| Subject | Customising Security database 1 |
|---|---|
| Author | Adomas Urbanavicius |
| Post date | 2004-12-14T10:21:05Z |
Hi,
Second part of security :)
Jus wonder, if I am logged as sysdba in exct DB via alias remotely
(this means I dont know where is security database file),
is there any posibility to check other user or my pwd (as far as I
understad it is encrypted in triple DES),
By this I could check if sysdba is my sysdba, and if I write UDF which
enrypts via triple DES, I can check if sysdba is correct
For example
I have encrypted table SensitiveData,
and I distribute this sd.gdb to customers. this file is being seen other
sysdba in other app.It is decrypted only from my app.
If I know only one correct sysdba pwd, only then I decrypt table :
IN SP :
SELECT MYPWD FROM GET_MYPWD(CURRENT_USER) INTO :MYPWD;
SELECT APP_PWD FROM ENCRYPT_APP_PWD() INTO APP_PWD;
IF APP_PWD <> MY_PWD THEN EXIT;
ELSE
BLAH BLAH BLAH.
My concern is : to get my pwd : GET_MYPWD(CURRENT_USER) .
Is it possible ?
Adomas
Second part of security :)
Jus wonder, if I am logged as sysdba in exct DB via alias remotely
(this means I dont know where is security database file),
is there any posibility to check other user or my pwd (as far as I
understad it is encrypted in triple DES),
By this I could check if sysdba is my sysdba, and if I write UDF which
enrypts via triple DES, I can check if sysdba is correct
For example
I have encrypted table SensitiveData,
and I distribute this sd.gdb to customers. this file is being seen other
sysdba in other app.It is decrypted only from my app.
If I know only one correct sysdba pwd, only then I decrypt table :
IN SP :
SELECT MYPWD FROM GET_MYPWD(CURRENT_USER) INTO :MYPWD;
SELECT APP_PWD FROM ENCRYPT_APP_PWD() INTO APP_PWD;
IF APP_PWD <> MY_PWD THEN EXIT;
ELSE
BLAH BLAH BLAH.
My concern is : to get my pwd : GET_MYPWD(CURRENT_USER) .
Is it possible ?
Adomas