Coldfusion: Encrypting and Decrypting Data

Sometimes it is necessary and/or standard procedures to encrypt data when storing in a database from online forms. A quick example that come to my mind, that I have encrypted would be passwords. As a developer, you should find it necessary to encrypt confidential data in databases. Just because you have the standard SSL for https encyrption of information flowing from browser to server, you should still have it in policy to encrypt the data stored on the server. Now, there is some data that just should NOT be stored in any database, SSN and Credit Card numbers come to mind.

I use Adobe Coldfusion as my development platform for all my web applications. Utlizing it's encryption functionality is a must. What encrypt does is, takes a string of text, and using a specific algorithm and encoding method, encrypts it. Likewise, decrypt takes that encrypted string and decrypts it back to the original string, keeping the data secure on the server.


First, I set some parameters to use with the process. These paramets could be stored in the application.cfm file, or on the actual page used. For more information on the parameters used and the options for each, please visit

<cfparam name="MyKey" default="JC2HI71J8UR548CSDD1SDSDJ455LN9P">
<cfparam name="myAlgorithm" default="CFMX_COMPAT">
<cfparam name="myEncoding" default="Base64">

Encryption and Decryption Sample Code:

Below is the sample code for using the parameters above with the field that is submitted from the HTML form. This sample reflects both the encryption and decryption syntax.

      /* GenerateSecretKey does not generate key for the CFMX_COMPAT algorithm,
        so use the key from the form.
      if (myAlgorithm EQ "CFMX_COMPAT")
      // For all other encryption techniques, generate a secret key.
      //Encrypt the string
      encrypted=encrypt(myString, theKey, myAlgorithm,
      //Decrypt it
      decrypted=decrypt(encrypted, theKey, myAlgorithm, myEncoding);

HTML Sample:

Below is just a single form field, being used as the sample to pass the string to the routine above.

<cfform action="?testit=yes" method="post">
TEXT: <cfinput type="text" name="mystring" size="20" maxlength="20">
<input type="submit" value="Submit">

Output Results

below is a basic <cfoutput> with the output results from the encryption and decryption routine above.

MyString: #mystring#
Encrypted: #encrypted#
Decrypted: #decrypted#

More by this Author

  • How to Install a Ceiling Fan

    When installing a home ceiling fan you want to make sure that your follow several safety tips and warnings so that you prevent fire hazards, electrical shock, and personal injury. Read carefully when looking over the...

  • How to Get Rid of Mice In and Around The House?

    Until this year, the only time that I've had mice or rats in the house were when my daughter had pet mice and rats, and one of those times we did have one loose in the house. (Science fair project got loose.) Anyway,...

  • How to Build Wooden Roof Trusses

    You may refer to a truss as the rafter, but it's basically the skeleton of the roof, carrying the weight of the frame and supporting the walls of the building. Trusses are very important to preventing the walls from...

Click to Rate This Article