Use the encrypt function. You pass a string and a key to this
function. THerefore, in theory, you can't decrypt the string
without the key you supply.
-Erik
> -----Original Message-----
> From: Kevin Langevin [mailto:[EMAIL PROTECTED]]
> Sent: Friday, November 10, 2000 2:10 PM
> To: Fusebox
> Subject: RE: Security Help
>
>
> Also...where the hash() function documented? It's nowhere to
> be found in
> the CF Studio 4.51 help text.
>
> <CFUG-SFL Manager>
> -Kev
> </CFUG-SFL Manager>
>
> > -----Original Message-----
> > From: Rick Lamb [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, November 10, 2000 12:24 PM
> > To: Fusebox
> > Subject: RE: Security Help
> >
> >
> > Stephen,
> >
> > I'm having a hard time understanding this hash() function.
> Does this mean
> > that once something has been hash()ed it is therefore never
> readable again
> > in plain text? So then the only way to find out what it is run
> > some sort of
> > batch that compares it against a dictionary or something
> similar? Also,
> > would this function suffice for encrypting credit cards
> numbers on the
> > database also?
> >
> > Thanks,
> >
> > Rick
> >
> > -----------
> >
> > -----Original Message-----
> > From: Stephen Moretti [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, November 10, 2000 10:37 AM
> > To: Fusebox
> > Subject: RE: Security Help
> >
> >
> > >
> > > Hello Michael
> > > I have two proposals:
> > > 1. Use https
> > > 2. Encrypt passwords (a simple algorithm should be enough) before
> > > you write them into the database and decrypt them after you
> > > select them from the db.
> > >
> >
> > Regarding encrypting passwords:
> >
> > If you are using CF4.5.1 then there is a function that you
> can use to
> > encrypt passwords. hash() uses a one way encryption
> algorithm. What you
> > should do is store the passwords encrypted using hash() :
> >
> > insert into users
> > (fields...., password)
> > values
> > (fieldvalues..., '#hash(attributes.formpassword)#')
> >
> > then when you recover the users information from the
> database compare the
> > encrypted password against the password given by the user
> again using the
> > hash() function.
> >
> > SELECT details FROM users
> > WHERE username = '#attributes.loginusername#' and password =
> > '#hash(attributes.loginpassword)#'
> >
> > This also has the side affect of making passwords case sensitive,
> > increasing
> > the level of security slightly.
> >
> > Regards
> >
> > Stephen
> >
> > ------------------------------------------------------------------
> > ----------
> > --
> > To Unsubscribe visit
> >
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=list
s/fusebox or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
>
> ------------------------------------------------------------------
> ------------
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fu
sebox or send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body.
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
