We just had a thread on this a few days ago, didn't we?Or was it one of those that forked and went in this direction?The subject was best practices w/passwords, or storing them or something like that.
Anyway, hashing isn't the be-all and end-all.Its a real good start, but you can do better.Check
We know that unlike MS Access, SQL Server doesn't have a password type
field so it is necessary to encrypt it manually.
I wrote a tutorial for the excellent EasyCFM site and it can be found here:
http://tutorial113.easycfm.com/
It works well - but don't lose the key because a locksmith will be
You could hash() the password on the way in, stops in being stored in clear
text.
Jb.
-Original Message-
From: Shahzad.Butt [mailto:[EMAIL PROTECTED]
Sent: 16 December 2003 11:01
To: CF-Talk
Subject: Password encryption
Hi
I am storing user name and password in Access DB and running
http://www.houseoffusion.com/cf_lists/index.cfm/method=messagesthreadid
=29317forumid=4
Just yesterday.
--
-dc[ cf5, ora8.1.7, iis5 ]
-Original Message-
From: Shahzad.Butt [mailto:[EMAIL PROTECTED]
Sent: 16 December 2003 11:01
To: CF-Talk
Subject: Password encryption
Hi
I am
Depends on your security requirements.I do a one-way hash when the password
is created, and email Users temporary passwords when they forget theirs.No
one can look-up a password, not even the DBA.
-Original Message-
From: Shahzad.Butt [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 16,
5 matches
Mail list logo