Robertson-Ravo, Neil (REC) wrote: > expand/explain?
It is more obfuscated as encrypted. So if a hacker has sufficient data with some common characteristic, like creditcards of which you know they follow the MOD 10 algorithm and have predictable starting numbers, it is hackable. But the deeper problem is that the encryption is two-way symmetric. The most likely way to get a password or a creditcard database is to root a server. That will give that person access to the template doing the encryption as well, and he can simply read the password from it [1]. Then it is easy to reverse the encryption. In the case of passwords, the obvious solution is to use one-way encryption. In the case of creditcards, use asymmetric encryption and store the key to decrypt somewhere else as the encrypted data. Jochem [1] Has anybody checked with CF MX if encrypted .cfm templates produce encrypted .java files? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm
