Re: hiding Tables

From: <phil_herring_at_yahoo.com.au>
Date: Sun, 14 Sep 2008 17:44:08 -0700 (PDT)
Message-ID: <52cf5ff3-43bc-4cbd-9233-8f510496f448@w24g2000prd.googlegroups.com>

On Sep 14, 3:42 pm, Mass <mass..._at_gmail.com> wrote:

> let me explain , i have table called ( user) it containt username and
> password this table in same my data base (there are many users can
> login in this data base and can access to (user ) ),so i need to hid
> this table from my data base to avoid any access to this table

So do they really need to see what's in this database, or do they just need to use it to authenticate their username and password?

If it's the latter, then you shouldn't store the password at all; just concatenate it with some arbitrary string (known as a 'salt') and their username, hash it, and store the hash. To authenticate a user, verify that hash(salt || password || username) matches what's in the DB.

If you do this, users can look at the passwords in the DB all they want - they'll only see gibberish.

This assumes that you're only storing usernames and passwords. If the table holds other data that you want to keep secret, you'll need to go further.

For hashing, I suggest you use DBMS_CRYPTO.HASH(), and choose the SHA-1 algorithm.

Phil

Received on Sun Sep 14 2008 - 19:44:08 CDT

This message: [ Message body ]
Next message: fresher: "calculate size of a data type used in a create table stmt"
Previous message: zigzagdna_at_yahoo.com: "When is anything written to standby redo logs on standby database"
In reply to: Mass: "Re: hiding Tables"
Next in thread: Neil.W.James: "Re: hiding Tables"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message