[thelist] CF Encrypt universal uniqueness

Rory.Plaire at wahchang.com Rory.Plaire at wahchang.com
Fri Dec 14 20:55:16 CST 2001


Say,

I was wondering (mind you just wondering, not actively _doing_ anything
about, since, apparently I am not encouraged or paid to do such activity) if
I encrypt a value with CF's Encrypt() function on one server, will the
resultant hash be the same as the same input value passed through Encrypt()
on another server?

If so, I would imagine that the dreaded "arbitrary SQL code from input
fields on a form" attack could be executed on, say, a login script which
reads the value of an encrypted username from a cookie and puts that into a
query to a database...

ug.

<rory disposition="getting DSL is a process, not an event" alt="8)"/>




More information about the thelist mailing list