We have a site with about 300,000 user accounts and are becoming
concerned about security and the possibility of account getting
highjacked. One item on my checklist is to replace clear text passwords
in the database with encoded ones. My thoughts were to create a hash of
each user's password in CF and comparing logins against that.
First off, I don't really know a lot about what CF does in terms of
producing a hash, which means I am not clear on whether or not this is
the best route to take. I would like to know if there are any best
practices around password encryption for user accounts stored in a
database.
Thanks,
M
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
