I’m aware of this password utility for encrypting passwords for use in a datasource: https://github.com/bdw429s/Lucee-password-util/blob/master/models/PasswordManager.cfc
I know that box/cfconfig does something similar.
These tools reference a salt of sdfsdfs. Where does this salt value come from? I don’t see it in the Lucee source code. Is it possible to change it, if I wanted to?
Salt is what you provide, ie its the encryption key. You could do something like this to generate a random value –<cfset salt = GenerateSecretKey("AES")>
In the code I posted, you can see that the salt used for encrypting and decrypting the datasource passwords is sdfsdfs. Perhaps this is not actually a ‘salt’, since it’s obviously using two-way encryption here so that the password can be decrypted and passed to a database server.
Regardless, we can see that third party tools use sdfsdfs when encrypting and decrypting Lucee datasource passwords. My question is, where does this sdfsdfs value come from? And can I change it?
I assume it was compiled into the Lucee source, but I could not find it when searching the Lucee source on github.