Chris Blackwell said the following on 7/6/2006 4:38 AM:
Chris, you might check out my blog post about hashing and security and why it's even better to sprinkle in a bit of salt.I've always created the password hash in CF, as pre MySQL 4.1 the mysql password() function was relatively weak.If you need your application to be database agnostic, then I would use CF's built in hash() function, otherwise you may need to write different methods to create/check the password for each DB. Cheers, Chris Don't Just Hash() Your Passwords - Get Better SecurityBest,.Peter -- Peter J. Farrell - Maestro Publishing http://blog.maestropublishing.com -- Co-Host of the ColdFusion Weekly Podcast http://www.coldfusionweekly.com -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Reactor for ColdFusion Mailing List [email protected] Archives at: http://www.mail-archive.com/reactor%40doughughes.net/ -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- |
- [Reactor for CF] DB functions such as PASSWORD('') Mark Stanton
- Re: [Reactor for CF] DB functions such as PASSWORD('... Doug Sims
- Re: [Reactor for CF] DB functions such as PASSWORD('... Mark Stanton
- Re: [Reactor for CF] DB functions such as PASSWORD('... Peter Boughton
- RE: [Reactor for CF] DB functions such as PASSWORD('... Chris Blackwell
- RE: [Reactor for CF] DB functions such as PASSWORD('... Doug Hughes
- Re: [Reactor for CF] DB functions such as PASSWORD('... Peter J. Farrell
