在oracle中创建密码字段 [英] creating password field in oracle

问题描述

安全外部密码存储"的用途是什么?

What is the use of "The Secure External Password Store"?

我可以使用安全外部密码存储"在Oracle表中创建密码字段吗?还是不使用安全外部密码存储"就如何在Oracle表中创建密码字段?

And can I create password field in my Oracle table using "The Secure External Password Store"? Or how can I create password field in my Oracle table without using "The Secure External Password Store"?

推荐答案

不使用安全外部密码存储"(无论如何)的一种方法是将RAW(16)列添加到表中以存储散列用户名和密码:

One method without using "The Secure External Password Store" (whatever that may be) is to add a RAW(16) column to the table to store a hashed username and password:

alter table mytable add password raw(16);

然后将散列的用户名和密码存储在其中，如下所示:

Then store the hashed username and password in it like this:

insert into mytable (username, password, ...)
values (:username, dbms_obfuscation_toolkit.md5 
                      (input => utl_i18n.string_to_raw
                                  (upper(:username)||:password))
       );

然后，当用户尝试使用用户名和密码登录时，您可以像这样检查它们:

Then when a user tries to log in with a username and password you can check them like this:

select 'OK'
from   mytable
where  username = :username
and    password = dbms_obfuscation_toolkit.md5 
                      (input => utl_i18n.string_to_raw
                                  (upper(:username)||:password));

通过这种方式，除了通过暴力破解之外，没有人可以找到存储的密码.

This way nobody can find out what the stored password is (other than by brute force).

这篇关于在oracle中创建密码字段的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！