On the subject of encryption in Cold Fusion, does anyone know what algorithm
is used by Cold Fusion to encrypt and decrypt the data? Is it an accepted
algorithm like RC4 or Blowfish or something like that or is it proprietary?
If anyone could let me know, I would appreciate it.
-----Original Message-----
From: Jon Hall [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 27, 2001 3:47 PM
To: CF-Talk
Subject: Re: Encryption differences in ColdFusion 4.5 and 5.0?
I've posted this snippet before, and I'll post it again. I got it from
this list originally many moons ago...
This produces a db safe string
<cfset secret_word_encrypted=
ToBase64(encrypt("#string2beEncrypted#","#key#"))>
This decrypts the string
<cfset secret_word_decrypted=
decrypt(tostring(tobinary("#secret_word_encrypted#")),"#key#")>
This string will still produce characters that are not url safe, but
that's not really the point anyway...I cant remember if this produces a
static length string, but a little routine to pad the string would fix that.
jon
Tyson Vanek wrote:
>Ray and all,
>
>The issue with the out-of-the-box ColdFusion encrypt/decrypt functions is
>that it doesn't limit itself to "safe" characters when doing the
encrypting.
>Specifically, there's the possibility that the encrypt() function will
>generate an encrypted string with single quotes ('), spaces ( ), pound
signs
>(#), line feeds or line breaks. Once an encrypted string with any of
>these characters has been generated, it can cause problems when trying to
>decrypt and get the original string. In some cases, this throws the
>all-too-familiar "The value to be decrypted is not valid" error message.
>Most of the time, this occurs when you take your string, encrypt it, stuff
>it into the database, retrieve the value from the database and attempt to
>decrypt it.
>
>If the encrypt() function were a little less dangerous, perhaps more people
>would use it. The headaches caused by this function can also be evidenced
>by going to the Allaire site and searching the ColdFusion Support Forums
for
>"encrypt" and "decrypt" - you'll find tons of messages that describe this
>very same problem and recommend, as an alternative, to use the undocumented
>cfusion_encrypt() and cfusion_decrypt() functions.
>
>Unfortunately, the release of ColdFusion 5.0 apparently has not corrected
>this problem either.
>
>Hope this helps,
>Tyson
>
>------------------------------------------------
>Tyson Vanek, Technical Lead
>duoDesign, The eBusiness Architects
>Building your business online
>
>847.491.3000 main | [EMAIL PROTECTED]
>847.491.3100 fax | www.duodesign.com
>847.491.4270 direct | www.chicagoangels.org
>
>Come to our free 2-hour seminar "The eBusiness Squeeze"
>http://www.duodesign.com/squeeze/seminar.html
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
