RE: Encrypting FuseActions

Wed, 29 Nov 2000 14:16:59 -0800 

Hash() itself may be one-way, but that's of no real consequence here. If you
have a db table, and you store the clear fuseaction, and the hash, you just
do a 
SELECT fuseaction from tbl_fuseactions where hash =
"#attributes.hash_fuseaction#"
or something like that. Would make a dandy stored procedure.

Alan McCollough
Web Programmer
Allaire Certified ColdFusion Developer
Alaska Native Medical Center

> -----Original Message-----
> From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, November 29, 2000 12:35 PM
> To:   Fusebox
> Subject:      Re: Encrypting FuseActions
> 
> David, good point on the URL-safe string formatting. I was aware of
> Hash(), 
> but as you said, it's one-way and therefore wouldn't be appropriate for 
> this use.
> 
> Avi
> 
> At 04:08 PM 11/29/00 -0500, you wrote:
> >----- Original Message -----
> > > A co-worker and I came up with this possible tool to conceal the names
> of
> > > FuseActions, for even heightened security for the paranoid. It
> consists of
> > > a custom tag to create a structure containing FuseActions and their
> > > encrypted values, and a line to decrypt the passed FuseAction.
> >....snip....
> >
> >Good idea, I tried something similiar as a test. One problem I faced was
> that
> >the Encrypt function uses characters outside of the  alphanumeric range
> which
> >caused the encrypted string to go bust when I put it on the end of a url 
> >string.
> >I ended up using:
> >
> >      ToBase64(Encrypt(String, Encrypt_Key))
> >
> >to get it to work.  Then use:
> >
> >     Decrypt( ToString(ToBinary( Base64_String)), Encrypt_Key))
> >
> >to decrypt if from the URL.
> >
> >CF 4.5.X has a new function called HASH that looked more promising than 
> >Encrypt
> >(its only a one way encryption though).
> >
> >: David Nesbitt
> 
> 
> 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Reply via email to