gotetioracle
asked on
oracle passwords security
Hi,
We are developing online payment application .Where we need to store passwords and accounts details.My query is is there anyway in oracle where i can encrypt theses details where even my DBA should not able to access.
Regards,
GSK
We are developing online payment application .Where we need to store passwords and accounts details.My query is is there anyway in oracle where i can encrypt theses details where even my DBA should not able to access.
Regards,
GSK
ASKER
Hi,
My question for internal purpose i am storing these data in one table.
My question for internal purpose i am storing these data in one table.
you can leave it to the oracle database right - why do you want to do the password management with encryption, etc ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I suggest not encrypting passwords. Hash them instead. Then they cannot be decrypted.
Check out dbms_crypto.hash:
http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_crypto.htm#i1002022
When a user logs in, hash whatever password they enter and compare with the stored hash value.
The other way to do it without the DBA being able to see the info is Database Vault but this requires additional licensing:
http://docs.oracle.com/cd/E11882_01/server.112/e23090/dvintro.htm#DVADM001
Check out dbms_crypto.hash:
http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_crypto.htm#i1002022
When a user logs in, hash whatever password they enter and compare with the stored hash value.
The other way to do it without the DBA being able to see the info is Database Vault but this requires additional licensing:
http://docs.oracle.com/cd/E11882_01/server.112/e23090/dvintro.htm#DVADM001
or i got your question wrong ?