Also...where the hash() function documented? It's nowhere to be found in
the CF Studio 4.51 help text.
<CFUG-SFL Manager>
-Kev
</CFUG-SFL Manager>
> -----Original Message-----
> From: Rick Lamb [mailto:[EMAIL PROTECTED]]
> Sent: Friday, November 10, 2000 12:24 PM
> To: Fusebox
> Subject: RE: Security Help
>
>
> Stephen,
>
> I'm having a hard time understanding this hash() function. Does this mean
> that once something has been hash()ed it is therefore never readable again
> in plain text? So then the only way to find out what it is run
> some sort of
> batch that compares it against a dictionary or something similar? Also,
> would this function suffice for encrypting credit cards numbers on the
> database also?
>
> Thanks,
>
> Rick
>
> -----------
>
> -----Original Message-----
> From: Stephen Moretti [mailto:[EMAIL PROTECTED]]
> Sent: Friday, November 10, 2000 10:37 AM
> To: Fusebox
> Subject: RE: Security Help
>
>
> >
> > Hello Michael
> > I have two proposals:
> > 1. Use https
> > 2. Encrypt passwords (a simple algorithm should be enough) before
> > you write them into the database and decrypt them after you
> > select them from the db.
> >
>
> Regarding encrypting passwords:
>
> If you are using CF4.5.1 then there is a function that you can use to
> encrypt passwords. hash() uses a one way encryption algorithm. What you
> should do is store the passwords encrypted using hash() :
>
> insert into users
> (fields...., password)
> values
> (fieldvalues..., '#hash(attributes.formpassword)#')
>
> then when you recover the users information from the database compare the
> encrypted password against the password given by the user again using the
> hash() function.
>
> SELECT details FROM users
> WHERE username = '#attributes.loginusername#' and password =
> '#hash(attributes.loginpassword)#'
>
> This also has the side affect of making passwords case sensitive,
> increasing
> the level of security slightly.
>
> Regards
>
> Stephen
>
> ------------------------------------------------------------------
> ----------
> --
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
>
> ------------------------------------------------------------------
> ------------
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fu
sebox or send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
