Xref: alice comp.databases.oracle.misc:15051 Path: alice!news-feed.fnsi.net!news.maxwell.syr.edu!Supernews60!supernews.com!uunet!in3.uu.net!news.dsccc.com!dsun2.dsccc.com!jstrange From: jstrange@imtn.dsccc.com (John Strange) Newsgroups: comp.databases.oracle.misc Subject: Re: Encrypting a data field Date: 5 May 1998 17:14:02 GMT Organization: DSC Communications Corporation, Plano, Texas USA Lines: 35 Message-ID: <6inhcq$4as$1@psun6.dsccc.com> References: <354B1500.1CA6734E@apk.net> <6ikckb$d3m$1@mailgate.ikea.com> <6in55e$n21$1@nerd.apk.net> X-Newsreader: TIN [version 1.2 PL2] You should provide them with a view of your tables without the password information. Because if you provide the encrypted data; it lets them use it to try decrypt the data. Nancy Whitney (whitney@apk.net) wrote: : "joachim Carlsson" wrote: : The reason I want to encrypt this field is because there are several : groups asking if they can copy the contents of the Oracle database to : various places like into an LDAP database or into a Domino database, : which they would then replicate all over the place. The only field in : that database that would be sensitive if they did this is the : password. : >There is (almost) no reason to encrypt the passwords. Since when you have : >broken into the operatingsystem you can allways break into oracle if you : >want to. If you can logon to machine with the database you can get onto : >oracle without two many minutes of trouble. : >You know that you can steel the password from any oracle user in unix system : >within a few secs? : Nancy -- While DSC may claim ownership of all my ideas (on or off the job), DSC does not claim any responsibility for them. Warranty expired when you opened this article and I will not be responsible for its contents or use.