There are lots of examples on using these functions on strings.
However, is it possible to use these functions to encrypt/decrypt entire
files (not .cfm code files), for example, to maintain security in an FTP
server, etc.
TNX for any pointers.
-- Rick
Hey Rick,
You can use more secure forms of FTP as opposed to getting that
draconian - just a thought ;-)
I haven't done any file encryption in a while, so I'll bow out on that
detail - but yes it is doable.
Cheers
*Bryan Stevenson*B.Comm.
President CEO
Electric Edge Systems Group Inc. -
Check out https://wikidocs.adobe.com/wiki/display/coldfusionen/EncryptBinary
including example at bottom.
On Thu, Jul 17, 2014 at 4:10 PM, Bryan Stevenson
br...@electricedgesystems.com wrote:
Hey Rick,
You can use more secure forms of FTP as opposed to getting that
draconian - just a
Just to clarify, the problem is not in the transmission, which can be
accomplished by FTPs, etc.
Once the file resides on the shared FTP server, it needs to be encrypted
to maintain security.
So, I think the flow is: (1) transmit plain file up to server, and (2)
encrypt on the server.
Thank you. Good start.
There is the question of the best way to keep track of keys for various,
different files; or use the same key for all files without exposing it.
As you can see, I am very much a security novice when it comes to this
stuff.
On 7/17/2014 2:18 PM, John M Bliss wrote:
missing? Thank you again, folks.
Eric
-Original Message-
From: Leigh [mailto:cfsearch...@yahoo.com]
Sent: Thursday, November 08, 2012 2:47 PM
To: cf-talk
Subject: RE: encrypt / decrypt question
Any idea what the The UU algorithm is not supported error is about?
You skipped
Does the GenerateSecretKey function account for both the key
and the algorithm?
No - not the way you are thinking. You need to supply the algorithm twice. Once
when generating the key _and_ once when performing the encryption. To better
illustrate:
!--- generate a key suitable
My response got cut off.. Here is the full snippet... assuming it goes through
;-)
http://pastebin.com/fPLcU3Kd
-Leigh
~|
Order the Adobe Coldfusion Anthology now!
Leigh, that makes abundant sense. Thank you very much. As always.
Eric
-Original Message-
From: Leigh [mailto:cfsearch...@yahoo.com]
Sent: Friday, November 09, 2012 1:37 PM
To: cf-talk
Subject: RE: encrypt / decrypt question
My response got cut off.. Here is the full snippet
the decrypt statement.
Thank you, again. Have a good evening.
Eric
-Original Message-
From: Leigh [mailto:cfsearch...@yahoo.com]
Sent: Friday, November 09, 2012 1:37 PM
To: cf-talk
Subject: RE: encrypt / decrypt question
My response got cut off.. Here is the full snippet... assuming it goes
Any idea what the The UU algorithm is not supported error is about?
You skipped the algorithm again ;-) The third argument is the encryption
algorithm ie AES. Encoding (ie UU) is the fourth argument.
Encrypt(yourString, yourKey, theAlgorithm, theEncoding)
-
is not supported error is about?
Thank you again for your help.
Eric
-Original Message-
From: Pete Freitag [mailto:p...@foundeo.com]
Sent: Tuesday, November 06, 2012 10:53 AM
To: cf-talk
Subject: Re: encrypt / decrypt question
You left out the algorithm: AES in your encrypt() call this time
.
Eric
-Original Message-
From: Wil Genovese [mailto:jugg...@trunkful.com]
Sent: Sunday, November 04, 2012 9:58 PM
To: cf-talk
Subject: Re: encrypt / decrypt question
Eric,
A while back I was testing all the encryption and decryption types and
wrote
a short cfm page that let
: Re: encrypt / decrypt question
Eric,
A while back I was testing all the encryption and decryption types and wrote
a short cfm page that let me do the testing. The code there is a good
example of how it all works. Instead of trying to write it up and post here
I created a very short and sweet blog
Greetings. I have what is probably a very basic question, about which I have
done a lot of reading - I still need some help.
I am trying to use the encrypt function to encrypt a credit card number.
I am placing the key as a variable in application.cfc, thus:
cfset
Which encryption method are you using? The stronger ones require that you also
install the Java Cryptography Extension.
http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
Wil Genovese
Sr. Web Application Developer/
Systems Administrator
CF Webtools
Wil,
Which encryption method are you using? The stronger ones require that
you also install the Java Cryptography Extension.
Yes, I was reading up on that in the Adobe documentation. OK, I will proceed
to do that. I had read that an encryption method was optional, but I
understand that I
Eric,
A while back I was testing all the encryption and decryption types and wrote a
short cfm page that let me do the testing. The code there is a good example of
how it all works. Instead of trying to write it up and post here I created a
very short and sweet blog post about this.
:58 PM
To: cf-talk
Subject: Re: encrypt / decrypt question
Eric,
A while back I was testing all the encryption and decryption types and wrote
a short cfm page that let me do the testing. The code there is a good
example of how it all works. Instead of trying to write it up and post here
I created
I downloaded and unzipped the unlimited strength JCE JAR policy files. No
problem there. The README says to place the JAR files in the \lib\security\
folder.
However, there are several \lib\security\ folders on my server, all under
the c:\ColdFusion9\ folder. For example:
Sure thing.
The best way to know the correct one is to open your jvm.config file in
c:\ColdFusion9\runtime\jre\bin and looking at the java path.
From the options you gave below I would guess, based on experience, that this
is the correct folder. c:\ColdFusion9\runtime\jre\lib\security\
For
[mailto:jugg...@trunkful.com]
Sent: Sunday, November 04, 2012 10:43 PM
To: cf-talk
Subject: Re: encrypt / decrypt question
Sure thing.
The best way to know the correct one is to open your jvm.config file in
c:\ColdFusion9\runtime\jre\bin and looking at the java path.
From the options you gave
a value for
#request.encryption# that the AES / UU method will understand?
I hope this question makes sense. Thank you again for your advice.
Eric
-Original Message-
From: Wil Genovese [mailto:jugg...@trunkful.com]
Sent: Sunday, November 04, 2012 9:58 PM
To: cf-talk
Subject: Re: encrypt
]
Sent: Sunday, November 04, 2012 9:58 PM
To: cf-talk
Subject: Re: encrypt / decrypt question
Eric,
A while back I was testing all the encryption and decryption types and wrote
a short cfm page that let me do the testing. The code there is a good
example of how it all works. Instead
I'm trying to encrypt a string with encrypt and generatesecretkey..
I'm passing the string as a URL variable and then trying to decrypt
the string. I'm getting errors like
* An error occurred while trying to encrypt or decrypt your input
string: Input length must be multiple of 8 when decrypting
This smells similar to a problem someone else posted about recently where
they were using trim() on the key, tampering with it just enough (removing
meaningful whitespace) to make it no longer work. URLEncode/Decode may do
something similar.
However, I would very strongly suggest not sending
All I'm doing with it is encrypting the user's ID so they don't see
1003 and then try to mess with it and change it to 2003 or 134567..
all it is is the user's ID encrypted.
Plus
cfset sk = GenerateSecretKey(DES) /
generates a random key every time.
I just ran 5 iterations of this and not once
On Tue, Sep 6, 2011 at 9:53 AM, Greg Morphis gmorp...@gmail.com wrote:
All I'm doing with it is encrypting the user's ID so they don't see
1003 and then try to mess with it and change it to 2003 or 134567..
all it is is the user's ID encrypted.
If I am understanding what you are doing, I'd
I tried this
cfset id = encrypt(member.new_id, getKey.skey, DES, Hex )
with storing the key in the database and I get
An error occurred while trying to encrypt or decrypt your input
string: '' Can not decode string [my_secret_key]..
when I take out the DES and Hex I get a string I can't
All I'm doing with it is encrypting the user's ID so they don't
see 1003 and then try to mess with it and change it to 2003
or 134567.. all it is is the user's ID encrypted.
Hi Greg, Cameron's advice is a better approach, though if you want to
continue with the URL parameters, I'd suggest
If I have Encrypt(x,y) which equals z OR Decrypt(x,y) which equals z, can z
be determined (encrypted or decrypted) without having both x and y?
Example:
cfset variables.secretKey =
dj0yJmk9TTJOUXFnakphWjVlJmQ9WVdrOVVtMU9jak5rTjJNbWNHbzlPREV4TVRrNE5EWXkmcz1jb25zdW1lcnNlY3JldCZ4PWQx
cfset
Technically yes as this is how hackers reverse engineer encryption keys to
create keygens etc.
However it does depend on what encryption type you use, some have not yet
been hacked, so the chances are of course very very minute, and you would
need to be encrypting something that some desperately
perhaps I really should say virtually impossible just to
be syntactically correct.
On Fri, Jun 17, 2011 at 8:49 PM, Russ Michaels r...@michaels.me.uk wrote:
Technically yes as this is how hackers reverse engineer encryption keys to
create keygens etc.
However it does depend on what
No, not really as long as you're using a cipher that hasn't been
broken. Encryption uses a special class of functions that are easy to
perform one direction but prohibitively hard to perform the other
direction. For instance, if you take two very large prime numbers and
multiply them together to
My preferred encryption algorithm is AES, as this is what the Government
uses to encrypt classified documents. :)
Paul Alkema
http://paulalkema.com
http://twitter.com/#!/paulalkema
~|
Order the Adobe Coldfusion Anthology now!
My preferred encryption algorithm is AES, as this is what the
Government uses to encrypt classified documents. :)
AES with a 256-bit key is authorized for use up to top secret, if
memory serves. Remember, with any encryption, it's only as safe as
the keys you use which is why key management
Hi Les,
fyi, adobe issued CF 8.0.1 cumulative hotfix 3 yesterday (September 1),
which fixes the CFMX_COMPAT bug (among other 20+ bugs).
get the hf here: http://kb2.adobe.com/cps/511/cpsid_51180.html
Azadi Saryev
Sabai-dee.com
http://www.sabai-dee.com/
On 28/07/2009 03:30, Les Mizzell wrote:
I'm on CF7.
Here's my code:
(in Application.cfc)
cfset request.seed = wPznEZnrpWToMHNR8HcDQ==
cfset request.algorithm = CFMX_COMPAT
cfset request.encoding = UU
(encrypt)
encrypt(FORM.password,request.seed,request.algorithm,request.encoding)
(decrypt)
If the form.password contains characters that the encryption seed will cause
to result in a string that contains a space or plus-sign, you will have
trouble with the CFMX_COMPAT mode. Suggest going with a different mode.
Cheers,
Kris
I'm on CF7.
Here's my code:
(in Application.cfc)
cfset
Your example shows the same input for decrypt as you used for encrypt ...
hopefully that was just a typo, otherwise it's probably your issue.
(decrypt)
decrypt(FORM.password,request.seed,request.algorithm,request.encoding)
In other words, I would expect something more like this:
encPwd =
Could you post the entire encrypt/decrypt code snip?
-Original Message-
From: Les Mizzell [mailto:[EMAIL PROTECTED]
Sent: Friday, April 27, 2007 11:45 AM
To: CF-Talk
Subject: encrypt/decrypt bug
This is driving me crazy!!
For this code:
cfif IsDefined(form.myVAR) AND #form.myVAR# NEQ
Hi Les,
I've seen similar behavior most typically when I'm also urlencoding
the the encrypted value. What I figured out was happening is that if
the encrypted value contained a space, when urlencodedformat() was run
on it, the space would get converted to %20 as expected. However,
when it was
Since you are running CFMX 7, you might give the new encryption
methods a try. If you encode using Hex, you should be able to use the
encrypted string directly in a URL without encoding it.
example:
cfset x = encrypt(var,key,blowfish,hex)
Good luck,
Mike Chabot
On 4/27/07, Kris Jones [EMAIL
Interesting - changing the value of #encCODE# to a longer string seems
to have fixed the problem.
Haven't tested with every possible combination of letters/numbers on the
input yet, so ya never know - but it seems to like 2s now. Very odd...
For this code:
cfif IsDefined(form.myVAR) AND
This is going to sound weird but I've seen two issues nesting a trim() inside
other functions in the past. When I moved it above the function and cfset to a
temp it fixed the error. May not apply here but its only a 15 second test :)
with it.
What I envision is being able to encrypt/decrypt on the fly specific fields
(dob, ssn, etc) in a form but not the entire form and then segregate the pages
that do the decryption (it's really an intranet backend project). Is this a
good scheme? How does this affect performance
On Wednesday 06 December 2006 11:26, rick kennerly wrote:
What I envision is being able to encrypt/decrypt on the fly specific fields
(dob, ssn, etc) in a form but not the entire form and then segregate the
Define segregate.
pages that do the decryption (it's really an intranet backend
Define segregate.
I usually restrict access to those pages based on account level. Is there a
better way?
~|
Create robust enterprise, web RIAs.
Upgrade integrate Adobe Coldfusion MX7 with Flex 2
On Wednesday 06 December 2006 14:10, rick kennerly wrote:
Define segregate.
I usually restrict access to those pages based on account level. Is there
a better way?
You mean building role based access into an app ?
Perfectly normal.
--
Tom Chiverton
Helping to synergistically synergize
I'm using a simple encrypt statement to store info:
#Encrypt(SESSION.Customer.xxx, GetX.Item)#',
(this is from my INSERT statement) GetX.Item is the key loaded from a
table.
(I don't profess to be an expert in encryption (obviously) but, other
than being a little obtuse in the code, I don't
with GenerateSecretKey or hash. (For more info, consult the
livedocs).
Thanks Regards,
Phyo Pine
Information Systems Specialist
DMV - ODOT
-Original Message-
From: Stephens, Larry V [mailto:[EMAIL PROTECTED]
Sent: Friday, January 27, 2006 1:51 PM
To: CF-Talk
Subject: Encrypt Decrypt
I'm using
Thanks all for your help so far. Now I have been looking at the
documentation for encrypt/decrypt and I would like to use one of the more
secure encryption algorithms, such as BLOWFISH or DES. I notice that the
more secure algorithms use the function GenerateSecretKey. Now do this mean
that when
Hi all, I am trying to store specific data into a database in an encrypted
format. This data also has to be decrypted so as to be displayed and edited
onscreen therefore ruling out using the hash function. The problem that I am
having is on the decrypt.
Example:
cfset foo =
From: Andy Mcshane [mailto:[EMAIL PROTECTED]
This is on Coldfusion 7, using a SQL database. I have tried
URLEncodedFormat before saving to the database and then using
URLDecode after retrieveing. As this text is defined by the
user then I cannot simply say that there can be no 10
use
my example data you can easily replicate the issue.
-Original Message-
From: Tangorre, Michael [mailto:[EMAIL PROTECTED]
Sent: 26 September 2005 12:57
To: CF-Talk
Subject: RE: Weird Encrypt/Decrypt problem!
From: Andy Mcshane [mailto:[EMAIL PROTECTED]
This is on Coldfusion 7, using
Whoa. So weird I also tested here, and the encoded johnmurray was
decoded to johnmurrax! It's not with all 10 charcs. string, by the way.
I think this is a CF default algorithm (CFMX_COMPAT, which is compatible
do earlier versions of CF) implementation bug.
You should use a more secure and
PROTECTED]
Sent: 26 September 2005 14:45
To: CF-Talk
Subject: Re: Weird Encrypt/Decrypt problem!
Whoa. So weird I also tested here, and the encoded johnmurray was
decoded to johnmurrax! It's not with all 10 charcs. string, by the way.
I think this is a CF default algorithm (CFMX_COMPAT, which
OK, follow up to this, can anybody suggest ways that they currently
encrypt/decrypt sensitive data? I need to encrypt the data to save into the
database and then at a later date retrieve that data, decrypt it and let the
user edit it. I have looked at using the various algorithms excluding
There is no bug in encrypt/decrypt, the problem is that in that
instance, the encrypt result contains a space at the end.
As you can see with the following code, the key is not *5)V%5*.Z59RR$,
but *5)V%5*.Z59RR$
cfset foo = encrypt(johnmurray, wibble)
CFOUTPUT[#htmlEditFormat(foo)#],
#decrypt
anybody suggest ways that they currently
encrypt/decrypt sensitive data? I need to encrypt the data to save into the
database and then at a later date retrieve that data, decrypt it and let the
user edit it. I have looked at using the various algorithms excluding
CFMX_COMPAT but I notice
The pre CF7 encrypt() function does not create dbsafe strings. You have to
toake it a further step for that: Wrap the string in toBase64() before you
store the data. IIRC (its been awhile) you use tostring() when decrypting.
I think the new algorithm options in cfencrypt()/cfdecrypt() could be
and that trailing space is being trimmed out by the db. Sooner or later
you would have other issues even if you work around this one somehow. See my
post on this in the other thread. Its an easy fix but you won't make the
'classic' CF algorithm any more secure.
--
--mattRobertson--
Janitor,
Whoops its not tostring that takes something out of base64. Its decode().
I have a template that I built up years ago from the CF example that
displays a bunch of different ways to skin this cat. You can pick it
apart to bulletproof your use of CF encryption.
CFSET
:[EMAIL PROTECTED]
Sent: Monday, September 26, 2005 12:30 PM
To: CF-Talk
Subject: Re: Weird Encrypt/Decrypt problem!
The pre CF7 encrypt() function does not create dbsafe strings. You have to
toake it a further step for that: Wrap the string in toBase64() before you
store the data. IIRC (its been
Those 'undocumented' functions have been documented for some time in
various places, including houseoffusion.com. There has been plenty of
discussion of them over the years.
The trouble with them is they are not guaranteed to be there in future
versions, and if they do remain their behavior is
There is no bug in encrypt/decrypt, the problem is that in that
instance, the encrypt result contains a space at the end.
Yeah. It's true. I totally missed that! No bug at all! :-)
[]s
Fabio Terracini
~|
Logware
specify that in Encrypt/Decrypt function.
Other solution is to base-64 encode the data you get after encrypt and persist.
And when you retrieve it frm DB, base-64 decode and then pass it to decrypt.
Thanks
Rupesh.
Whoa. So weird I also tested here, and the encoded johnmurray was
decoded
Jochem,
Still with your code there is apparently some part of the code in the
variable encrypted that confuses Cold Fusion. It appears that CF is
interpreting something in the code as a tag ending.
Thanks,
Nick
At 12:55 PM 10/3/2004, you wrote:
Nick Baker wrote:
We need to Encrypt and
Nick Baker wrote:
We need to Encrypt and email private info. Then using the same key decrypt
on the receiving end. However, our Decrypt tag throws and error, not liking
some of the Encrypted code. The example below works under the same
circumstances. Encrypting in one template and
We need to Encrypt and email private info. Then using the same key decrypt
on the receiving end. However, our Decrypt tag throws and error, not liking
some of the Encrypted code. The example below works under the same
circumstances. Encrypting in one template and decrypting in another
template
I have template passing a url var that is pulled form my db.I happens to
be the key for that table, numerical. I use
cfset myid =encrypt(findqry.cid, qzx123) then I add that 'myid'
value to the url and pass it. Then I decrypt it on the next templete
like cfset myid =decrypt(url.myid, qzx123)
Hey there again
I have been using the Encrypt/Decrypt functions to store encrypted values
into the database.
I have a Visual Basic application that I want to integrate with the user
database.. however the database is encrypted with the Encrypt/Decrypt
functions. I have the code for the VB
I encrypted a value to store in the db using the CF encrypt() function.
It worked a few times, but then it encrypted a value with a double quote
as one of the encrypted chars. Now when I try to decrypt() the value I
get an error that the value to be decrypted is not valid.
cfset y =
: Encrypt/Decrypt
I encrypted a value to store in the db using the CF encrypt() function.
It worked a few times, but then it encrypted a value with a double quote
as one of the encrypted chars. Now when I try to decrypt() the value I
get an error that the value to be decrypted is not valid
:37 PM
To: CF-Talk
Subject: Re: Encrypt/Decrypt
Try escaping the string before encrypting it. Then maybe convert it to
base 64 so its db-safe.
I'm pretty sure if you try to do this in one step it'll throw an error.
I used something very similar to this for strings I had to be able to
store
use cfusion_encrypt/cfusion_decrypt. They'll always result in a hex string,
rather than the random jiberish that encrypt/decrypt use. Also,
cfusion_encrypt's result is ALWAYS exactly twice as long as the original
value, rather than the undetermined length from encrypt.
---
Barney Boisvert
Try escaping the string before encrypting it. Then maybe convert it to base 64 so its
db-safe.
I'm pretty sure if you try to do this in one step it'll throw an error. I used
something very similar to this for strings I had to be able to store and email to
people.
cfset variables.urlsafe =
Using toBase64 and urlencrypt renders a string that should always be db-safe to store.
No quote marks and such.
Below is a sample template I worked up to play around with various (documented)
encryption options. Run it (name the file anything you like) and it'll encrypt stuff
in various
Bryan Stevenson wrote:
Yes I do have to decrypt it to give it back to those users that lose
it ;-)
You should consider hashing anyway and issueing a new password.
Especially if you combine this with a client side hashing script (there
are javascripts available for download, just Google)
PROTECTED]
Sent: Thursday, November 07, 2002 5:18 PM
Subject: Re: Encrypt/Decrypt Recommendations
Bryan Stevenson wrote:
Yes I do have to decrypt it to give it back to those users that lose it
;-)
If they lose it, create a new password for them... that allows you to
use the one way encryption which
Hey All,
I'm looking for recommendations for an encrypt/decrypt tag or UDF that will
always produce the same encrypted value. This is so I can store encrypted
passwords in the DB and check the encrypted version of what a user types in
a login form against the encrypted version in the DB
sha256 i think its on mm site
-Original Message-
From: Bryan Stevenson [mailto:bryan;electricedgesystems.com]
Sent: Thursday, November 07, 2002 1:57 PM
To: CF-Talk
Subject: Encrypt/Decrypt Recommendations
Hey All,
I'm looking for recommendations for an encrypt/decrypt tag or UDF
Bryan Stevenson wrote:
I'm looking for recommendations for an encrypt/decrypt tag or UDF that will
always produce the same encrypted value. This is so I can store encrypted
passwords in the DB and check the encrypted version of what a user types in
a login form against the encrypted version
:57 PM
To: CF-Talk
Subject: Encrypt/Decrypt Recommendations
Hey All,
I'm looking for recommendations for an encrypt/decrypt tag or
UDF that will
always produce the same encrypted value. This is so I can
store encrypted
passwords in the DB and check the encrypted version of what a
user types
Group
Founder Director
www.cfug-vancouverisland.com
- Original Message -
From: [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Thursday, November 07, 2002 12:17 PM
Subject: RE: Encrypt/Decrypt Recommendations
Just use CF's Hash(). This is a one way encryption. No need to decrypt
[EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Thursday, November 07, 2002 10:57 AM
Subject: Encrypt/Decrypt Recommendations
Hey All,
I'm looking for recommendations for an encrypt/decrypt tag or UDF that
will
always produce the same encrypted value. This is so I can store encrypted
Bryan Stevenson wrote:
Yes I do have to decrypt it to give it back to those users that lose it ;-)
If they lose it, create a new password for them... that allows you to
use the one way encryption which is FAR more secure.
- Rick
Subject: Re: Encrypt/Decrypt Recommendations
Yes I do have to decrypt it to give it back to those users that lose it ;-)
I've done a workaround for now where I match the usernamedecrypt that
password and compare it to what the user types in the login form (kind of
the long way around...but it works
PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Thursday, November 07, 2002 10:57 AM
Subject: Encrypt/Decrypt Recommendations
Hey All,
I'm looking for recommendations for an encrypt/decrypt tag or UDF that
will
always produce the same encrypted value. This is so I can store encrypted
passwords
checksum to prevent someone from manipulating
characters to change the value (helpful for url parameters, hidden
form fields and cookies).
I also set up a test page with some more information on the drawbacks
of encrypt()/decrypt() at
http://www.iology.com/products/downloads/cryptest.cfm
You
I am having a problem with the encrypt/decrypt functions. Here is my code:
*** This creates the user when they register...
cfset dbPassword=#Encrypt(password, application.seed)#
cfquery name=CreateUser datasource=#application.dsn#
username=#application.dsn_username# password
Also, I'm not sure why I can encrypt the same value
twice and not get the same value. I'm thinking my problem must be in the
seed string length, but I'm not sure? Are there known issues with this?
Why
am I having this problem? Can someone shed some light?
After a little more trial and
, and a powerful ally it is. - Yoda
-Original Message-
From: Steve Reich [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 29, 2001 1:57 PM
To: CF-Talk
Subject: Encrypt/Decrypt Functions [NOT cfencrypt/cfdecrypt]
I am having a problem with the encrypt/decrypt functions. Here is my code
(LoginAction.Password, key)
cfset Error = Invalid UserID and Password.
cfelse
!--- Login OK ---
.
.
.
HTH
Dick
At 1:57 PM -0400 6/29/01, Steve Reich wrote:
I am having a problem with the encrypt/decrypt functions. Here is my code:
*** This creates the user when
Maybe it's just a wierd browser thing. What do you see if you View SOurce?
No.. I checked that. It's very strange because there is no consistency to
it. Some strings encrypt the same everytime, others don't.
If I run this in my browser
cfset encryptedPW = #Encrypt(password,
cfif form.Login_Password NEQ Decrypt(LoginAction.Password, key)
cfset Error = Invalid UserID and Password.
cfelse
Dick,
That did the trick! I was trying to compare two encrypted strings and I
should have been comparing their decrypted values. Thanks for the help
it was
AFAIK it is a feature that Encrypt() does not always return the same value, but
is always decryptable to the same value. I think I read it in the comment of an
Allaire employee in the Allaire forums.
Anyhow, I believe one should not use the Encrypt() at all. Use Hash(), it is one
way (nice for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Their encryption is also horrendously easy to crack. Encrypt/Decrypt at
least use 3DES if my memory serves me. Stay away from the undocumented
cfusion_* functions
Best regards,
Zac Bedell
-Original Message-
From: Nick Texidor
Thanks Zach,
I'll have a look at that
Cheers
Will
-Original Message-
From: Zachary S. Bedell [mailto:[EMAIL PROTECTED]]
Sent: 05 April 2001 19:26
To: CF-Talk
Subject: RE: encrypt/decrypt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The values that the CF Encrypt function creates
Thanks...it was a number. I'll try converting it first.
Cheers
Will
-Original Message-
From: Michailov, Dimitar [mailto:[EMAIL PROTECTED]]
Sent: 05 April 2001 16:26
To: CF-Talk
Subject: RE: encrypt/decrypt
Will:
I am not sure if this could be the reason, but the ENCRYPT function
1 - 100 of 115 matches
Mail list logo