Re: Storing passwords

In article <3666f52b.20681026_at_news2.axs2000.net>,   chuckh_at_safeaccess.net (Chuck Hamilton) wrote:
> Is there a way to store passwords in an Oracle7 table so that they're
> encrypted? Perhaps a password datatype, or an encrypt/decrypt function
> pair? If none of these exist, what would you suggest for keeping
> passwords out of the eyes of prying users?
>
> Chuck Hamilton
> --
> Chuck Hamilton
> chuckh_at_safeaccess.net
>
> But the angel said to them, "Do not be afraid; for
> I bring you tidings of great joy which shall be for
> all the people; for today in the city of David there
> has been born for you a Saviour, who is Christ the
> Lord." (NASB Luke 2:10-11)
>

A) There is no encrypt/decrypt function pair. Password encryption

   is not reversible and you cannot decrypt it. B) The way to do it would be to use external PL/SQL calls which

   would call crypt library function.
C) If you don't want users to see passwords, stop putting them on display.

   Develop a security document for the organization (you may call it an    "Orange Binder"), change passwords from tiger,manager and change_on_install    to something that makes more sense and use OS authentication.

--
Mladen Gogala

One Browser to rule them all,
One Browser to find them,
One Browser to bring them all
And in the darkness bind them
In the land of Redmond where the shadows lie.

-----------== Posted via Deja News, The Discussion Network ==---------- http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own Received on Thu Dec 03 1998 - 17:08:25 CST