Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: Encrypted Fields
Bigus Dickus wrote:
> Is it possible to encrypt fields at the table level in 8.1.7?
>
> For instance, we currently have a hashing algorithm which encrypts
> passwords and then stores the hash in the password field of the user
> table. However, the hash can be copied from user to user. For
> instance, it is possible to create a dummy user, copy the admin's
> password into the dummy user account, copy the password from your own
> account into admin, et voila! you are able to login as admin with your
> own password. Once you are done hacking away at the system, you simply
> swap the passwords back and delete the dummy account record from the
> table.
>
> It seems to me that there should be something within Oracle which would
> prevent this.
Go to http://tahiti.oracle.com and look up DBMS_OBFUSCATION_TOOLKIT built-in package.
BTW seriously consider changing your on-line alias. It ain't that funny if you are more than 14 years old.
Daniel Morgan Received on Wed Jan 29 2003 - 11:30:37 CST