Avatar of gotetioracle
gotetioracle
 asked on

oracle passwords security

Hi,

We are developing online payment application .Where we need to store passwords and accounts details.My query is is there anyway in oracle where i can encrypt theses details where even my DBA should not able to access.

Regards,
GSK
Oracle Database

Avatar of undefined
Last Comment
slightwv (䄆 Netminder)

8/22/2022 - Mon
Naveen Kumar

I believe it is all in encrypted format in oracle database. for example, if you create an user in oracle database and the password of it will not be stored in plain text which can read by other users.  

or i got your question wrong ?
gotetioracle

ASKER
Hi,

My question for internal purpose i am storing these data  in one table.
Naveen Kumar

you can leave it to the oracle database right - why do you want to do the password management with encryption, etc ?
Your help has saved me hundreds of hours of internet surfing.
fblack61
ASKER CERTIFIED SOLUTION
Confucious2

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
slightwv (䄆 Netminder)

I suggest not encrypting passwords.  Hash them instead.  Then they cannot be decrypted.

Check out dbms_crypto.hash:
http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_crypto.htm#i1002022

When a user logs in, hash whatever password they enter and compare with the stored hash value.


The other way to do it without the DBA being able to see the info is Database Vault but this requires additional licensing:
http://docs.oracle.com/cd/E11882_01/server.112/e23090/dvintro.htm#DVADM001