Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Encrypted Fields

Encrypted Fields

From: Bigus Dickus <no_spam_for_me_thanks_at_yahoo.com>
Date: Wed, 29 Jan 2003 06:22:49 -0800
Message-ID: <3E37E3B9.F8080DEE@yahoo.com> 





Is it possible to encrypt fields at the table level in 8.1.7?



For instance, we currently have a hashing algorithm which encrypts
passwords and then stores the hash in the password field of the user
table.  However, the hash can be copied from user to user.  For
instance, it is possible to create a dummy user, copy the admin's
password into the dummy user account, copy the password from your own
account into admin, et voila! you are able to login as admin with your
own password.  Once you are done hacking away at the system, you simply
swap the passwords back and delete the dummy account record from the
table.



It seems to me that there should be something within Oracle which would
prevent this.
Received on Wed Jan 29 2003 - 08:22:49 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US