Link to home
Start Free TrialLog in
Avatar of gotetioracle
gotetioracle

asked on

oracle passwords security

Hi,

We are developing online payment application .Where we need to store passwords and accounts details.My query is is there anyway in oracle where i can encrypt theses details where even my DBA should not able to access.

Regards,
GSK
Avatar of Naveen Kumar
Naveen Kumar
Flag of India image

I believe it is all in encrypted format in oracle database. for example, if you create an user in oracle database and the password of it will not be stored in plain text which can read by other users.  

or i got your question wrong ?
Avatar of gotetioracle
gotetioracle

ASKER

Hi,

My question for internal purpose i am storing these data  in one table.
you can leave it to the oracle database right - why do you want to do the password management with encryption, etc ?
ASKER CERTIFIED SOLUTION
Avatar of Confucious2
Confucious2
Flag of South Africa image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I suggest not encrypting passwords.  Hash them instead.  Then they cannot be decrypted.

Check out dbms_crypto.hash:
http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_crypto.htm#i1002022

When a user logs in, hash whatever password they enter and compare with the stored hash value.


The other way to do it without the DBA being able to see the info is Database Vault but this requires additional licensing:
http://docs.oracle.com/cd/E11882_01/server.112/e23090/dvintro.htm#DVADM001