Take a look at the setFieldExpression method in the query object. The
purpose of this is to replace a field in your queries with an expression.
This is useful when querying data out of the database.
You could use this to override the read method on your gateway.
Also, you could override the update and either write your insert and update
statements manually or you could simply have them call a method that would
run the mysql password command for your via cfquery and you could then set
this value into your TO before committing it.
Alternatively, you could override your setPassword method to run a cfquery
which would simply do something like this
<cffunction name="setPassword">
<cfargument name="password" />
<cfset var enc = 0 />
<cfquery name="enc">
SELECT password(#getPassword()#) as encPass
</cfquery />
<cfset _getTo().password = enc.pass />
</cffunction>
Food for thought.
Doug
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Peter Boughton
Sent: Thursday, July 06, 2006 4:21 AM
To: [email protected]
Subject: Re: [Reactor for CF] DB functions such as PASSWORD('')
~~ I'd really like to avoid cf's hash() or encrypt() functions if
~~ possible, for some reason doing this at the database level feels
~~ intrinsically better. Maybe this is where I am wrong?
Doing it at the database level means you're passing unencrypted values
to the database. Not an issue if they're both on the same server, but
if you have a seperate web server and database server then you're
throwing plaintext passwords across a network...
On 7/6/06, Mark Stanton <[EMAIL PROTECTED]> wrote:
> Hi All
>
> On a system I'm working on we use MySQL's PASSWORD() function to store
> and compare user logins.
>
> For example a typical create user query would be:
>
> INSERT INTO user (username, password)
> VALUES ('#username#', PASSWORD('#password#')
>
> and then checking the login would be
>
> SELECT userUUID
> FROM user
> WHERE username = '#username#' and password = 'PASSWORD('#password#')
>
> I've been puzzling over how this could be done using Reactor, or if it
> can't how would I best integrate this funcitonality with a Reactor
> based system. Do I have to resort to not using a UserRecord object at
> all?
>
> I'd really like to avoid cf's hash() or encrypt() functions if
> possible, for some reason doing this at the database level feels
> intrinsically better. Maybe this is where I am wrong?
>
> Thanks in advance
>
> Mark
>
> --
> Mark Stanton
> Gruden Pty Ltd
> http://www.gruden.com
>
>
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --
> Reactor for ColdFusion Mailing List
> [email protected]
> Archives at: http://www.mail-archive.com/reactor%40doughughes.net/
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --
>
>
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --
Reactor for ColdFusion Mailing List
[email protected]
Archives at: http://www.mail-archive.com/reactor%40doughughes.net/
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Reactor for ColdFusion Mailing List
[email protected]
Archives at: http://www.mail-archive.com/reactor%40doughughes.net/
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
