attributes.loginusername#' and password =
'#hash(attributes.loginpassword)#'
This also has the side affect of making passwords case sensitive, increasing
the level of security slightly.
Regards
Stephen
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
