Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: ROLE PW Encryption
Nicolas Bronke wrote:
> I am searching for a special security problem and need a tip.
>
> In our application the oracle-user get at runtime a special role assigned
> which is password protected. The normal user should not know this role
> password.
> Until now we are using an special password inside of our application (delphi
> and jsp) where we are setting the none default role to the user after
> connecting. But we would like to make the password more flexible. That means
> the customer DBA should be able to change the password.
>
> Now we first thought about a password file alternative to a special password
> table inside of oracle.meanwhile I am thinking the second solution is the
> best, but where we should now implement the algorithym for de and
> encrypting. Using the Oracle package functions has it charme, but then the
> user can also access to the decryption algorithm and therefore he could find
> out the password.
>
> Now, does there another way else to implement the algorithm inside of our
> application?
>
> Thank you for helpful hints.
>
> Regards
> Nicolas
Put your decryption into a stored procedure and use the WRAP utility to obfuscate the code.
www.psoug.org
click on Morgan's Library
click on WRAP
-- Daniel A. Morgan http://www.psoug.org damorgan_at_x.washington.edu (replace x with u to respond)Received on Tue Aug 02 2005 - 17:46:13 CDT