Good Morning Richard, Hashing your user's password is probably one of the most secure ways of storing a password. Hashes are nearly irreversible (in all general senses, they are irreversible).
To hash a password you would simply call the Hash() function and supply it a string to hash and the algorithm you want to use: <cfset hashedPswd = Hash(form.uPassword, "SHA") /> Then simply follow that same process if the user is logged in and compare it to the one stored in the database, just like you were saying. -Kyle On Dec 20, 2006, at 5:30 AM, Richard White wrote: > Hi, i am just working on creating user accounts and would like some > advice in regard to the password. > > from what i have read i take it that the best way to deal with > passwords is to only save the hashed version of the users password > in the database. Then when the user attempts to log on, we take the > password that they entered, hash it, and then compare it to the > hashed version in the database. > > I just have a few questions: > > 1) is this the best way to do it? > > 2) can anyone advice on the best hashing algorithm to use, or any > advice on this matter? Also can anyone provide me with a very short > piece of code to show me how to hash the password? > > 3) seeing as we only have the hashed version of the password what > happens if the user has forgotten their password? - do we have to > reset their password to one that we know, get them to log on with > it, and then ask them to change their password once they have > logged on? > > thanks very much for any help anyone can provide > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:264562 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4