Re: Security Question - Revisited

Marwan, Here's how I take care of the situation. The database field that stores your password needs to be a 32 (var)character. When validating a user I select based upon the username only, and then I compare the database password with the hashed user password. Something like the following is

RE: Security Question - Revisited

I have not used the hash function but this is the code straight from allaires website: CFIF Hash(Form.Password) IS NOT MyQuery.PasswordHash CFLOCATION URL=unauthenticated.cfm /CFIF I beleive your code should work. Do you have CF Server 4.5? (use #server.coldfusion.productversion# to find

RE: Security Question - Revisited

PROTECTED]] Sent: Thursday, April 26, 2001 12:13 PM To: CF-Talk Subject: RE: Security Question - Revisited I have not used the hash function but this is the code straight from allaires website: CFIF Hash(Form.Password) IS NOT MyQuery.PasswordHash CFLOCATION URL=unauthenticated.cfm /CFIF I