just wondering: is there any particular reason why you dont just use CF's built in hash() function?
-----Original Message----- From: Andy Ousterhout [mailto:[EMAIL PROTECTED] Sent: 07 April 2005 13:02 To: CF-Talk Subject: RE: Password management Best Practices I use MD5 hash available on http://www.cflib.org. When someone forgets a password, I email them a temporary password that must be changed immediately upon use. I also email them whenever anything on their profile, including password, is changed. When someone calls in, we do the same thing on their behalf. No one but the User ever sees their password Andy -----Original Message----- From: Mark Leder Hi all, I've been pondering the problem of password storage in a db and its retrievability, and was wondering what other people have done in the following situations: 1) What method(s) used for password encryption (salt and hash). What tag(s) do you use? 2) When someone forgets their password, how would an encrypted password be de-salted/de-hashed and displayed on a screen? (I would display the password when the userenters their emal AND correctly responds to a challenge question - I never send passwords via email, as I have seen done on many ecommerce sites). Thanks, Mark ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:201850 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
