Stephen,
I'm having a hard time understanding this hash() function. Does this mean
that once something has been hash()ed it is therefore never readable again
in plain text? So then the only way to find out what it is run some sort of
batch that compares it against a dictionary or something similar? Also,
would this function suffice for encrypting credit cards numbers on the
database also?
Thanks,
Rick
-----------
-----Original Message-----
From: Stephen Moretti [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 10, 2000 10:37 AM
To: Fusebox
Subject: RE: Security Help
>
> Hello Michael
> I have two proposals:
> 1. Use https
> 2. Encrypt passwords (a simple algorithm should be enough) before
> you write them into the database and decrypt them after you
> select them from the db.
>
Regarding encrypting passwords:
If you are using CF4.5.1 then there is a function that you can use to
encrypt passwords. hash() uses a one way encryption algorithm. What you
should do is store the passwords encrypted using hash() :
insert into users
(fields...., password)
values
(fieldvalues..., '#hash(attributes.formpassword)#')
then when you recover the users information from the database compare the
encrypted password against the password given by the user again using the
hash() function.
SELECT details FROM users
WHERE username = '#attributes.loginusername#' and password =
'#hash(attributes.loginpassword)#'
This also has the side affect of making passwords case sensitive, increasing
the level of security slightly.
Regards
Stephen
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
