Re: Encrypted Fields

Bigus Dickus wrote:

> Thanks for the info about the DB encryption.
>
> As for the alias:
> a) not a good idea to use your real name or anyone else's
> b) ever hear of Monty Python??? I think they were older than that when they
> made "Life of Bryan"
> c) who the fuck are you to make comments on other people's screen names??
> c.1) stay on topic
> c.2) seriously consider cutting down on the caffeine and the crack
> c.3) remember to take your ritalin
> d) have a nice day.
>
> DA Morgan wrote:
>
> > Bigus Dickus wrote:
> >
> > > Is it possible to encrypt fields at the table level in 8.1.7?
> > >
> > > For instance, we currently have a hashing algorithm which encrypts
> > > passwords and then stores the hash in the password field of the user
> > > table. However, the hash can be copied from user to user. For
> > > instance, it is possible to create a dummy user, copy the admin's
> > > password into the dummy user account, copy the password from your own
> > > account into admin, et voila! you are able to login as admin with your
> > > own password. Once you are done hacking away at the system, you simply
> > > swap the passwords back and delete the dummy account record from the
> > > table.
> > >
> > > It seems to me that there should be something within Oracle which would
> > > prevent this.
> >
> > Go to http://tahiti.oracle.com and look up DBMS_OBFUSCATION_TOOLKIT
> > built-in package.
> >
> > BTW seriously consider changing your on-line alias. It ain't that funny if
> > you are more than 14 years old.
> >
> > Daniel Morgan

I use my real name. Have for more than a decade. Never had a problem. Not that I am advising you to do so.

And I have more than a passing acquaintance with Monty et. al. but that doesn't mean reading a posting from your current alias in a business environment, or sending you an email, is a career prolonging experience.

Daniel Morgan Received on Wed Jan 29 2003 - 12:39:05 CST