After being criticized for my last post about 2 way encryption of passwords i have decided to write a post about hashing your passwords. As was pointed out in my last post this is a more secure way of keeping your password data safe.
Hashing passwords in a database is very easy, the syntax of the hash function is
More information about the syntax can be found at Adobe Livedocs
To hash the data into the database, we will use an insert query and insert the hashed password.
INSERT INTO users (username, password)
VALUES (<cfqueryparam value="#FORM.Nusername#" cfsqltype="cf_sql_clob" maxlength="255">, <cfqueryparam value="#Hash(form.password)#"" cfsqltype="cf_sql_clob" maxlength="255">)
</cfquery>
This is essentially very simple to do. To check if the user has entered the correct password to login we simply use a script like this.
SELECT Password
FROM Users
WHERE Username = <cfqueryparam value = "#Username#"
cfsqltype = "CF_SQL_CHARVAR">
</cfquery>
<cfif Hash(form.password) is not checkpassword.password>
<cflocation url = "loginfailed.cfm">
<cfelse>
...
</cfif>
The main difference between this and my last post about 2 way encryption of passwords, is that the password is never unencrypted so there is less chance of anyone finding it out.
discuss this topic to forum
