Steve
I wrote a custom tag called cf_cryp that I use in place of encrypt()
and decrypt(). It builds on encrypt() and decrypt() by encoding all
the characters produced by encrypt() with their ASCII values, shifts
some bits to make it a little more unintelligible and adds a
similarly encoded checksum to prevent someone from manipulating
characters to change the value (helpful for url parameters, hidden
form fields and cookies).
I also set up a test page with some more information on the drawbacks
of encrypt()/decrypt() at
http://www.iology.com/products/downloads/cryptest.cfm
You can download the code their too; it's free for all commercial
purposes and open source.
Jackson Moore
[EMAIL PROTECTED]
On Fri, 29 Jun 2001 15:01:22 -0400, Steve Reich wrote:
>> Maybe it's just a wierd browser thing. What do you see if you View
>>SOurce?
>
>
>No.. I checked that. It's very strange because there is no
>consistency to
>it. Some strings encrypt the same everytime, others don't.
>
>If I run this in my browser....
>
><cfset encryptedPW = "#Encrypt("password", "k39dkjw*
>kd@kfoe%kfps037")#">
>
><cfoutput>#encryptedPW #-#Len(encryptedPW)#</cfoutput>
>
>and then hit refresh... it toggles between these two values...
>
>(78XD6IF#J5&(
>and
>(78XD6IF#J5'
>
>..... but it returns the Len of both strings as 14. Something with
>ASCII,
>either spaces or line feeds might be one of the chars that could be
>messing
>me up. In the database field (SQL7), visually you can see some box
>characters that represents an ASCII character that can't be
>displayed.
>Help!!
>
>Thanks,
>Steve
>
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
