Forum Stats

  • 3,851,383 Users
  • 2,263,969 Discussions
  • 7,904,691 Comments

Discussions

Encrypted password question....

843811
843811 Member Posts: 49,851 Green Ribbon
Hi,

We are using both ADO and JDBC to connect to an Oracle database and my job is to make sure that the connect password that travels to the Oracle database is encrypted and not traveling in clear text. How do I encrypt this password before sending to the Oracle database? I think Oracle looks in its system table, SYS.USER, where this password is encrypted (I looked :-)) and then does it authentication stuff.

I would think that the Oracle ODBC drive would have an option I could set that would send all connect passwords to the Oracle database encrypted instead of in clear text but, I can't find one. And I looked in the ADO documentation and it looks like ADO sends the password in cleartext and there is no option to send passwords encrypted.

Thanks for any help,

-Art

Comments

  • 843811
    843811 Member Posts: 49,851 Green Ribbon
    Use NetAssist...set up your net8 so that the traffic is encrypted...there are docs on this on the Oracle site.

    This way not only are the passwords encrypted in the network, ALL of the data traffic is encrypted.

    You wll need advanced crypto license to use this, I think.

    I called the Oracle helpdesk and they walked me through this.

  • 843811
    843811 Member Posts: 49,851 Green Ribbon
    Haii,

    I beleive two options are there.

    one is to write a encryption program in client side and send it to the database.

    another is write a seperate algoritham in database as a stored procedure for encryption.

    sample java program in given below for client side encryption.
    ==========================================
    import java.io.*;
    import java.security.*;

    public class security
    {
    public String encrypt(String password)throws NoSuchAlgorithmException
    {
    MessageDigest sha = null;
    byte[] b1 = new byte[password.length()];
    b1 = password.getBytes();
    sha = MessageDigest.getInstance("SHA");
    sha.reset();
    sha.update(b1);
    byte[] hash = sha.digest();
    StringBuffer buf = new StringBuffer();
    for(int i=0; i<hash.length;i++)
    {
    buf.append(hash);
    }
    return buf.toString();
    }
    }

    ==========================================

    The progam is working fine and let me know if u face any problem.

    Regards,
    Jawahar Govindaraj
    [email protected]

This discussion has been closed.