11 Replies Latest reply on Mar 22, 2007 10:20 AM by kt03

    encrypt the password

    kt03 Level 1
      Hi. I am writing an app which stores usernames/passwords into a database table.

      I have the form for admin to add the new user by enter the username and passord on the form. The question is how can I encrypt the password provided by the user before insert it into the table and then compare it when the userlogin.

      thanks


        • 1. Re: encrypt the password
          Karthik_Nataraj
          You can use the coldfusion functions Encrypt & Decrypt. Check out for the column length that might be required. Every time you compare the password use Decrypt function and then compare with the input given by the user.

          If you need to write your own algorithm too, you can write and use it.
          • 2. Re: encrypt the password
            kt03 Level 1
            Here what I test so far but it dosent work.

            <cfoutput>
            <cfset myAlgorithm = "CFMX_COMPAT">
            <cfset thekey = "#form.username#">
            <cfset encrypted=encrypt("Form.password, theKey, myAlgorithm")>
            #encrypted#
            </cfoutput>
            • 3. Re: encrypt the password
              Karthik_Nataraj Level 1
              <cfset encrypted=encrypt("Form.password, theKey, myAlgorithm")>

              that line is not valid, try this

              <cfset encrypted=encrypt(Form.password, theKey, myAlgorithm)>

              I am working in CFMX 6 and the same function works fine. In MX 6 we don't have the option of the algorithms but I would recommend using DES.
              • 4. encrypt the password
                kt03 Level 1
                I got the encrypt part working and inserted it into the table but don't know how to compared it when user login.

                <cfquery name="get_password" datasource="#ds#">
                select password
                from user_tbl
                </cfquery>
                <cfoutput query="get_password">
                <cfset comparison = Compare(FORM.password, password)>
                </cfoutput>
                <cfquery datasource="#ds#" name="Login">
                SELECT username, password
                FROM user_tbl
                WHERE
                username = '#form.username#'
                AND
                password = '#comparison#'
                </cfquery>
                • 5. Re: encrypt the password
                  Karthik_Nataraj Level 1
                  <cfquery datasource="#ds#" name="Login">
                  SELECT Decrypt(password, form.username, "CFMX_COMPAT") FROM user_tbl WHERE username = '#form.username#'
                  </cfquery>

                  <cfif Login.RecordCount GT 0 AND Compare(Login.password, form.password) EQ 0>
                  Valid login
                  </cfif>

                  You have to use the same key & algorithm to decrypt and do the comparison.
                  • 6. Re: encrypt the password
                    Karthik_Nataraj Level 1
                    <cfquery datasource="#ds#" name="Login">
                    SELECT password FROM user_tbl WHERE username = '#form.username#'
                    </cfquery>

                    <cfif Login.RecordCount GT 0>
                    <cfif Compare( Decrypt(Login.password, form.username, "CFMX_COMPAT"), form.password) EQ 0>
                    Valid login
                    </cfif>
                    </cfif>
                    • 7. encrypt the password
                      kt03 Level 1
                      Thanks but i am not really understand this line of code:
                      <cfif Compare( Decrypt(Login.password, form.username, "CFMX_COMPAT"),

                      here is my code
                      <cfquery datasource="#ds#" name="Login">
                      SELECT password FROM user_tbl WHERE username = '#form.username#'
                      </cfquery>

                      <cfset password = '#form.password#'>
                      <cfset key = 5>
                      <cfset encrypted ="#encrypt(password ,key)#">
                      <cfset Decrypted ="#Decrypt(encrypted,key)#">

                      <cfquery datasource="#ds#" name="Login">
                      SELECT password FROM user_tbl WHERE username = '#form.username#'
                      and password ='#Decrypted#'
                      </cfquery>
                      Count:<cfoutput>#Login.recordcount#</cfoutput> it returns 0 even i enter the correct username and password

                      thanks
                      • 8. Re: encrypt the password
                        Karthik_Nataraj Level 1
                        quote:


                        <cfif Compare( Decrypt(Login.password, form.username, "CFMX_COMPAT"), form.password) EQ 0>



                        Since you used it in the code during encryption, I did the same to decrypt. Now I am completely confused with your code, please post the code you used to encrypt the password in your database. The same logic will go in the above line.
                        • 9. Re: encrypt the password
                          kt03 Level 1
                          Enclosed two pages of insert and loginpage of how to encrypted and decrypted but it didn't work.
                          ========================================================
                          • 10. Re: encrypt the password
                            Karthik_Nataraj Level 1
                            You have encrypted and decrypted the password means you still have the plain text password. Try the below one first, if it didn't work try the next part

                            <!--- login.cfm --->
                            <cfset password = '#form.password#'>
                            <cfset key = 5>
                            <cfset encrypted ="#encrypt(password ,key)#">

                            <cfquery datasource="#ds#" name="Login">
                            SELECT password FROM user_tbl WHERE username = '#form.username#'
                            and password ='#encrypted#'
                            </cfquery>

                            <cfif Login.recordcount gt 0>
                            valid
                            <cfelse>
                            not valid
                            </cfif>

                            <!--- login1.cfm --->
                            <cfset isUserAuthenticated = false>
                            <cfset password = '#form.password#'>
                            <cfset key = 5>

                            <cfquery datasource="#ds#" name="Login">
                            SELECT password FROM user_tbl WHERE username = '#form.username#'
                            </cfquery>

                            <cfif Login.recordcount gt 0>
                            <cfset decrypted ="#decrypt(Login.password, key)#">
                            <cfif Compare(decrypted, Form.password) eq 0>
                            <cfset isUserAuthenticated = true>
                            </cfif>
                            </cfif>
                            • 11. Re: encrypt the password
                              kt03 Level 1
                              it worked. thank you very much for your patient and your help.