Marwan,
Here's how I take care of the situation.
The database field that stores your password needs to be a 32
(var)character.
When validating a user I select based upon the username only, and then I
compare the database password with the hashed user password. Something
like the following is
I have not used the hash function but this is the code straight from
allaires website:
CFIF Hash(Form.Password) IS NOT MyQuery.PasswordHash
CFLOCATION URL=unauthenticated.cfm
/CFIF
I beleive your code should work.
Do you have CF Server 4.5? (use #server.coldfusion.productversion# to find
PROTECTED]]
Sent: Thursday, April 26, 2001 12:13 PM
To: CF-Talk
Subject: RE: Security Question - Revisited
I have not used the hash function but this is the code straight from
allaires website:
CFIF Hash(Form.Password) IS NOT MyQuery.PasswordHash
CFLOCATION URL=unauthenticated.cfm
/CFIF
I
3 matches
Mail list logo