Speck CMS - A simple content management system for ColdFusion

you are here: home > documentation > users and security > password encryption

• Getting Started
  • Speck Concepts
  • System Requirements
  • Installing
  • Upgrading
  • Hello Speck!
  • Articles
  • Caching
• Sample Application
  • Installing
  • Displaying Content
  • Managing Content
• Application Configuration
  • Settings
  • Keywords
  • Globalization
  • UI Customisation
• Building Applications
  • Application Initialisation
  • Creating Content Pages
  • Creating Content Types
  • Built-in Content Types
  • Built-in Property Types
  • Event Handlers
  • Context Sensitive Help
• Users and Security
  • Security Files
  • User Sessions
  • Access Control
  • Password Encryption
  • Reserved Roles
• Optimising Performance
  • Output Caching
  • Query Caching
  • Unnecessary Processing
  • Database Performance

Password Encryption

The users security file has an optional "encryption" setting in the options section. If used, the value for this encryption setting should be the name of a function used to encrypt plain text passwords (e.g. hash) before comparing with passwords stored in the source to check for a match. The function is assumed to take only one argument, which is the plain text password to be encrypted before comparison with the source password. The default value for this optional setting is an empty string, in which case passwords are considered to be stored as plain text.

Note that as the value of the setting is the name of a function, you can use other functions besides hash(), including user-defined functions, to encrypt plain text passwords before comparing with source passwords. If you use a user-defined function, note that the encryption function is called from the cf_spApp tag, so your UDF should be assigned to request scope (or to a structure within request scope) and the full scope prefix should be used in the value for the encryption setting, e.g. "request.functions.hash_sha1".