> to figure out some way to mask the password field in the
> users table from simple SELECT grabs.
>
> I know that CF has some built-in encryption tools but I can't
> remember what they are. Can someone point me in the right
> direction?
>
> At this moment I'm just trying to figure out what to store in
> the database. I know I'll need a field for the password but do
> I need to also provide a field for a key or key pair?
Lots of other people have directly addressed this by suggesting the use of
hashes (which is good if you can do that). I'll add to this by suggesting
the exclusive use of stored procedures and database rights to prevent the
selection of multiple user records within your application, also.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
