I have a table with columns name and password . When any password is store in column it should be encrypted. Basically I want to add encryption decryption techniques in password column.
Asked
Active
Viewed 27 times
0
-
2Unless this is for a play project where no real user names and passwords would be stored ever, stop. Don't do it. Seriously, a table with columns "name" and "password" is bad, no matter how hard you work at encrypting the data that goes in it. Read the answer to the question I posted as a duplicate, there's lots of things that can (and will) go wrong. – Sergey Kalinichenko Jan 03 '22 at 12:59
-
2PL/SQL has built-in package [`dbms_crypto`](https://docs.oracle.com/en/database/oracle/oracle-database/21/arpls/DBMS_CRYPTO.html#GUID-1C98C203-29EF-488D-A5FA-42AD4BD7718D) which handles such things. Also, [read the Oracle DB Security Guide on the topic](https://docs.oracle.com/en/database/oracle/oracle-database/21/dbseg/manually-encrypting-data.html). But generally I agree with @SergeyKalinichenko: don't hand-roll a security system for an IRL database application. There's **no way** you can build anything better than Oracle already provides. – APC Jan 03 '22 at 13:10
-
1You do not need to store the password, and you shouldn't anyway. You store a salted and stretched hash of the password. When a user tries to log in you salt and stretch and hash their entered password and see if the final hash matches with the stored hash. – rossum Jan 03 '22 at 15:21
-
I also have a column in my table with credit card number when the credit card number is entered it should be encrypted and later on we can also decrypt it using some key. This is not a practical work just to know the mechanism of encryption and decryption in Oracle PL/SQL. @SergeyKalinichenko – Ahmed Jan 04 '22 at 06:57