encrypt the password

Report · Mar 21, 2007

Hi. I am writing an app which stores usernames/passwords into a database table.

I have the form for admin to add the new user by enter the username and passord on the form. The question is how can I encrypt the password provided by the user before insert it into the table and then compare it when the userlogin.

thanks

Report · Mar 21, 2007

You can use the coldfusion functions Encrypt & Decrypt. Check out for the column length that might be required. Every time you compare the password use Decrypt function and then compare with the input given by the user.

If you need to write your own algorithm too, you can write and use it.

Report · Mar 21, 2007

Here what I test so far but it dosent work.

<cfoutput>
<cfset myAlgorithm = "CFMX_COMPAT">
<cfset thekey = "#form.username#">
<cfset encrypted=encrypt("Form.password, theKey, myAlgorithm")>
#encrypted#
</cfoutput>

Report · Mar 21, 2007

<cfset encrypted=encrypt("Form.password, theKey, myAlgorithm")>

that line is not valid, try this

<cfset encrypted=encrypt(Form.password, theKey, myAlgorithm)>

I am working in CFMX 6 and the same function works fine. In MX 6 we don't have the option of the algorithms but I would recommend using DES.

Report · Mar 21, 2007

I got the encrypt part working and inserted it into the table but don't know how to compared it when user login.

<cfquery name="get_password" datasource="#ds#">
select password
from user_tbl
</cfquery>
<cfoutput query="get_password">
<cfset comparison = Compare(FORM.password, password)>
</cfoutput>
<cfquery datasource="#ds#" name="Login">
SELECT username, password
FROM user_tbl
WHERE
username = '#form.username#'
AND
password = '#comparison#'
</cfquery>

Report · Mar 21, 2007

<cfquery datasource="#ds#" name="Login">
SELECT Decrypt(password, form.username, "CFMX_COMPAT") FROM user_tbl WHERE username = '#form.username#'
</cfquery>

<cfif Login.RecordCount GT 0 AND Compare(Login.password, form.password) EQ 0>
Valid login
</cfif>

You have to use the same key & algorithm to decrypt and do the comparison.

Report · Mar 21, 2007

<cfquery datasource="#ds#" name="Login">
SELECT password FROM user_tbl WHERE username = '#form.username#'
</cfquery>

<cfif Login.RecordCount GT 0>
<cfif Compare( Decrypt(Login.password, form.username, "CFMX_COMPAT"), form.password) EQ 0>
Valid login
</cfif>
</cfif>

Report · Mar 21, 2007

Thanks but i am not really understand this line of code:
<cfif Compare( Decrypt(Login.password, form.username, "CFMX_COMPAT"),

here is my code
<cfquery datasource="#ds#" name="Login">
SELECT password FROM user_tbl WHERE username = '#form.username#'
</cfquery>

<cfset password = '#form.password#'>
<cfset key = 5>
<cfset encrypted ="#encrypt(password ,key)#">
<cfset Decrypted ="#Decrypt(encrypted,key)#">

<cfquery datasource="#ds#" name="Login">
SELECT password FROM user_tbl WHERE username = '#form.username#'
and password ='#Decrypted#'
</cfquery>
Count:<cfoutput>#Login.recordcount#</cfoutput> it returns 0 even i enter the correct username and password

thanks

Report · Mar 21, 2007

quote:

<cfif Compare( Decrypt(Login.password, form.username, "CFMX_COMPAT"), form.password) EQ 0>

Since you used it in the code during encryption, I did the same to decrypt. Now I am completely confused with your code, please post the code you used to encrypt the password in your database. The same logic will go in the above line.

Report · Mar 22, 2007

Enclosed two pages of insert and loginpage of how to encrypted and decrypted but it didn't work.
========================================================

Report · Mar 22, 2007

You have encrypted and decrypted the password means you still have the plain text password. Try the below one first, if it didn't work try the next part


<cfset password = '#form.password#'>
<cfset key = 5>
<cfset encrypted ="#encrypt(password ,key)#">

<cfquery datasource="#ds#" name="Login">
SELECT password FROM user_tbl WHERE username = '#form.username#'
and password ='#encrypted#'
</cfquery>

<cfif Login.recordcount gt 0>
valid
<cfelse>
not valid
</cfif>


<cfset isUserAuthenticated = false>
<cfset password = '#form.password#'>
<cfset key = 5>

<cfquery datasource="#ds#" name="Login">
SELECT password FROM user_tbl WHERE username = '#form.username#'
</cfquery>

<cfif Login.recordcount gt 0>
<cfset decrypted ="#decrypt(Login.password, key)#">
<cfif Compare(decrypted, Form.password) eq 0>
<cfset isUserAuthenticated = true>
</cfif>
</cfif>

Report · Mar 22, 2007

it worked. thank you very much for your patient and your help.

Adobe Community

encrypt the password

1 Correct answer