For example, if in some tool, all the parameters are stored in repository tables, and therefore, its not very nice if the passwords are stored there in plain text. They should at least be made illegible, so that they dont appear in plain text and there is some effort spent in decoding it.
Base64 encoding is an industry standard and almost all programming languages, development toolkits provide plugins for this. For Oracle, there are pre-existing packages providing the functionality.
We can use base 64 encoding on oracle side using Oracle supplied package UTL_ENCODE. On the perl side, we could use cpan package MIME:Base64. Other languages provide different kinds of plug-ins. For example, ruby on rails has a plug in for this, Javascript also allows this to be done relatively easily.
The idea is that, such sensitive data to be entered by customers, in encoded format. So, we also dont see the plain text version. And then the program uses the encoded version, right to the point before actual data needs to be used.
For achieving this, following way of working can be used :
1. On Oracle side, the sensitive data is encoded using a program call equivalent to the following will return an encoded/decoded string for a given input string.
FUNCTION fnc_encrypt(lv_str IN VARCHAR2)
RETURN VARCHAR2
AS
BEGIN
RETURN utl_raw.cast_to_varchar2(UTL_ENCODE.BASE64_ENCODE(utl_raw.cast_to_raw(lv_str)));
END;
FUNCTION fnc_decrypt(lv_str IN VARCHAR2)
RETURN VARCHAR2
AS
BEGIN
RETURN utl_raw.cast_to_varchar2(UTL_ENCODE.BASE64_deCODE(utl_raw.cast_to_raw(lv_str)));
END;
Its a design decision whether to put this code in a procedure/package somewhere.
2. On the other end of the processing chain, reverse operation would have to be performed. For example, in Perl, the implementation relies on the cpan package MIME:Base64
use MIME::Base64 ();and then use the decode/encode function as per the need...
MIME::Base64::decode($PI_CAT_PWD);
MIME::Base64::encode($PI_CAT_PWD);
No comments:
Post a Comment