0

I have been using an application successfully for many years on all versions of CF prior to 2016. The tool generates DAO code for the objects in your database, and is called Illudium CFC Generator. (http://cfcgenerator.riaforge.org/)

To log into this app, it prompts you for the CF Admin password, and logs you in. This has worked fine for years.

However, since switching to CF 2016, it no longer accepts the CF Administrator password, even though it's correct. To doublecheck - I log into the CF Administrator using the same password, and it works.

I'm not sure how this application does the login check using the CF Administrator password, as it's an SWF (Flash) app, so I can't view the code.

So I was wondering whether something has changed in Coldfusion 2016 that might have caused this?

Any ideas would be appreciated. Thanks

Paolo Broccardo
  • 103
  • 6
  • A similar issue had been raised on github - auto migrated from google-code: https://github.com/deanlaw/cfcgenerator/issues/71 – Bernhard Döbler Jan 04 '17 at 15:54
  • I can confirm that this is definitely an issue with the latest versions of CF (11, 2016). I installed CF10 on a different port and when I ran the app there, it ran perfectly. Still doesn't authenticate on CF11/2016 though. So something has definitely changed. – Paolo Broccardo Apr 11 '17 at 18:14

1 Answers1

0

It has changed. I'm not sure exactly how. But my AWS server setup script (which worked in CF9, CF10, and CF11) used to just copy the admin password and license key hashes into the neo*.xml files, and now that doesn't work any more. I don't know exactly what changed. But certainly the ecryption/hashing of the admin password and license key is different in ColdFusion 2016.

andrew lorien
  • 441
  • 3
  • 10