I have Login table with Login ID & Password field. I want to store encrypted password in the "password" field (similar to MD5 in SQL).
What would be the field type of password?
passwords should NEVER be stored, even if encrypted. Calculate a hash using a strong algorithm (see dbms_crypt) to verify an entered password you would put the entered password through the same hash and compare the two fields. if they match then they get in. This is exactly what oracle does in it's database. If you have an encrypted password then the encryption can be hacked.
Bill
Lead Application Developer
New York State, USA
Sorry for not putting the details.
Out PHP developers are working on a website which will have a Login Id & password and this is fetched from the oracle table.
So when the user login in 1st time with his/her Id & password the same is checked with the oracle table and if matches will allows to view the website; user is asked to change his password. So while the users changes his password, this changed password to be stored in encrypted format in the table.
one option is to pass the encrypted password (thru PHP code) to be stored in oracle table - how can I store the password in encrypted format in oracle ; what will be the field type & length? - something similar to "MD5"
MD5 is a hashing algorithm, not an encryption algorithm. I would use the hash algorithm HMAC_SH512. It is not only the most complex hashing available on oracle but it also requires a secret key. See the following procedure DBMS_CRYPTO.HASH
The one way hashing is an open standard and can be generated by pretty much any application. The application and the database would have to know the secret key (store in oracle wallet) but because it's a one way hash it can't be hacked to return the original password.
You would never pass any password outside the database. The application would generate the hash after the user enters it in and then request the hashed password from the database and compare the two. this method is also secure from packet snooping
Bill
Lead Application Developer
New York State, USA
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.