I prefer salting and hashing passwords stored in a database. The hashing
provides one-way encryption and the salting protects against people who have
the same password. MSDN has a good intro to password security at
http://msdn.microsoft.com/msdnmag/issues/03/08/securitybriefs/default.aspx
ColdFusion doesn't have any built-in hashing functions but there are some
good CustomTags available at the Dev Exchange that do hashing.
--
Mosh Teitelbaum
evoch, LLC
Tel: (301) 942-5378
Fax: (301) 933-3651
Email: [EMAIL PROTECTED]
WWW: http://www.evoch.com/
-----Original Message-----
From: C. Hatton Humphrey [mailto:[EMAIL PROTECTED]
Sent: Monday, December 15, 2003 1:43 PM
To: CF-Talk
Subject: Scrambling Data
I am working out a database schema for an intranet and need to figure out
some way to mask the password field in the users table from simple SELECT
grabs.
I know that CF has some built-in encryption tools but I can't remember what
they are. Can someone point me in the right direction?
At this moment I'm just trying to figure out what to store in the database.
I know I'll need a field for the password but do I need to also provide a
field for a key or key pair?
Thanks!
Hatton
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.548 / Virus Database: 341 - Release Date: 12/5/2003
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
