This content has been marked as final. Show 6 replies
I want to store the encrypted password in database.
I haven't done it, but i think you can make use of dbms_crypto package
the own database encrypt the password. for example:
SQL> create user AA identified by BB;
SQL> select password from dba_users where username='AA';
Anyway i think you want to know "5.3 Encrypting the Configuration File Passwords" of the document I attached and you don't read.
Edited by: Fran on 08-may-2012 2:57
Oracle ( back to version n, where n is a very small number) does not store encrypted passwords, it stores hashed passwords.
There is a very fundamental difference between these two techniques ... if you don't understand that you need to do a bit of reading.
If passwords must be stored they must be hashed, using salt (more reading).
You are telling about Oracle 8.1.5 and before.
Oracle ( back to version n, where n is a very small number) does not store encrypted passwords, it stores hashed passwords. There is a very fundamental difference between these two techniques ... if you don't understand that you need to do a bit of reading. If passwords must be stored they must be hashed, using salt (more reading)
when i told that i mean SHA, maybe "encrypt" was my error, i should used another word.
the own database encrypt the password
Password encryption. Oracle Database automatically and transparently encrypts passwords during network (client-to-server and server-to-server) connections, using Advanced Encryption Standard (AES) before sending them across the network.
and please check this too:
Passwords hashed using the Secure Hash Algorithm (SHA) cryptographic hash function SHA-1. Oracle Database uses the SHA-1 verifier is to authenticate the user password and establish the session of the user. In addition, it enforces case sensitivity and restricts passwords to 160 bits. The advantage of using the SHA-1 verifier is that it is commonly used by Oracle Database customers and provides much better security without forcing a network upgrade. It also adheres to compliance regulations that mandate the use of strong passwords being protected by a suitably strong password hashing algorithm. See "Ensuring Against Password Security Threats by Using the SHA-1 Hashing Algorithm" for more information.
Edited by: Fran on 08-may-2012 4:35
Transparent Data Encryption is one of the three components of the Oracle Advanced Security option for Oracle Database 11g Release 2 Enterprise Edition; it provides transparent encryption of stored data to support your compliance efforts. Applications do not have to be modified and will continue to work seamlessly as before. Data is automatically encrypted when it is written to disk and automatically decrypted when accessed by the application. Key management is built-in, eliminating the complex task of creating, managing and securing encryption keys