> I don't think this is possible. I don't think that you're programmatically > allowed to retrieve passwords from the NT user database. You could turn this > on its head, and have your users change their NT passwords through a CF > application, which could then write the entries to a database in addition to > writing the changes to the NT user database. From a security perspective, > this has its own problems, of course. > > Dave Watts, CTO, Fig Leaf Software
You are correct, you cannot retreive passwords from an NT database but you -can- (never done it..but you can I'm sure) retreive the encrypted password, just like in Unix. From there you can collect the password from the user in CF, encrypt it using the same algorithm that NT uses and compare the stored values. This is really how all password schemes should work but in practice a fair amount of developers will store the unencrypted password and just compare that. Yes, I am personally guilty of building such systems. Justin Buist ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm ------------------------------------------------------------------------------ To unsubscribe, send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body or visit the list page at www.houseoffusion.com
