Path: news.easynews.com!easynews!news.he.net!news-hog.berkeley.edu!ucberkeley!logbridge.uoregon.edu!news-west.eli.net!not-for-mail Message-ID: <3C6BF8BC.6D842C5B@ci.seattle.wa.us> From: damorgan X-Mailer: Mozilla 4.79 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 Newsgroups: comp.databases.oracle.tools Subject: Re: Using dbms_obfuscation_toolkit without logging in References: <59dd274f.0202140318.57910259@posting.google.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Lines: 34 Date: Thu, 14 Feb 2002 17:49:46 GMT NNTP-Posting-Host: 156.74.250.7 X-Complaints-To: yvonne.tracy@ci.seattle.wa.us X-Trace: news-west.eli.net 1013708986 156.74.250.7 (Thu, 14 Feb 2002 10:49:46 MST) NNTP-Posting-Date: Thu, 14 Feb 2002 10:49:46 MST Organization: City of Seattle NewsReader Service Xref: easynews comp.databases.oracle.tools:48816 X-Received-Date: Thu, 14 Feb 2002 10:48:12 MST (news.easynews.com) One solution is to create a schema that has only two privileges ... one is CREATE SESSION and the other is EXECUTE on DBMS_OBFUSCATION_TOOLKIT. Authenticate the user and then log them on again to the application schema. Daniel Morgan Rajesh Jayaprakash wrote: > I have run into a chicken-or-egg situation: > > I would like to store the Oracle user/password for a Forms 6i > (client/server) application in an INI file to prevent hardcoding this > in the ON-LOGON trigger (the application users will log in to the > application using user IDs created within the application). The > password in the INI file will be encrypted/decrypted using the > DBMS_OBFUSCATION_TOOLKIT package. > > My problem is that to decrypt the password read from the INI file, I > need to be already logged in to Oracle (to use the package). > > Is there any way to use this package without logging in to Oracle? Can > I duplicate the same functionality in a client PLL? Or should I look > for some other encryption mechanism? > > Thanks and regards, > > Rajesh Jayaprakash > rajesh.j@vsnl.net