Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 285
  • Last Modified:

Coldfusion Encryption method for stored datasources

I work with the New York Philharmonic Orchestra doing  database admin and recently some ColdFsuion.  We are in the middle of a PCI audit and I need to document how ColdFusion encrypts the database authetication stored in the datasources set up in CF Admin.

We are running CF MX7 - do you know the answer to this or can you point me in the right direction to find the answer?

Thank you,
Stephen
0
nypithelp
Asked:
nypithelp
  • 3
  • 2
1 Solution
 
_agx_Commented:
It's well known and was actually broken years ago.

(By that I mean decrypting CF's dsn passwords is well known ...)
0
 
nypithelpAuthor Commented:
Do you know if it is PCI compliant or would anything with coldFusion MX non PCI compliant?
0
 
_agx_Commented:
Sorry, I couldn't hazard a guess on that one. I can only tell you how MX7 encrypts the datasource passwords.  But I'm pretty sure PCI compliance is more involved than just that one piece (ie datasource password).
0
 
nypithelpAuthor Commented:
Yeah, they are vague on what the consider sufficient in a lot of areas so I just wondered if this would count as a violation or not.

Thank you!
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now