Results 1 to 3 of 3
  1. #1
    Join Date
    Feb 2004

    Unanswered: Oracle Obfuscation Tool

    Hello All,

    I am trying to encrypt the password column inside the database and I have read about the Obfusaction Tool used by Oracle. Can someone please help me get started? Can I run an update query using this tool to encrypt the password column? Any advice would be very appreciated!. Thanks!

    I am using Oracle 9i and I have checked that I can use the tool.

  2. #2
    Join Date
    Nov 2002
    Desk, slightly south of keyboard

    I don't know how secure your systems need to be, but server side obfuscation/encryption/hashing is quite insecure.

    Doing it server side means that the password must at some point be passed in plain text over the lan (quite likely every time someone logs in).

    This means that the very same plain text can be seen in...
    - any packet sniffer
    - any server side sql_trace
    - via ODBC, a simple tick box 'log SQL to file'
    - in certain circumstances, oracles own .trc files

    If you only need limited security that may be fine, otherwise you should consider implementing client side obfuscation/hashing etc.

    Just my tuppence,
    Please don't email me directly with questions. I've probably just got home from the pub and cannot guarantee the sanity of my answers. In fact, I can't believe I actually made it home.

  3. #3
    Join Date
    Jun 2004
    Liverpool, NY USA
    The best way to handle passwords is to store them after they have been passed through a one-way hashing. When you want to test a password, the application puts the entered password through the same one-way hashing and then compares the value against the stored password. This is the way oracle does it. No one can read the password. If the user loses it, a new password would need to be assigned.
    You do not need a parachute to skydive. You only need a parachute to skydive twice.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts