OK, thanks for the advise
----- Original Message -----
From: "Aaron Johnson" <[EMAIL PROTECTED]>
To: "Mak Wing Lok" <[EMAIL PROTECTED]>
Cc: "Spectra-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, August 08, 2001 11:15 AM
Subject: RE: compare advance security password
> That's the point, you can't get the users old password from LDAP.. It's
not
> a Spectra thing so much as it's a Directory Services type question. You
> could start storing the passwords in a separate database, but that would
be
> a ton more work and the admins would probably hate you.
>
> If you're doing what I think you're doing (ie: change you password? type
> your old password and your new password here), then you *could* do this..
> show a form for the user to type in their old and new.. and then on
> submission try to log them in using the old password... if it works, then
> the old password is a match and you can then change the old password to
the
> new password... if it doesn't work, then you have a non match...
>
> HTH
>
> Aaron Johnson, MCSE, MCP+I
> Macromedia Certified ColdFusion Developer
> MINDSEYE, Inc.
> <phn>617.350.0339
> <mbl>617.461.3721
> <fax>617.350.8884
> <icq>66172567
> [EMAIL PROTECTED]
>
> > -----Original Message-----
> > From: Mak Wing Lok [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, August 07, 2001 11:07 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: compare advance security password
> >
> >
> > i understand that, but what if i want to the verify the user old
password
> > before i change it to the new password? how can i do the verification?
> >
> >
> > ----- Original Message -----
> > From: "Aaron Johnson" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Cc: <[EMAIL PROTECTED]>
> > Sent: Wednesday, August 08, 2001 11:05 AM
> > Subject: RE: compare advance security password
> >
> >
> > > Hi Mak,
> > >
> > > > help please, just wondering how i could compare the old password
that
> > user
> > > > type in with the password in the LDAP server before i let the
> > application
> > > > change the password for the user, as i found out that the password i
> > > > retrieve using cfa_userGet is encrypted.
> > > -- All the directory services I'm aware of will *not* let you read the
> > > actual password once the user puts it into the system for
> > obvious security
> > > reasons (ie: I change my password to access the financial data for the
> > > company, you being an enterprising developer go and grab my username
and
> > > password from LDAP and then read financial data... bad news).
> > >
> > > HTH
> > >
> > > Aaron Johnson, MCSE, MCP+I
> > > Macromedia Certified ColdFusion Developer
> > > MINDSEYE, Inc.
> > > <phn>617.350.0339
> > > <mbl>617.461.3721
> > > <fax>617.350.8884
> > > <icq>66172567
> > > [EMAIL PROTECTED]
> >
> >
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/spectra_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
