Link to home
Start Free TrialLog in
Avatar of gotetioracle

asked on

oracle passwords security


We are developing online payment application .Where we need to store passwords and accounts details.My query is is there anyway in oracle where i can encrypt theses details where even my DBA should not able to access.

Avatar of Naveen Kumar
Naveen Kumar
Flag of India image

I believe it is all in encrypted format in oracle database. for example, if you create an user in oracle database and the password of it will not be stored in plain text which can read by other users.  

or i got your question wrong ?
Avatar of gotetioracle



My question for internal purpose i am storing these data  in one table.
you can leave it to the oracle database right - why do you want to do the password management with encryption, etc ?
Avatar of Confucious2
Flag of South Africa image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I suggest not encrypting passwords.  Hash them instead.  Then they cannot be decrypted.

Check out dbms_crypto.hash:

When a user logs in, hash whatever password they enter and compare with the stored hash value.

The other way to do it without the DBA being able to see the info is Database Vault but this requires additional licensing: