I need to encrypt a text string in Oracle, and decrypt it using classic ASP
Using Oracle 9i and PL/SQL, I need a way to encrypt a string, and pass the encrypted string to classic ASP within a querystring. Once received by ASP, I'll decrypt it and do what I need to do.
What encryption method should I use? I'm been contemplating RC4, but it seems easily cracked. The good news is RC4 is easily implemented within ASP, and is supported by Oracle 10g. For 9i, it seems I'll have to use a java based stored procedure to implement RC4. Please let me know if you have any better solutions for this as well.
What encryption method should I use? I'm been contemplating RC4, but it seems easily cracked. The good news is RC4 is easily implemented within ASP, and is supported by Oracle 10g. For 9i, it seems I'll have to use a java based stored procedure to implement RC4. Please let me know if you have any better solutions for this as well.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The problem is classic ASP does not support DES or DES3. Currently I'm looking into creating a .NET Interop Com class and expose the encryption routines that way. Of course, every turn is exposing new obstacles. I'll let you know how it goes. But currently it's not looking like there is a ready made solution.
As far as I know oracle suports only DES/DES3.
Why dont you move the whole encryption-decryption piece out of oracle and have it as ASP components. I.e. The data gets encrypted and goes in to the database, encrypted data comes out of the database and gets decrypted.
Why dont you move the whole encryption-decryption piece out of oracle and have it as ASP components. I.e. The data gets encrypted and goes in to the database, encrypted data comes out of the database and gets decrypted.
ASKER
Let me set up the scenario. We have two web sites:
Site A - Runs on Oracle and Unix (PL/SQL)
Site B - Runs on Sybase and Windows (ASP)
Each night a procedure will run to copy the usernames and pin numbers from database A to database B. What we would like to accomplish is to have a user only have to sign in once at site A. Site A will provide links over to Site B. If the user clicks on a Site B link, they will be taken there and not required to log in again.
To accomplish that I wanted to encrypt the username and pin and pass it in the querystring.
However, Site A seems to only support DES, and Site B seems to only support RC4. (Unless I purchase a 3rd party component.)
Does that make sense?
Site A - Runs on Oracle and Unix (PL/SQL)
Site B - Runs on Sybase and Windows (ASP)
Each night a procedure will run to copy the usernames and pin numbers from database A to database B. What we would like to accomplish is to have a user only have to sign in once at site A. Site A will provide links over to Site B. If the user clicks on a Site B link, they will be taken there and not required to log in again.
To accomplish that I wanted to encrypt the username and pin and pass it in the querystring.
However, Site A seems to only support DES, and Site B seems to only support RC4. (Unless I purchase a 3rd party component.)
Does that make sense?
ASKER
https://www.experts-exchange.com/questions/22975644/How-can-I-apply-RC4-encryption-to-a-string.html?anchorAnswerId=20349926#a20349926