I agree - this is the most secure. when logging in, you hash the entered password, then do a select on the username, and the hashed password - if you get a record back, they are authenticated. Doing it this way avoids ever having to decrypt a password.
Only catch is if you offer a system that can email the password to a user - now you need to decrypt the password, which hashing does not support. My 2 cents worth. Shawn Grover -----Original Message----- From: Tony Schreiber [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 02, 2002 9:13 PM To: CF-Talk Subject: Re: best password encryption method My suggestion would be to use HASH (one-way encryption). Unless you have a specific reason for needing to decrypt passwords. > anyone can suggest what is the best method to encrypt password that stored > in the database? > > > -------------------------------------------------------------------------- - > "Pharmaniaga Berhad, your integrated healthcare provider" > www.pharmaniaga.com.my > "www.ehealth4all.com, your most convenient way to healthcare, everyday..." > The information transmitted is intended only for the person or entity to > which it is addressed and may contain confidential or privileged material. > If you received this in error, please contact the sender and delete the > material from any computer. Any review, retransmission, dissemination or > other use of, or taking of any action in reliance upon, this information by > persons or entities other than the intended recipient is prohibited. > -------------------------------------------------------------------------- - > ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists