| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.misc -> Re: Encrypted Fields
Thanks for the info about the DB encryption.
As for the alias:
a) not a good idea to use your real name or anyone else's
b) ever hear of Monty Python??? I think they were older than that when they
made "Life of Bryan"
c) who the fuck are you to make comments on other people's screen names??
c.1) stay on topic c.2) seriously consider cutting down on the caffeine and the crack c.3) remember to take your ritalin
DA Morgan wrote:
> Bigus Dickus wrote:
>
> > Is it possible to encrypt fields at the table level in 8.1.7?
> >
> > For instance, we currently have a hashing algorithm which encrypts
> > passwords and then stores the hash in the password field of the user
> > table. However, the hash can be copied from user to user. For
> > instance, it is possible to create a dummy user, copy the admin's
> > password into the dummy user account, copy the password from your own
> > account into admin, et voila! you are able to login as admin with your
> > own password. Once you are done hacking away at the system, you simply
> > swap the passwords back and delete the dummy account record from the
> > table.
> >
> > It seems to me that there should be something within Oracle which would
> > prevent this.
>
> Go to http://tahiti.oracle.com and look up DBMS_OBFUSCATION_TOOLKIT
> built-in package.
>
> BTW seriously consider changing your on-line alias. It ain't that funny if
> you are more than 14 years old.
>
> Daniel Morgan
Received on Wed Jan 29 2003 - 11:57:44 CST
 |
 |