Use DBMS_CRYPTO to encrypt data
I am currently using Oracle 10g. I am using DBMS_CRYPTO package to encrypt user login passwords. To encrypt or decrypt data, I need to have a key. So where should I put the key to hide it from other developers, or is there another way to encrypt the data without being able to decrypt it back?
In SQL Server, I just use the PWDENCRYPT function for encryption, and when I want to compare the data entered by users correctly or not, I use PWDCOMPARE. Pls advice. Thank.
source to share
To hide the key from other developers, we hope this article is helpful, it includes a section on key management:
http://www.oracle.com/technology/oramag/oracle/05-jan/o15security.html
To encrypt data without being able to decrypt it, you might want to look at one-way hashes . Oracle provides this in the form DBMS_CRYPTO.HASH, which is easy to use (as discussed here ):
SQL> select SYS.DBMS_CRYPTO.HASH('FFFFFF',1) from dual;
7D91F6D9BE28A9756B0D2F11D3AF4F0C
Then you only store the hash in the database - you can check the password if the hash of the user input matches your stored hash, but you cannot get the password in any way.
source to share