After a long break in my series of the little enhancements in ColdFusion MX 7 (CFMX 7 Little Things), I am back today with another article, this time with the Hash function.
In versions of ColdFusion prior to 7, the Hash function used the MD5 algorithm to generate hash values. In version 7 you can specify which algorithm to use, and the new choices are:
- SHA - Generates a 28 character hash string using the Secure Hash Standard SHA-1 algorithm
- SHA-256 - Generates a 44 character hash string using the SHA-256 algorithm
- SHA-384 - Generates a 64 character hash string using the SHA-384 algorithm
- SHA-512 - Generates a 88 character hash string using the SHA-512 algorithm
Here's a code example that generates an 88 character hash, which is pretty large:
CF 7 Also adds an encoding argument, which according to the docs:
Must be a character encoding name recognized by the Java runtime. The default value is the value specified by the defaultCharset entry in the neo-runtime.xml file, which is normally UTF-8
The Hash function is most commonly used as a one way encryption for passwords. If you don't want to store a users password in your database in plain text, you can store the Hash of the password. Then when the user logs in instead of comparing the password with a value from your database, you compare a Hash of the input password, with the Hash of the users password in the database.
There is no known way to reverse a hash, so if your user forgets their password, you cannot email it to them, you have to come up with another way to authenticate the user (secret questions is one good way), in order to reset the password.
Like this? Follow me ↯Tweet Follow @pfreitag
Hash was first published on March 15, 2005.
If you like reading about cfml, coldfusion 7, or crypto then you might also like:
- Strong Encryption Technote shows undocumented features
- ColdFusion 7 Strong Encryption
- CFFUNCTION and CFARGUMENT don't support new types in ColdFusion 7
- CFTIMER - Little things in ColdFusion 7
- cfdirectory adds recursive support - Little Things in CFMX 7
- IsValid - CFMX 7 Little Things
- CFPARAM - New Features in CFMX 7
The FuseGuard Web Application Firewall for ColdFusion & CFML is a high performance, customizable engine that blocks various attacks against your ColdFusion applications.