Is there anyway to change the hash algorithm use to encrypt ColdFusion Administrator password?

Forum|Forum|13 years ago
February 14, 2012
2 replies
1784 views

It looks like the ColdFusion Administrator password in the password.properties file is currently encrypted using SHA-1. Is there anyway to change this setting to say SHA-256?

This topic has been closed for replies.

J

john85Author

Inspiring

I guess I should reword my question.

Let say for CFLDAP, if the AD server certificate is signed using sha256RSA hash algorithm, does ColdFusion support it? I guess, this question is more like a Java question, as the AD cert is import using java keytool.

D

Dave Watts

Community Expert

Not that I'm aware of. But if someone can access that file, you have far more serious problems than the encryption for the password.

Dave Watts, CTO, Fig Leaf Software

Dave Watts, Eidolon LLC

J

john85Author

Inspiring

No one can access that file (it pretty much locked to the outside world, at least to my knowledge). I am just basically looking to see if ColdFusion "supported" SHA-256 hash algorithm. I know the hash function support SHA-256 and so forth, not sure if ColdFusion itself support SHA-256 hash algorithm (where ever it calculate hash value).

Thanks!

D

Dave Watts

Community Expert

The CF Administrator is just a CF application itself. When you say that the hash function supports SHA-256, that means that ColdFusion itself supports SHA-256. To the best of my knowledge, CF doesn't calculate hashes in any meaningful sense unless instructed to by a CF application.

Dave Watts, CTO, Fig Leaf Software

Dave Watts, Eidolon LLC

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded