[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1257
  • Last Modified:

decryption in coldfusion

i have a database setup to where i have people log in with userid and passwords.  i generate a random number and encrypt these numbers as passwords and store them into the database. when i query the database and try to decrypt these passwords back to numbers, they are no longer numbers, but rather wierd characteres and jummbled letters.  essentially the decrypted form of the encrypted passwords are all wrong so the users cannot log in.  the only difference though is that when i type in a number, encrypt it, and right after decrypt it, the numbers appear fine.  it is only when i query the database and decrypt what is stored in the database where the passwords get all weird even though the encrypted form of the passwords are the same.
0
happydog234
Asked:
happydog234
1 Solution
 
CFDevHeadCommented:
Lets see your code.
0
 
happydog234Author Commented:
this works fine:
<cfset password = 2>
<cfset Encrypted = Encrypt(password, key)>
<cfset Decrypt = Decrypt(Encrypted, key)>
#Decrypt#

this doesnt work:
<cfquery name=decrypting datasource=testing>
SELECT password FROM users
</cfquery>

<cfoutput query=decrypting>
      <cfset Decrypt = Decrypt(password, key)>
      #Decrypt#
</cfoutput>
0
 
CFDevHeadCommented:
when you select the password from the DB trim the felid to make sure there is any white space.
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
CFDevHeadCommented:
if that doesn't work try using
<cfset password = 2>
<cfset key ='my fav. key!'>
<cfset Encrypted = cfusion_encrypt(password, key)>
<cfset Decrypt = cfusion_decrypt(Encrypted, key)>
<cfoutput>
#Decrypt#

</cfoutput>
0
 
Renante EnteraCommented:
Try this one :

<cfquery name=decrypting datasource=testing>
SELECT password FROM users
</cfquery>

<cfoutput query=decrypting>
     <cfset Decrypt = Decrypt('#password#', key)>
     #Decrypt#
</cfoutput>

Or you can have it this way :

<cfquery name=decrypting datasource=testing>
SELECT password FROM users
</cfquery>

<cfoutput query=decrypting>
     <cfset mypass = '#password#'>
     <cfset Decrypt = Decrypt(mypass, key)>
     #Decrypt#
</cfoutput>

Goodluck!
eNTRANCE2002 :-)
0
 
anandkpCommented:
Avoid using keywords like : "password" / "decrypt" as ur variable names !

normally the conversion shld be possible & u shld be able to get back ur values decrypted properly ... the reason there may be problems with this is -
1. u may have used different keys ...
2. there wld have been some special characters used [value / key] - which cldnt be formatted correctly while storing in teh DB ... thus the decryption resulted in a error ...
3. as mentioned above - using trim wld allow u to get rid of unwanted spaces - which may go un-noticed & can cause error...
0
 
jyokumCommented:
This will resolve your encryption/decryption problem.

http://www.experts-exchange.com/Web/WebDevSoftware/ColdFusion/Q_20746580.html#9417582

to encrypt...
myEncodedText = tobase64(encrypt(myText,"key123"));

to decrypt...
myDecodedText = decrypt(tostring(tobinary(myEncodedText)),"key123");

I wouldn't recommend using cfusion_encrypt and cfusion_decrypt since it is really easy to crack that encryption.
0
 
PE_CF_DEVCommented:
If you want to securely do this your best way is to hash the password....
so you would do this:
Update passwordtable
set password = #hash(password)#
where whatever

then upon login
select stuff
from passwordtable
where password = #hash(password)#

0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now