ColdFusion Datasource

Community Beginner ,
Feb 10, 2018 Feb 10, 2018

Copy link to clipboard

Copied

I would like to know the current password for my data sources in ColdFusion 11, what is the process for that... If the password is in encrypted form how to decrypt it.

Views

610

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct Answer

Adobe Community Professional , Feb 11, 2018 Feb 11, 2018
I don't think it can be decrypted. The passwords stored by CF are hashed, not encrypted. If you had a table of values that were hashed using the same seed that CF is configured to use, you could probably identify the original password from that, but CF does let you change the seed so that seems less likely to work.But if your goal is to find this out, why not go to whoever manages the database server and just ask?Dave Watts, CTO, Fig Leaf Software

Likes

Translate

Translate
Adobe Community Professional ,
Feb 11, 2018 Feb 11, 2018

Copy link to clipboard

Copied

I don't think it can be decrypted. The passwords stored by CF are hashed, not encrypted. If you had a table of values that were hashed using the same seed that CF is configured to use, you could probably identify the original password from that, but CF does let you change the seed so that seems less likely to work.

But if your goal is to find this out, why not go to whoever manages the database server and just ask?

Dave Watts, CTO, Fig Leaf Software

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Feb 10, 2020 Feb 10, 2020

Copy link to clipboard

Copied

You could unhash it using cfconfig a plug-in from Ortus. CFConfig takes all your datasources and makes it into a json file which can be easily read.

 

Give it a try. Good luck!

Al Serize

Sr. Web Eng.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Feb 11, 2020 Feb 11, 2020

Copy link to clipboard

Copied

LATEST

The password is stored encrypted. It is always advised to hash passwords. ColdFusion cannot do this because the password is needed in clear text to establish a new connection to a database.

ColdFusion used to have one global key. This was changed some times back, so when ColdFusion is installed a seed is generated and every password is encrypted using this key.

 

There is this article explaining many things including how to read the passwords using the AdminAPI and decrypt them: https://medium.com/@cfmike/retrieve-coldfusion-datasource-passwords-4c1064b91548

Prior to CF10 the seed and agorithm are fixed values and are “0yJ!@1$r8p0L@r1$6yJ!@1rj” and “DESede” respectively. For CF10 and beyond you will need to retrieve these values from the seed.properties file.

 

 

 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines