Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Security >> Other Security APIs, Tools, and Issues

Encrypted password question....

Hi,

We are using both ADO and JDBC to connect to an Oracle database and my job is to make sure that the connect password that travels to the Oracle database is encrypted and not traveling in clear text. How do I encrypt this password before sending to the Oracle database? I think Oracle looks in its system table, SYS.USER, where this password is encrypted (I looked :-)) and then does it authentication stuff.

I would think that the Oracle ODBC drive would have an option I could set that would send all connect passwords to the Oracle database encrypted instead of in clear text but, I can't find one. And I looked in the ADO documentation and it looks like ADO sends the password in cleartext and there is no option to send passwords encrypted.

Thanks for any help,

-Art

[821 byte] By [aleather] at [2007-9-26 2:08:56]
«« JApplet flickering - please help
»» Pentium 4 support
# 1

Use NetAssist...set up your net8 so that the traffic is encrypted...there are docs on this on the Oracle site.

This way not only are the passwords encrypted in the network, ALL of the data traffic is encrypted.

You wll need advanced crypto license to use this, I think.

I called the Oracle helpdesk and they walked me through this.

lwfry@bbnow.net at 2007-6-29 8:58:01 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 2

Haii,

I beleive two options are there.

one is to write a encryption program in client side and send it to the database.

another is write a seperate algoritham in database as a stored procedure for encryption.

sample java program in given below for client side encryption.

==========================================

import java.io.*;

import java.security.*;

public class security

{

public String encrypt(String password)throws NoSuchAlgorithmException

{

MessageDigest sha = null;

byte[] b1 = new byte[password.length()];

b1 = password.getBytes();

sha = MessageDigest.getInstance("SHA");

sha.reset();

sha.update(b1);

byte[] hash = sha.digest();

StringBuffer buf = new StringBuffer();

for(int i=0; i<hash.length;i++)

{

buf.append(hash);

}

return buf.toString();

}

}

==========================================

The progam is working fine and let me know if u face any problem.

Regards,

Jawahar Govindaraj

kgjawahar@yahoo.com

>

kgjawahar at 2007-6-29 8:58:01 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
Security
Other Security APIs, Tools, and Issues

Security New Topic

Security Hot Topic

Security

All Classified