Solved

decryption in coldfusion

Posted on 2003-11-21
8
1,219 Views
Last Modified: 2013-12-20
i have a database setup to where i have people log in with userid and passwords.  i generate a random number and encrypt these numbers as passwords and store them into the database. when i query the database and try to decrypt these passwords back to numbers, they are no longer numbers, but rather wierd characteres and jummbled letters.  essentially the decrypted form of the encrypted passwords are all wrong so the users cannot log in.  the only difference though is that when i type in a number, encrypt it, and right after decrypt it, the numbers appear fine.  it is only when i query the database and decrypt what is stored in the database where the passwords get all weird even though the encrypted form of the passwords are the same.
0
Comment
Question by:happydog234
8 Comments
 
LVL 9

Expert Comment

by:CFDevHead
ID: 9799649
Lets see your code.
0
 

Author Comment

by:happydog234
ID: 9799685
this works fine:
<cfset password = 2>
<cfset Encrypted = Encrypt(password, key)>
<cfset Decrypt = Decrypt(Encrypted, key)>
#Decrypt#

this doesnt work:
<cfquery name=decrypting datasource=testing>
SELECT password FROM users
</cfquery>

<cfoutput query=decrypting>
      <cfset Decrypt = Decrypt(password, key)>
      #Decrypt#
</cfoutput>
0
 
LVL 9

Expert Comment

by:CFDevHead
ID: 9799703
when you select the password from the DB trim the felid to make sure there is any white space.
0
 
LVL 9

Expert Comment

by:CFDevHead
ID: 9799718
if that doesn't work try using
<cfset password = 2>
<cfset key ='my fav. key!'>
<cfset Encrypted = cfusion_encrypt(password, key)>
<cfset Decrypt = cfusion_decrypt(Encrypted, key)>
<cfoutput>
#Decrypt#

</cfoutput>
0
New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

 
LVL 14

Expert Comment

by:Renante Entera
ID: 9801140
Try this one :

<cfquery name=decrypting datasource=testing>
SELECT password FROM users
</cfquery>

<cfoutput query=decrypting>
     <cfset Decrypt = Decrypt('#password#', key)>
     #Decrypt#
</cfoutput>

Or you can have it this way :

<cfquery name=decrypting datasource=testing>
SELECT password FROM users
</cfquery>

<cfoutput query=decrypting>
     <cfset mypass = '#password#'>
     <cfset Decrypt = Decrypt(mypass, key)>
     #Decrypt#
</cfoutput>

Goodluck!
eNTRANCE2002 :-)
0
 
LVL 17

Expert Comment

by:anandkp
ID: 9801657
Avoid using keywords like : "password" / "decrypt" as ur variable names !

normally the conversion shld be possible & u shld be able to get back ur values decrypted properly ... the reason there may be problems with this is -
1. u may have used different keys ...
2. there wld have been some special characters used [value / key] - which cldnt be formatted correctly while storing in teh DB ... thus the decryption resulted in a error ...
3. as mentioned above - using trim wld allow u to get rid of unwanted spaces - which may go un-noticed & can cause error...
0
 
LVL 12

Accepted Solution

by:
jyokum earned 250 total points
ID: 9805790
This will resolve your encryption/decryption problem.

http://www.experts-exchange.com/Web/WebDevSoftware/ColdFusion/Q_20746580.html#9417582

to encrypt...
myEncodedText = tobase64(encrypt(myText,"key123"));

to decrypt...
myDecodedText = decrypt(tostring(tobinary(myEncodedText)),"key123");

I wouldn't recommend using cfusion_encrypt and cfusion_decrypt since it is really easy to crack that encryption.
0
 
LVL 6

Expert Comment

by:PE_CF_DEV
ID: 9811131
If you want to securely do this your best way is to hash the password....
so you would do this:
Update passwordtable
set password = #hash(password)#
where whatever

then upon login
select stuff
from passwordtable
where password = #hash(password)#

0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this short web based tutorial, I wanted to show users how they can still use the powers of FrontPage in conjunction with Expression Web 3.  Even though Microsoft eliminated the use of Web components, we can still use them with FrontPage and edit …
Now that Expression Web 4.0 (http://www.microsoft.com/expression/products/Upgrade.aspx) is free if you buy or have the full version of Expression Web 3.0, now is the best time to  migrate from FrontPage to Expression Web (http://www.frontpage-to-exp…
The purpose of this video is to demonstrate how to properly insert a Vimeo Video into a WordPress site or Blog. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp…
The purpose of this video is to demonstrate how to update a WordPress Site’s version. WordPress releases new versions of its software frequently and it is important to update frequently in order to keep your site secure, and to get new WordPress…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now