Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: password encryption during password change

Re: password encryption during password change

From: Daniel Morgan <damorgan_at_x.washington.edu>
Date: Tue, 03 Feb 2004 08:00:49 -0800
Message-ID: <1075823991.5719@yasure> 





Joe wrote:



> Oracle encrypts passwords during the login process, but I'm looking

> into what happens during a password change.   No one at our site uses

> the sqlplus PASSWORD command, all changes are done using utilities

> which issue the ALTER USER IDENTIFIED BY statement.   So I believe

> that goes out over the network as plain text just as any other sql

> statement.

> 

> Does anyone have any thoughts on how to make this more secure?  A few

> complicated solutions come to mind, but I can't think of a simple one

> - hopefully I'm missing something obvious?




One simple solution is to have the front-end encrypt and use a procedure 
in the back-end to decrypt and do the actual work.



For example:



Front end:


SELECT TRANSLATE('this is a secret',


'abcdefghijklmnopqrstuvxyz', '0123456789qwertyuiop[kjhbv')
FROM dual;



Back end:


  SELECT TRANSLATE('p78o 8o 0 o42i4p',


'0123456789qwertyuiop[kjhbv', 'abcdefghijklmnopqrstuvxyz')
FROM dual;


-- 
Daniel Morgan
http://www.outreach.washington.edu/ext/certificates/oad/oad_crs.asp
http://www.outreach.washington.edu/ext/certificates/aoa/aoa_crs.asp
damorgan_at_x.washington.edu
(replace 'x' with a 'u' to reply)


Received on Tue Feb 03 2004 - 10:00:49 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US