Highlighted

ColdFusion Datasource

Community Beginner ,
Feb 10, 2018

Copy link to clipboard

Copied

I would like to know the current password for my data sources in ColdFusion 11, what is the process for that... If the password is in encrypted form how to decrypt it.

Adobe Community Professional
Correct answer by Dave Watts | Adobe Community Professional

I don't think it can be decrypted. The passwords stored by CF are hashed, not encrypted. If you had a table of values that were hashed using the same seed that CF is configured to use, you could probably identify the original password from that, but CF does let you change the seed so that seems less likely to work.

But if your goal is to find this out, why not go to whoever manages the database server and just ask?

Dave Watts, CTO, Fig Leaf Software

Views

515

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

ColdFusion Datasource

Community Beginner ,
Feb 10, 2018

Copy link to clipboard

Copied

I would like to know the current password for my data sources in ColdFusion 11, what is the process for that... If the password is in encrypted form how to decrypt it.

Adobe Community Professional
Correct answer by Dave Watts | Adobe Community Professional

I don't think it can be decrypted. The passwords stored by CF are hashed, not encrypted. If you had a table of values that were hashed using the same seed that CF is configured to use, you could probably identify the original password from that, but CF does let you change the seed so that seems less likely to work.

But if your goal is to find this out, why not go to whoever manages the database server and just ask?

Dave Watts, CTO, Fig Leaf Software

Views

516

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Feb 10, 2018 0
Adobe Community Professional ,
Feb 11, 2018

Copy link to clipboard

Copied

I don't think it can be decrypted. The passwords stored by CF are hashed, not encrypted. If you had a table of values that were hashed using the same seed that CF is configured to use, you could probably identify the original password from that, but CF does let you change the seed so that seems less likely to work.

But if your goal is to find this out, why not go to whoever manages the database server and just ask?

Dave Watts, CTO, Fig Leaf Software

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Feb 11, 2018 0
New Here ,
Feb 10, 2020

Copy link to clipboard

Copied

You could unhash it using cfconfig a plug-in from Ortus. CFConfig takes all your datasources and makes it into a json file which can be easily read.

 

Give it a try. Good luck!

Al Serize

Sr. Web Eng.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Feb 10, 2020 0
Bardnet LATEST
Participant ,
Feb 11, 2020

Copy link to clipboard

Copied

The password is stored encrypted. It is always advised to hash passwords. ColdFusion cannot do this because the password is needed in clear text to establish a new connection to a database.

ColdFusion used to have one global key. This was changed some times back, so when ColdFusion is installed a seed is generated and every password is encrypted using this key.

 

There is this article explaining many things including how to read the passwords using the AdminAPI and decrypt them: https://medium.com/@cfmike/retrieve-coldfusion-datasource-passwords-4c1064b91548

Prior to CF10 the seed and agorithm are fixed values and are “0yJ!@1$r8p0L@r1$6yJ!@1rj” and “DESede” respectively. For CF10 and beyond you will need to retrieve these values from the seed.properties file.

 

 

 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Feb 11, 2020 0