User Guide
646 Chapter 3: ColdFusion Functions
Usage
The result of this function is useful for comparison and validation. For example, you can store the
hash of a password in a database without exposing the password. You can check the validity of the
password by hashing the entered password and comparing the result with the hashed password in
the database.
ColdFusion MX 7 uses the Java Cryptography Extension (JCE) and installs a Sun Java 1.4.2
runtime that includes the Sun JCE default security provider. This provider includes the
algorithms listed in the Parameters section. The JCE framework includes facilities for using other
provider implementations; however, Macromedia cannot provide technical support for third-
party security providers.
The
encoding attrbute is normally not required. It provides a mechanism for generating identical
hash values on systems with different default encodings. ColdFusion uses a default encoding of
UTF-8 unless you modify the defaultCharset entry in the neo-runtime.xml file.
Example
The following example lets you enter a password and compares the hashed password with a hash
value saved in the SecureData table of the cfdocexamples database. This table has the following
three entries:
<h3>Hash Example</h3>
<!--- Do the following if the form is submitted. --->
<cfif IsDefined("Form.UserID")>
<!--- query the data base. --->
<cfquery name = "CheckPerson" datasource = "cfdocexamples">
SELECT PasswordHash
FROM SecureData
WHERE UserID = <cfqueryparam value = "#Form.userID#"
cfsqltype = "CF_SQL_CHARVAR">
</cfquery>
<!--- Compare query PasswordHash field and the hashed form password
and display the results. --->
<cfoutput>
<cfif Hash(Form.password, "SHA") is not checkperson.passwordHash>
User ID #Form.userID# or password is not valid. Try again.
<cfelse>
Password is valid for User ID #Form.userID#.
</cfif>
</cfoutput>
</cfif>
User ID Password
12 abc
14 def
15 ghi