~~ I'd really like to avoid cf's hash() or encrypt() functions if
~~ possible, for some reason doing this at the database level feels
~~ intrinsically better. Maybe this is where I am wrong?
Doing it at the database level means you're passing unencrypted values
to the database. Not an issue if they're both on the same server, but
if you have a seperate web server and database server then you're
throwing plaintext passwords across a network...
On 7/6/06, Mark Stanton <[EMAIL PROTECTED]> wrote:
Hi All
On a system I'm working on we use MySQL's PASSWORD() function to store
and compare user logins.
For example a typical create user query would be:
INSERT INTO user (username, password)
VALUES ('#username#', PASSWORD('#password#')
and then checking the login would be
SELECT userUUID
FROM user
WHERE username = '#username#' and password = 'PASSWORD('#password#')
I've been puzzling over how this could be done using Reactor, or if it
can't how would I best integrate this funcitonality with a Reactor
based system. Do I have to resort to not using a UserRecord object at
all?
I'd really like to avoid cf's hash() or encrypt() functions if
possible, for some reason doing this at the database level feels
intrinsically better. Maybe this is where I am wrong?
Thanks in advance
Mark
--
Mark Stanton
Gruden Pty Ltd
http://www.gruden.com
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Reactor for ColdFusion Mailing List
[email protected]
Archives at: http://www.mail-archive.com/reactor%40doughughes.net/
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Reactor for ColdFusion Mailing List
[email protected]
Archives at: http://www.mail-archive.com/reactor%40doughughes.net/
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
