在Oracle函数中加密/解密密码 [英] Encrypt/Decrypt Password in Oracle Function
问题描述
由于以前设计不当的结构,我必须使用的当前数据库将用户的密码存储为文本。
Due to previously poorly designed structure, the current database that I have to work with stores users' password as text.
现在,我正在构建前端部分我必须使用这些密码,我当然不想加密密码。
Now, I am building a front end part that has to use those passwords and I certainly don't want to be sending passwords unencrypted.
我的想法是写一个Oracle函数来加密和解密文本密码并使用那些在存储过程中将返回加密数据的函数。
My idea is to write an Oracle function to encrypt and decrypt text password and use those functions in the stored procedures that will return encrypted data.
Oracle中最好的方法是什么?
What would be the best approach in Oracle to do so?
推荐答案
如果你想编写自己的函数来加密和解密数据,你只需要调用 DBMS_CRYPTO encrypt 和 decrypt 具有适当参数的方法(即选择加密算法,密钥等)。
If you want to write your own functions to encrypt and decrypt data, you would simply want to call the DBMS_CRYPTO encrypt and decrypt methods with appropriate parameters (i.e. pick your encryption algorithm, your key, etc.).
当然,如果你编写自己的例程,假设你破坏数据库中的关键或数据库可访问的位置,您的安全性并没有太大。通过网络发送未密码的密码是不好的,但是将数据库中的未加密密码存储在一般情况下更糟糕(或者如果在数据库中存在 decrypt 方法,则加密密码访问密钥来解密数据)。从数据库窃取数据通常比通过网络发送数据以便找到密码更容易。
Of course, if you write your own routines, assuming that you store the key in the database or somewhere the database has access to, you're not doing much for security. It's bad to send passwords unencrypted over the network but it is generally much worse to store unencrypted passwords in the database (or encrypted passwords if there is a decrypt method in the database that has access to the key to decrypt the data). It's generally a lot easier to steal data from a database than it is to sniff data getting sent over the network in order to find a password.
正确的答案当然是,将重新构建系统,以便您根本不存储密码。您应该存储密码哈希(您也可以使用不可逆的 DBMS_CRYPTO 包生成)。
The right answer, of course, would be to rearchitect the system so that you don't store the passwords at all. You should be storing password hashes (which you can also generate using the DBMS_CRYPTO package) which are non-reversible.
这篇关于在Oracle函数中加密/解密密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
