Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: encrypting passwords in pl/sql
Wayne Balmer wrote:
>
> I would suggest creating some functions to ENCRYPT and DECRYPT from
> the password field in your table.
>
I ended up using PLEX to call a C function which just does the encryption (epass = crypt(plist->PASSWORD, salt)) and passes it back. It's defined as a before trigger, so the user never has to worry about it.
I think the ability to DECRYPT an encrypted password makes for a not-so-secure system.
> As for getting Oracle's algorithm, if we had that, then Oracle
> wouldn't be very secure, would it.....?
>
I thought this was discussed before? Most [good] encryption algorithms are "one-way" anyways.
The views stated above do not necessarily reflect those of my employer! Received on Fri Apr 18 1997 - 00:00:00 CDT