Hi
Just to come back to a few of your security points for some more
information please.
---QUOTE---
You might want to encrypt the information on the database... but this is
a little overkill-ish. However if you can't secure the database as much
as you'd like it can be a good measure.
--
Subject: RE: security suggestions?
Hi
Just to come back to a few of your security points for some more
information please.
---QUOTE---
You might want to encrypt the information on the database... but this is
a little overkill-ish. However if you can't secure the database as much
as you'd like
-mailed to
their registered e-mail addresss, how would the hashed value in the db
be converted back to their original password of 'Test' ?
-Original Message-
From: Kerry [mailto:[EMAIL PROTECTED]
Sent: 14 October 2005 09:34
To: CF-Talk
Subject: RE: security suggestions?
what would you
Sor for example if I used the following when the user registers their
details
#Hash(form.Password, SHA-512)# to store the hash of the password (
i.e. 'Test.) the user has entered in the form to be stored in the
database
Then when the user logs in and enters their password of 'Test' using the
how would the hashed value in the db
be converted back to their original password of 'Test'
You dont - you have to send them a new password.
-Original Message-
From: Ian Vaughan [mailto:[EMAIL PROTECTED]
Sent: 14 October 2005 09:59
To: CF-Talk
Subject: RE: security suggestions?
Sor
Also if I hashed the password in the database, and offered a
feature if the user forgets their password and wanted their
password e-mailed to their registered e-mail addresss, how
would the hashed value in the db be converted back to their
original password of 'Test' ?
It can't be
-Original Message-
From: Ian Vaughan [mailto:[EMAIL PROTECTED]
Sent: Friday, October 14, 2005 4:23 AM
To: CF-Talk
Subject: RE: security suggestions?
Hi
Just to come back to a few of your security points for some more
information please.
---QUOTE---
You might want to encrypt
On 10/14/05, Ian Vaughan [EMAIL PROTECTED] wrote:
--snippet---
WHERE Password = '#Hash(form.Password, SHA-512)#'
/CFQUERY
Any ideas on where I am going wrong?
Its hashing the string form.Password not the value of
form.passwordbecause of the quotes.
Try:
WHERE Password =
On 10/14/05, Ian Vaughan [EMAIL PROTECTED] wrote:
Do you know for any good examples of a strong password generator ?
Here is a basic one. You can take this and turn it into a custom tag
pretty easy. It removes easily-confused letters from the string which
makes it more usable but less secure.
We have a potential customer that is a bank (a small local one). They
want to be able to have people fill out a loan application online, but
are worried about security, etc. Other than using a secure certificate
and SQL Server, are there any other considerations I should give to
security?
There is the transaction/filling out of information and how it is sent.
Then there is the issue of how and what is stored.
Then there is the issue of how and what is pulled back out and what is
done with it.
Then there is the issue of what system maintenance or backups
replicate the data.
Then
We have a potential customer that is a bank (a small
local one). They want to be able to have people fill
out a loan application online, but are worried about
security, etc.
A couple of things to consider if you can...
* Put the SQL Server on its own box connected to the web server on a
Thanks, Jerry, Justin. I'm going to write all this down and make sure I
address all these concerns.
Justin, you may be right. Spending thousands of dollars to have a loan
app online that may or may not be used seems like a silly waste of money
to me. Sometimes new technology isn't always
Justin, you may be right. Spending thousands of
dollars to have a loan app online that may or may
not be used seems like a silly waste of money to me
All we can do as developers is tell the clients what it will take to make
their dreams come true. It's up to them to do the cost analysis and
-Original Message-
From: Ray Champagne [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 13, 2005 2:24 PM
To: CF-Talk
Subject: security suggestions?
We have a potential customer that is a bank (a small local one). They
want to be able to have people fill out a loan application
some other thoughts:
- Use a non-standard port to talk to the database instead of 4133.
- Use strong passwords for all users on both systems and any applications, such
as CF Admin. Use a strong password generator for this.
- Protect the CF Admin folder with OS-level security so you need a system
, October 13, 2005 1:54 PM
To: CF-Talk
Subject: Re: security suggestions?
Thanks, Jerry, Justin. I'm going to write all this down and make sure I
address all these concerns.
Justin, you may be right. Spending thousands of dollars to have a loan
app online that may or may not be used seems like
17 matches
Mail list logo