Reputation: 9
Replace characters in ColdFusion string
I have a function on my website (ColdFusion) which sends a password reminder in an email. I'd like to replace all characters in the password string except the first and last - so reminder emails don't include the whole password...
So, instead of the email including 'Password123' it would include 'P*...*3'
As you have guessed I am not a developer. I can find the <cfoutput>#password#</cfoutput> in the email template. Is there a string handling function I can use for the above?
It's not a requirement that the function replaces the exact number of original characters. It can just be first and last, everything else replaced with '...'.
Upvotes: 0
Views: 1130
Answers (2)
Reputation: 4786
Honestly, I'd not even recommend a solution here. Not to be unhelpful, but because the very premise of the question should be strongly discouraged. Miguel-F's answer will do the original request as asked, but it does not address the real problem here, which is the plain-text storage of a password.
You may be limited in what you can do with the password right now, but I'd seriously consider going back and fixing the way you work with passwords, instead of trying to obscure what you have in an email notification. It will be a bigger headache now, but it will save you tons of headaches in a breach. A password should never be recoverable.
Check out https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet.
NOTE: To replace all but first and last character in a string, you can drop down into CF's Java implementation and use Java Regex (which is a bit better than CF's). I think this works in CF9, replaceAll() should be in the CF9 JDK. You'll have to try it.
<cfset mystring = "Password1234" >
<cfset masked = mystring.replaceAll("(?<=.).(?!$)", "*")>
<cfoutput>#masked#</cfoutput>
https://trycf.com/gist/c33d8a9b8e7edfedb935fc7ce6654cd7/acf?theme=monokai https://www.regular-expressions.info/lookaround.html
Upvotes: 0
Reputation: 13548
Here is one way to do it. Just use the function left() to get the first character and the function right() to get the last character. I would not recommend replacing all of the other characters with a . or whatever. You would be disclosing the actual number of characters in the password. Instead I would just always put three . or * in between the first and last characters.
Here is some code that will do that for you. Note that I also included an example of how to replace each of the other characters in between but I don't recommend doing that.
<cfscript>
password = 'Password123';
password_firstchar = left(password,1);
password_lastchar = right(password,1);
writeOutput(password_firstchar & '***' & password_lastchar);
writeOutput('<p> </p>');
writeOutput(password_firstchar);
writeOutput(repeatString('.',len(password)-2));
writeOutput(password_lastchar);
</cfscript>
Output from running that code is:
P***3
P.........3
And here is a gist of that code so you can run it and play with it - TryCF gist example
NOTE: You indicated ColdFusion 9 as your platform. That version had limited cfscript syntax support. I think what I have given you will still work on that version but if not let me know. You could use the tag syntax instead.
Here is an example that includes the tag syntax as well.
Upvotes: 1
Related Questions
- How to remove words or chars from a string using coldfusion
- Remove characters in <cfoutput> with ReplaceNoCase() ColdFusion
- ColdFusion - String Remove Characters after certain spot
- How to use Replace() to replace HTML encoded characters in a string
- Coldfusion string replace with ReReplace
- Coldfusion RegEx to replace characters
- Removing set number of characters from end of string with ColdFusion
- What is the correct syntax for replacing two characters at once in ColdFusion?
- How do I find/replace � (unicode replacement character) in ColdFusion?
- Replacing a substring using regular expressions