> pardon my ignorance, but isn't the encryption method for ALL publicly
> available encryption techniques known?
The style maybe known, but the one used for CFEncrypt isn't particularly
difficult to decrypt - thus if someone can get to your site and knows your
using CF, then they'll try the description method and amazingly get at your
data
The better method is to use a non-CFEncrypt method on CF sites and thus
increase the difficulty
What would be nicer if CFEncrypt asked for a key value and then encrypted
the data on that, rather than just "We'll encrypt it using DES"
Philip Arnold
Director
Certified ColdFusion Developer
ASP Multimedia Limited
T: +44 (0)20 8680 1133
"Websites for the real world"
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
**********************************************************************
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
