Home » SQL & PL/SQL » SQL & PL/SQL » password encryption (Oracle 10g, XP)
password encryption [message #325912] Mon, 09 June 2008 08:44 Go to next message
suneelvarma_27
Messages: 28
Registered: April 2008
Junior Member
would like to create a table to store the username and password for all my application users. There are a problem with password encryption. When I create a table as follows,

create table usrmas
(username varchar2(10),
passwd varchar2(20))



All password from the passwd column will be disclosed when somebody query the table. It is not secure. Right?

When I tried to use the table dba_users, I am fail to find a password using following query

select *
from dba_users


Thanx in advance...
Re: password encryption [message #325914 is a reply to message #325912] Mon, 09 June 2008 08:48 Go to previous messageGo to next message
BlackSwan
Messages: 25046
Registered: January 2009
Location: SoCal
Senior Member
http://www.orafaq.com/forum/t/88153/0/
Please read & follow posting Guidelines at stated in URL above

>There are a problem with password encryption
What exactly is your problem?
Re: password encryption [message #325918 is a reply to message #325912] Mon, 09 June 2008 09:01 Go to previous messageGo to next message
Michel Cadot
Messages: 64131
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
DBMS_CRYPTO

Regards
Michel
Re: password encryption [message #325946 is a reply to message #325914] Mon, 09 June 2008 11:41 Go to previous messageGo to next message
suneelvarma_27
Messages: 28
Registered: April 2008
Junior Member
I want to store passwords in encrypted format into the database.

Ex. when you query
SELECT * FROM DBA_USERS;


You can see passwords in encrypted format.
I would like to store the passwords as like this.
Re: password encryption [message #325953 is a reply to message #325946] Mon, 09 June 2008 12:11 Go to previous messageGo to next message
Michel Cadot
Messages: 64131
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Michel Cadot wrote on Mon, 09 June 2008 16:01
DBMS_CRYPTO

Regards
Michel


Re: password encryption [message #326030 is a reply to message #325946] Mon, 09 June 2008 23:37 Go to previous messageGo to next message
sarwagya
Messages: 87
Registered: February 2008
Location: Republic of Nepal
Member
You can encrypt your passwords in your application program using various encryption methods (eg: MD5) and store it in the table.
I think it is more simple way.
Re: password encryption [message #326040 is a reply to message #326030] Tue, 10 June 2008 00:27 Go to previous message
Frank
Messages: 7880
Registered: March 2000
Senior Member
The safest way though is not to encrypt, but to hash.
Hashing is a one way process, making it practically impossible to get the actual password.

Actually, even safer would be to use Oracle accounts and let the database handle authentication.

[Updated on: Tue, 10 June 2008 00:28]

Report message to a moderator

Previous Topic: regular expression to evaluate day of week field
Next Topic: find out isolation levels used for my database
Goto Forum:
  


Current Time: Wed Dec 07 12:29:03 CST 2016

Total time taken to generate the page: 0.08365 seconds