ColdFusion Datasource

Report · Feb 10, 2018

I would like to know the current password for my data sources in ColdFusion 11, what is the process for that... If the password is in encrypted form how to decrypt it.

Report · Feb 11, 2018

I don't think it can be decrypted. The passwords stored by CF are hashed, not encrypted. If you had a table of values that were hashed using the same seed that CF is configured to use, you could probably identify the original password from that, but CF does let you change the seed so that seems less likely to work.

But if your goal is to find this out, why not go to whoever manages the database server and just ask?

Dave Watts, CTO, Fig Leaf Software

Report · Feb 10, 2020

You could unhash it using cfconfig a plug-in from Ortus. CFConfig takes all your datasources and makes it into a json file which can be easily read.

Give it a try. Good luck!

Al Serize

Sr. Web Eng.

Report · Feb 11, 2020

The password is stored encrypted. It is always advised to hash passwords. ColdFusion cannot do this because the password is needed in clear text to establish a new connection to a database.

ColdFusion used to have one global key. This was changed some times back, so when ColdFusion is installed a seed is generated and every password is encrypted using this key.

There is this article explaining many things including how to read the passwords using the AdminAPI and decrypt them: https://medium.com/@cfmike/retrieve-coldfusion-datasource-passwords-4c1064b91548

Prior to CF10 the seed and agorithm are fixed values and are “0yJ!@1$r8p0L@r1$6yJ!@1rj” and “DESede” respectively. For CF10 and beyond you will need to retrieve these values from the seed.properties file.

Adobe Community

ColdFusion Datasource

1 Correct answer