I broke out the sweater today (smells a bit like last year), a simple mustard color V-neck from that company with the eagle. It was cold this morning, and it’s going to stay cold, though I’m sure I’ll be sweating it out during the day in the office, and still complaining that my toes are cold. Such is life. I hear Friday is going to be in the 70s. At least trick-or-treating won’t require carrying a large thermos of hot apple cider and Captain Morgan to keep warm, it could just be a fun bonus.
But as far as today is concerned, I’m once again diving into the question of encryption. What I plan on doing is sending an encrypted URL for user authentication. The site I’m working on has a section that is free to view — a search and video view section. In order for our clients to gain anything out of this, rather than just paying out for bandwidth, they’re requiring a login. So, in order to make sure the login is tracked, we’re requiring a valid email address, which in turn will be sent an email telling them to click on the link to validate the email and log in. Of course I don’t want to go sharing my url variables with the world, so I plan on encrypting it. I will be using standard encryption from Coldfusion, functions aptly named encrypt and decrypt, since there’s no real huge financial grade encryption security required, but it’s still going to do what I want it to. What I won’t be using is the standard (default) encryption for coldfusion, CFMX_COMPAT. The question is then, how to use GenerateSecretKey and keep that valid until the validation click is recieved. Perhaps a set of keys in the database.