I would like to know the current password for my data sources in ColdFusion 11, what is the process for that... If the password is in encrypted form how to decrypt it.
I don't think it can be decrypted. The passwords stored by CF are hashed, not encrypted. If you had a table of values that were hashed using the same seed that CF is configured to use, you could probably identify the original password from that, but CF does let you change the seed so that seems less likely to work.
But if your goal is to find this out, why not go to whoever manages the database server and just ask?
Dave Watts, CTO, Fig Leaf Software
You could unhash it using cfconfig a plug-in from Ortus. CFConfig takes all your datasources and makes it into a json file which can be easily read.
Give it a try. Good luck!
Sr. Web Eng.
The password is stored encrypted. It is always advised to hash passwords. ColdFusion cannot do this because the password is needed in clear text to establish a new connection to a database.
ColdFusion used to have one global key. This was changed some times back, so when ColdFusion is installed a seed is generated and every password is encrypted using this key.
There is this article explaining many things including how to read the passwords using the AdminAPI and decrypt them: https://medium.com/@cfmike/retrieve-coldfusion-datasource-passwords-4c1064b91548
Prior to CF10 the seed and agorithm are fixed values and are “0yJ!@1$r8p0L@r1$6yJ!@1rj” and “DESede” respectively. For CF10 and beyond you will need to retrieve these values from the seed.properties file.