Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Encrypted Fields

Re: Encrypted Fields

From: DA Morgan <damorgan_at_exesolutions.com>
Date: Wed, 29 Jan 2003 09:30:37 -0800
Message-ID: <3E380FBD.C7F276B7@exesolutions.com> 





Bigus Dickus wrote:



> Is it possible to encrypt fields at the table level in 8.1.7?

>

> For instance, we currently have a hashing algorithm which encrypts

> passwords and then stores the hash in the password field of the user

> table.  However, the hash can be copied from user to user.  For

> instance, it is possible to create a dummy user, copy the admin's

> password into the dummy user account, copy the password from your own

> account into admin, et voila! you are able to login as admin with your

> own password.  Once you are done hacking away at the system, you simply

> swap the passwords back and delete the dummy account record from the

> table.

>

> It seems to me that there should be something within Oracle which would

> prevent this.




Go to http://tahiti.oracle.com and look up DBMS_OBFUSCATION_TOOLKIT
built-in package.



BTW seriously consider changing your on-line alias. It ain't that funny if
you are more than 14 years old.



Daniel Morgan
Received on Wed Jan 29 2003 - 11:30:37 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US