A couple of months ago I wrote about password hashing in CFML (if you haven’t read that, I would suggest reading it before reading this) and in the post, I mentioned that Argon2 as being the currently recommended algorithm for password hashing but that, at the time of writing, neither Adobe ColdFusion or Lucee natively supported the Argon2 algorithm. I submitted an enhancement request to Lucee via their JIRA ticket system and at the end of August, it was reported on the ticket that it had been implemented and support was available in build 126.96.36.199 or higher. Currently, this build is only available on the SNAPSHOT branch, but it is available to download and use if you want it, so I thought I would give it a try.Read More
As we all know, or at least should know, if you are storing passwords in a database, they should only ever be stored as hashes and NEVER as plain text or using reversible encryption.
What is hashing?
By hashing the password, you are not storing the original password, only a calculated representation of the password, that given you know certain information about how the hash of the password was created, you can recreate the same hash from the password and compare the stored version to the newly hashed version for verification.Read More