RE: security suggestions?

Hi Just to come back to a few of your security points for some more information please. ---QUOTE--- You might want to encrypt the information on the database... but this is a little overkill-ish. However if you can't secure the database as much as you'd like it can be a good measure. --

RE: security suggestions?

Subject: RE: security suggestions? Hi Just to come back to a few of your security points for some more information please. ---QUOTE--- You might want to encrypt the information on the database... but this is a little overkill-ish. However if you can't secure the database as much as you'd like

RE: security suggestions?

-mailed to their registered e-mail addresss, how would the hashed value in the db be converted back to their original password of 'Test' ? -Original Message- From: Kerry [mailto:[EMAIL PROTECTED] Sent: 14 October 2005 09:34 To: CF-Talk Subject: RE: security suggestions? what would you

RE: security suggestions?

Sor for example if I used the following when the user registers their details #Hash(form.Password, SHA-512)# to store the hash of the password ( i.e. 'Test.) the user has entered in the form to be stored in the database Then when the user logs in and enters their password of 'Test' using the

RE: security suggestions?

how would the hashed value in the db be converted back to their original password of 'Test' You dont - you have to send them a new password. -Original Message- From: Ian Vaughan [mailto:[EMAIL PROTECTED] Sent: 14 October 2005 09:59 To: CF-Talk Subject: RE: security suggestions? Sor

RE: security suggestions?

Also if I hashed the password in the database, and offered a feature if the user forgets their password and wanted their password e-mailed to their registered e-mail addresss, how would the hashed value in the db be converted back to their original password of 'Test' ? It can't be

RE: security suggestions?

-Original Message- From: Ian Vaughan [mailto:[EMAIL PROTECTED] Sent: Friday, October 14, 2005 4:23 AM To: CF-Talk Subject: RE: security suggestions? Hi Just to come back to a few of your security points for some more information please. ---QUOTE--- You might want to encrypt

Re: security suggestions?

On 10/14/05, Ian Vaughan [EMAIL PROTECTED] wrote: --snippet--- WHERE Password = '#Hash(form.Password, SHA-512)#' /CFQUERY Any ideas on where I am going wrong? Its hashing the string form.Password not the value of form.passwordbecause of the quotes. Try: WHERE Password =

Re: security suggestions?

On 10/14/05, Ian Vaughan [EMAIL PROTECTED] wrote: Do you know for any good examples of a strong password generator ? Here is a basic one. You can take this and turn it into a custom tag pretty easy. It removes easily-confused letters from the string which makes it more usable but less secure.

security suggestions?

We have a potential customer that is a bank (a small local one). They want to be able to have people fill out a loan application online, but are worried about security, etc. Other than using a secure certificate and SQL Server, are there any other considerations I should give to security?

Re: security suggestions?

There is the transaction/filling out of information and how it is sent. Then there is the issue of how and what is stored. Then there is the issue of how and what is pulled back out and what is done with it. Then there is the issue of what system maintenance or backups replicate the data. Then

RE: security suggestions?

We have a potential customer that is a bank (a small local one). They want to be able to have people fill out a loan application online, but are worried about security, etc. A couple of things to consider if you can... * Put the SQL Server on its own box connected to the web server on a

Re: security suggestions?

Thanks, Jerry, Justin. I'm going to write all this down and make sure I address all these concerns. Justin, you may be right. Spending thousands of dollars to have a loan app online that may or may not be used seems like a silly waste of money to me. Sometimes new technology isn't always

RE: security suggestions?

Justin, you may be right. Spending thousands of dollars to have a loan app online that may or may not be used seems like a silly waste of money to me All we can do as developers is tell the clients what it will take to make their dreams come true. It's up to them to do the cost analysis and

RE: security suggestions?

-Original Message- From: Ray Champagne [mailto:[EMAIL PROTECTED] Sent: Thursday, October 13, 2005 2:24 PM To: CF-Talk Subject: security suggestions? We have a potential customer that is a bank (a small local one). They want to be able to have people fill out a loan application

Re: security suggestions?

some other thoughts: - Use a non-standard port to talk to the database instead of 4133. - Use strong passwords for all users on both systems and any applications, such as CF Admin. Use a strong password generator for this. - Protect the CF Admin folder with OS-level security so you need a system

RE: security suggestions?

, October 13, 2005 1:54 PM To: CF-Talk Subject: Re: security suggestions? Thanks, Jerry, Justin. I'm going to write all this down and make sure I address all these concerns. Justin, you may be right. Spending thousands of dollars to have a loan app online that may or may not be used seems like