Many thanks Robert,
I've added some extra verification to the data being written to the cookie,
will see how that goes.
I suspect it is happening when a spam bot hits the form and the data being
provided isn't valid.
Jenny Gavin-Wear
Fast Track Online
Tel: 01262 602013
http://www.fasttrackonlin
Well, this is just an annoyance, but it seems there is a minor error in the CF
form validation when you use validate="float". It does not validate correctly.
It allows both a $ sign and/or a , to be inserted in the field.
That's just wrong.
Robert B. Harrison
Director of Interactive Services
SHA-1 is in the algorithm options hash in CF 7
http://livedocs.adobe.com/coldfusion/7/htmldocs/wwhelp/wwhimpl/common/html/wwhelp.htm?context=ColdFusion_Documentation&file=0503.htm
SHA: Generates a 28-character string using the Secure Hash Standard SHA-1
algorithm specified by Nation Institut
Yep if you have SQL Server, you can have it create the SHA1 hash for
you. Sorry if high level, but I need to run.
- Rex
On 10/20/2011 11:33 AM, Eric Roberts wrote:
> I know that SHA-1 was not included in 7, but is there a way around
> this...possibly using a java method to create a hash. An A
I know that SHA-1 was not included in 7, but is there a way around
this...possibly using a java method to create a hash. An API we are using
uses a SHA-1 hash digest and there is no choice in the encryption method.
Any ideas?
Eric
~~~
In MySQL there is a data type called ENUM that allows you to store a lost of
preset values like so:
CREATE TABLE sizes (
name ENUM('small', 'medium', 'large')
);
Unfortunately there is no equivalent to ENUM in MSSQL. However it is
possible to emulate the same functionality using a constrain
don't forget you can also add any random string to any value before hashing it
so if customers password is "12345" then you can add "678910" to it
before hashing it and also include this in any hash comaprison as
well. This also helps with users who insist on using weak passwords.
On Thu, Oct 2
I think the clearest method is probably selects with options:
value - display
NULL - not set (or similar)
1 - true/yes/on
0 - false/no/off
On Thu, Oct 20, 2011 at 12:06 PM, Carl Von Stetten
wrote:
>
> I'm rewriting a CF application that stores its data in SQL Server (2005,
> moving to 2008R2 so
I'm rewriting a CF application that stores its data in SQL Server (2005, moving
to 2008R2 soon). I have a number of bit datatype columns in my tables, which
correspond to true/false or yes/no values in the application. For some of
these values, I need to track if they have not yet been set to
On Thu, Oct 20, 2011 at 12:26 PM, <> wrote:
> Further more, a hash value cannot be decrypted, then the passwords in the
> database are 100% protected.
>
They are certainly not 100% protected.
I've been using bCrypt lately with good results. More secure than an
unsalted hash, iterations and sal
On Thu, Oct 20, 2011 at 9:39 AM, Justin Scott wrote:
>
>> Further more, a hash value cannot be decrypted, then the
>> passwords in the database are 100% protected.
I once looked up my password on google and there it was. It wasn't a
common word either, but something along the lines of 8y8B*&
I
> Further more, a hash value cannot be decrypted, then the
> passwords in the database are 100% protected.
It's true that a hash can't be "decrypted" in the traditional sense,
but attackers have been building lists of pre-hashed common words to
compare hashes against for years (go search for "rai
As long as they both use the same Hash algorithm
http://livedocs.adobe.com/coldfusion/8/functions_h-im_01.html
You'll need to verify what hash your SQL system is using,
Here are the docs for MS SQL Server
http://msdn.microsoft.com/en-us/library/ms174415.aspx
On Thu, Oct 20, 2011 at 9:29 AM,
> Actually you don't need to decrypt passwords at all. For something
> like passwords you could use HASH store them in the data base. Then to
> check to see that a user's password is correct, also convert that to a
> has value and compare hash value to hash value. At least, that's how I
> do i
> If you use the same "settings" - algorithm and key they should be
> compatible.
So for instance, if I do an md5 hash update on all of the password in sql, I
can use the CF MD5 hash to check the password when a user logs in?
~~
>>For something like passwords you could use HASH store them in the data base.
Further more, a hash value cannot be decrypted, then the passwords in the
database are 100% protected.
~|
Order the Adobe Coldfusion Anthology now!
Actually you don't need to decrypt passwords at all. For something like
passwords you could use HASH store them in the data base. Then to check to see
that a user's password is correct, also convert that to a has value and compare
hash value to hash value. At least, that's how I do it.
Some sa
If you use the same "settings" - algorithm and key they should be
compatible.
On 10/20/11 9:13 AM, Torrent Girl wrote:
> Hi All.
>
> I have what may be a dumb question.
>
> I am going through the process of encrypting passwords in an existing
> database but I am doing it via a CF template where
Hi All.
I have what may be a dumb question.
I am going through the process of encrypting passwords in an existing database
but I am doing it via a CF template where I retrieve the top 5 records,
loop over them and update each record with an encrypted value. I know, I
know
I am doin
Hi All.
I have what may be a dumb question.
I am going through the process of encrypting passwords in an existing database
but I am doing it via a CF template where I retrieve the top 5 records,
loop over them and update each record with an encrypted value. I know, I
know
I am doin
It appears you are allowing user to enter some values then storing them as
cookies. The error you are showing looks like it may be a syntax error in the
CF code where some line is not seeing the values correctly. This could happen
if you get a stray " or stray # in your user values somewhere an
On Wed, Oct 19, 2011 at 10:52 PM, Gerald Guido wrote:
>
> Awesome find Pete. Thanx for Sharing!
You're welcome Gerald. One thing I forgot to mention about the IIS
version (from Helicon) is that it requires CF 9.0.1 running the native
IIS7 connector - it doesn't work in IIS6 compatibility mode.
Hi all,
I'm trying to pin down the cause of the following error in the application
log.
"Element is undefined in a Java object of type class
coldfusion.runtime.CookieScope referenced as "
The code it points to is:-
It occurs quite rarely, perhaps 2-3 times a day.
TIA for any suggestions
23 matches
Mail list logo