How you ever been given the job of Protecting data in a database ? Is there any sensitive information which should not be shown to the developers but the should be accessible to them ? Do you want to store password information in the database. If so, Oracle provides DBMS_CRYPTO package to Encrypt the information before storing the data in to the database.
DBMS_CRYPTO PACKAGE provides a function called hash which converts the data in to MD5 Hash.
By default execute permissions are not available on dbms_crypto package to all users.
Login as Sys it execute the following command
GRANT execute ON dbms_crypto TO Your_username;
Now as a normal user, create a helper function to access dbms_crypto package:
CREATE OR REPLACE FUNCTION Hash_encrypt(info IN VARCHAR2) RETURN RAW IS
BEGIN
RETURN DBMS_CRYPTO.HASH(UTL_I18N.STRING_TO_RAW (info, ‘AL32UTF8′),
DBMS_CRYPTO.HASH_MD5);
END;
/
For ex:
create table employee_auth(
user_id number(10),
pass varchar2(100));
Insert into employee_auth (user_id,pass) values (2321344, hash_encrypt('praveen'));
Insert into employee_auth (user_id,pass) values (2321345, hash_encrypt('swarna'));
Querying the above table would result
SQL> SELECT * FROM employee_auth;
USER_ID pass
---------- ---------------------
2321344 45BECD6C5DD83E2179CD81DF8640CD5A
2321345 5B582710926DC297202DB3926EDA5C9F
April 15th, 2008 at 11:55 am
it is fantastic
September 24th, 2008 at 5:02 pm
How do you decrypt the data? What if I needed to get the data out of the table from a stored procedure, how would I do that?