I've always created the password hash in CF, as pre MySQL 4.1 the mysql password() function was relatively weak.
If you need your application to be database agnostic, then I would use CF's built in hash() function, otherwise you may need to write different methods to create/check the password for each DB. Cheers, Chris -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Boughton Sent: 06 July 2006 09:21 To: [email protected] Subject: Re: [Reactor for CF] DB functions such as PASSWORD('') ~~ I'd really like to avoid cf's hash() or encrypt() functions if ~~ possible, for some reason doing this at the database level feels ~~ intrinsically better. Maybe this is where I am wrong? Doing it at the database level means you're passing unencrypted values to the database. Not an issue if they're both on the same server, but if you have a seperate web server and database server then you're throwing plaintext passwords across a network... On 7/6/06, Mark Stanton <[EMAIL PROTECTED]> wrote: > Hi All > > On a system I'm working on we use MySQL's PASSWORD() function to store > and compare user logins. > > For example a typical create user query would be: > > INSERT INTO user (username, password) > VALUES ('#username#', PASSWORD('#password#') > > and then checking the login would be > > SELECT userUUID > FROM user > WHERE username = '#username#' and password = 'PASSWORD('#password#') > > I've been puzzling over how this could be done using Reactor, or if it > can't how would I best integrate this funcitonality with a Reactor > based system. Do I have to resort to not using a UserRecord object at > all? > > I'd really like to avoid cf's hash() or encrypt() functions if > possible, for some reason doing this at the database level feels > intrinsically better. Maybe this is where I am wrong? > > Thanks in advance > > Mark > > -- > Mark Stanton > Gruden Pty Ltd > http://www.gruden.com > > > -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- > Reactor for ColdFusion Mailing List > [email protected] > Archives at: http://www.mail-archive.com/reactor%40doughughes.net/ > -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- > > -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Reactor for ColdFusion Mailing List [email protected] Archives at: http://www.mail-archive.com/reactor%40doughughes.net/ -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Reactor for ColdFusion Mailing List [email protected] Archives at: http://www.mail-archive.com/reactor%40doughughes.net/ -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
