Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Encrypting/Decrypting Passwords in ColdFusion

Tags:

coldfusion

lucee

I am currently encrypting user password and storing them in my DB by using the following code:

<cfset encrypted_pass = Hash(#form.pwd#, 'SHA-512')/>

Is there a way I can decrypt this password after the fact?

like image 465
Brian Fleishman Avatar asked May 08 '26 15:05

Brian Fleishman

1 Answers

If you are storing passwords in a database, you should always store these as hashes and not using reversible encryption. The method of doing is this "hashing" but not all hashing is created equal and the "hash" function in CFML is not good enough for password hashing.

The reason for using hashing is so if a "bad actor" gains access to your DB they are still not able to obtain your users passwords.

Please see the following article for details and code examples for good password hashing in CFML:

https://www.andrewdixon.co.uk/2020/05/12/password-hashing-in-cfml/

like image 68
andrewdixon Avatar answered May 11 '26 15:05

andrewdixon

Sign in to Comment

Related questions

ColdFusion web.xml?
Cannot access CFADMIN any more
coldfusion sessionid not being created
Converting from ColdFusion Fusebox 5.5 noxml

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!