If you're dead set on encryption, I have some code that will handle gpg encryption via a java wrapper in coldfusion, however I'd refer you to previous comments about the necessities of shared keys etc etc.
All in all I think you'd be better off just adding some logic to your application forcing a reset of the password when the user first logs in. IE when a password is generated, put a flag against the user record and have your code force them to change their password before they can proceed. This way emailing them a cleartext password doesn't make any difference because they're then changing it immediately (and you can use a one way encryption to store the password in the db. Look on cflib for the MD5 function or check out cf8's encryption routines). Toby On 02/03/2008, at 11:55 PM, Richard White wrote: > hi > > thanks for your replies. your right it sounds like encryption is too > much work. it seems like this is a bit of a tricky spot for many > developers. > > there has also been some neat solutions on here although i am > thinking that if someone was to hack into the mail server, or > falsely receieve the email meant for someone else. they could easily > log on (as in our system the username is their email)so they would > have somone's username and password, can log on and cause alot of > havoc in the system. > > it is not so much ourselves that need not see the password as they > can change their password as soon as they logon. it is more of the > third party problems we are thinking about. so even the ssl or the > timer solutions will still allow someone to get in if they get hold > of the email. > > hmmm, this needs some creative thinking i think!!! > > does anyone have a similar situation to this and if so how do you > have yours setup? > > thanks for all your help and advice > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:300277 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
