wwUserSecurity.cPasswordEncryptionKey
Encryption key string that's used to hash the password stored in the usersecurity file's password field.
The value is hashed when a user is saved via the SaveUser(). Hashed passwords end in a postfix of ~~.
o.wwUserSecurity.cPasswordEncryptionKey
Default Value
String value that is used to encode passwords for hashing. The value is further hashed and salted before writing the hashed password into the table.
Remarks
Keep this Key Consistent for your Application
This key has to be consistent across your applications both when passwords are created and looked up as passwords are stored and retrieve in the database.
If the key changes or is lost, existing hashes cannot be resolved and all password lookups are unrecoverable and will fail.
Example
loSecurity = CREATEOBJECT("wwUserSecurity")
loSecurity.cPasswordEncryptionKey = "seekrit"
*** Ideallly store in config file or Environment Var etc.
* loSecurity.cPasswordEncryptionKey = goServer.oConfig.cPasswordEncryptionKey
*** Create a new User
loSecurity.NewUser()
loUser = loSecurity.oUser
loUser.Username = "test2@west-wind.com"
loUser.Password = "test2"
loUser.FullName = "Test2 User"
lcOld = loSecurity.oUser.password
*** Saves user with encrypted password
llResult = loSecurity.SaveUser()
lcnew = loSecurity.oUser.password && Encrypted with ~~
*** Try to authenticate against encrypted DB data
llResult = loSecurity.Authenticate("test2@west-wind.com","test2")
this.AssertTrue(llResult,"Authentication should work")
loSecurity.DeleteUser(loSecurity.oUser.Pk)
See also
© West Wind Technologies, 2026 •
updated: May 18, 2026
Comment or report problem with topic
Comment or report problem with topic
