Just wanted some input from the list....
We have a security system on our site. User ids and passwords are stored in
a SQL 7 DB. My question is how do you secure it? Because of IS policies,
access to the database is based on mixed SQL and NT authentication. Password
protecting the database and the datasource are a given. But is this enough.
The powers that be are concerned that storing the passwords unencrypted in
the database is less than secure, and I agree. What do you all do.
One thought that we have had was to set the password field to binary, then
use the ToBinary and ToBase64 functions to convert text into binary before
checking against the DB. Any thoughts to whether this would work or not? Any
warnings/considerations? How do you all handle this aspect of security?
Thank in advance for any input.
Marwan Saidi
Webmaster
CED - Concord IS
[EMAIL PROTECTED]
407.741.8645
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
