Skip to main content
P
Philip5FAC
Participant
February 18, 2021
Question

Need to use C++ 32bit dll functions in ColdFusion 2018 Server.

  • February 18, 2021
  • 1 reply
  • 517 views

We are currently in the process of updating our Servers to Windows 2018. All of our ColdFusion web applications are being tested and re-written to work in ColdFusion 2018 Standard edition. We also are using Sybase databases connected in ColdFusion Adninistration. One of our applications was relying on a COM component generated in PowerBuilder which needed to be dropped and replaced. Its main function was to read entered passwords and encrypt or decrypt them to verify that the stored encrypted password is correct. The Encryption/Decryption was performed by a DLL written in C++ with Export functions. The component was easily declared and usable in PowerBuilder. The function has the form: FUNCTION long Decrypt(string password, string StringToDecrypt, ref string DecryptedString) LIBRARY 'UTIL.DLL" alias for "Decrypt:Ansi". We cannot decompile this 32bit library.

We have not been able to declare this dll and function in ColdFusion Using CFOBJECT. Note: This dll is 32bit dynamic dll with no source code. It is not a COM component or a .Net object. Please, can someone give me some advise about how to inmplenet the dll functions in ColdFusion 2018 Standard Edition. Thanks.

This topic has been closed for replies.

1 reply

D
Community Expert
Dave WattsCommunity Expert
Community Expert
February 18, 2021

I don't think you've provided sufficient information on what exactly the encryption/decryption is doing. That is probably in UTIL.DLL (or somewhere else in UTIL.DLL), I guess. So, you'll need a C++ developer to tell you what's going on in there, or you'll need to post more code. Ideally, you'll have some documentation about how the encryption/decryption is supposed to work: what algorithms are used, how salt values are generated, etc. In that case you won't even really need any more code.

 

Alternatively - and this is a long shot - there's a C++ API for ColdFusion called the CFAPI or something along those lines. If you could write a C++ wrapper for this function call that conforms to the CFAPI, then run the whole mess in a Windows 32-bit application pool, you could conceivably run your code. But like I said, that's a long shot. I don't even know if the original C++ CFAPI is even supported any more to be honest.

 

Dave Watts, Eidolon LLC

Dave Watts, Eidolon LLC
P
Philip5FACAuthor
Participant
February 18, 2021

Dave,

 

Thanks for your response. The function I am trying to access is Decrypt() It has arguments 1) in string Key 2) in string in passwordToDecrypt and 3) out string DecryptedPassword. The reason for needing this function is because in the Sybase Database 16 ASE Usertable, the passords are stored encrypted (created with the Encrypt function of the same dll). In order to verify the User's entered login password (clear) is the same one which produced the encrypted value as stored in the db table, this old undocumented dll is used. The plan was to decrypt all the user passwords and regernerate new encrypted passwords using hash() function in ColdFusion. This is prefereed method, rather than force all Users to change their password on login, especially when the UserName they provide cannot be validated.

D
Community Expert
Dave WattsCommunity Expert
Community Expert
February 18, 2021

Right, but what exactly does Decrypt do? How were the passwords originally encrypted (or better yet, hashed)? There are many, many algorithms for encryption, hashing, and salting. These are the things you need to know before you can replicate that function in CF or any other environment.

 

If you can't find that out, your best bet would probably be to write a proper authentication mechanism in CF and move everyone to that in a one-time approach where they have to lose their authentication and create new passwords for their accounts.

 

Dave Watts, Eidolon LLC

Dave Watts, Eidolon LLC
Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices