11 Replies Latest reply on Sep 27, 2006 7:06 AM by cgsj_usa@yahoo.com

    Password storage suggestions

      Good afternoon. I have several connections to different servers, using cfftp, cfldap, etc., where I need to pass username and passwords. I would like to store these authentication pairs in a database and then pull them out in the different applications. I know that I shouldn't store the passwords in plain text and that I can use hash to encrypt them. I also know that I can use encrypt and decrypt, but that hash is much better. My problem arises when I use hash though. I can insert the information into the database and use hash to encrypt the value of password. However, in the application, when I need to use the connection information, once I get the return from the database, it is hashed. How do I pass that information (unhashed) to the connection? Will my output (the hashed value) work? Any assistance is GREATLY appreciated. Thanks.