From: Lance Tost Subject: Re: encrypting passwords in pl/sql Date: 1997/04/18 Message-ID: <3357CE55.41E2@systemautomation.com>#1/1 References: <861038820.1597@dejanews.com> <5j7seg$42o$1@picasso.op.net> Organization: System Automation Reply-To: ltost@systemautomation.com Newsgroups: comp.databases.oracle.server,comp.databases.oracle.misc Wayne Balmer wrote: > > I would suggest creating some functions to ENCRYPT and DECRYPT from > the password field in your table. > I ended up using PLEX to call a C function which just does the encryption (epass = crypt(plist->PASSWORD, salt)) and passes it back. It's defined as a before trigger, so the user never has to worry about it. I think the ability to DECRYPT an encrypted password makes for a not-so-secure system. > As for getting Oracle's algorithm, if we had that, then Oracle > wouldn't be very secure, would it.....? > I thought this was discussed before? Most [good] encryption algorithms are "one-way" anyways. _____________________________________________________ Lance M. Tost "Competence is overrated." Work : ltost@SystemAutomation.COM Other: ltost@pobox.com The views stated above do not necessarily reflect those of my employer!