Encrypting data in columns

Similar Messages

• Dbms_crypto encrypt date number datatype

  I am using oracle 11g. I am very new to dbms_crypto. I went through documentation but have following doubts:
  Is it mandatory to convert varchar2(32) to RAW to use dbms_crypto.encrypt?
  If I change varchar2(32) to RAW, Can I make it RAW(32) or does it needs to be bigger?
  Does the RAW size must be in multiple of 16?
  How can I encrypt data of datatype date and number using dbms_crypto?
  Thanks a lot for your time to clarify my quries?

  spur230 wrote:
  Is it mandatory to convert varchar2(32) to RAW to use dbms_crypto.encrypt?It's not mandatory, but it's certainly a good idea. If you store encrypted data in a VARCHAR2 column, that means that it is subject to character set conversion if it's moved from one database to another or sent from a database to a client machine. But if character set conversion happens, your encrypted data is corrupted.
  If I change varchar2(32) to RAW, Can I make it RAW(32) or does it needs to be bigger?
  Does the RAW size must be in multiple of 16?It would be helpful to specify exactly what algorithm and parameters you intend to use because it may vary. If, for example, we encrypt using AES-256 with Cipher Block Chaining and PKCS#5 compliant padding (which happens to be the example in the DBMS_CRYPTO manual), the output RAW will always be a multiple of 16 and as large or larger than the input RAW.
  A VARCHAR2(32) will either allocate 32 characters of storage or 32 bytes of storage depending on your NLS_LENGTH_SEMANTICS parameter. If you're using the default, it will allocate 32 bytes. But 32 bytes in the database character set may require more than 32 bytes of storage once you convert it to a UTF-8 encoded RAW (which, technically, also isn't required but is a good practice) and, thus, the encrypted string might require more than 32 bytes of storage. Your database character set and the actual data you store/ want to be able to store will influence how likely it is that you'll need a larger RAW than your VARCHAR2.
  How can I encrypt data of datatype date and number using dbms_crypto?dbms_crypto only operates on RAW data. Just like you convert strings to RAW before encrypting them, you'd need to convert your dates and numbers to RAW. For numbers, you should be able to use UTL_RAW.CAST_FROM_NUMBER. I don't know of a method of casting dates to a RAW other than converting them to a known string representation and then encrypting that (and, of course, doing the reverse when you decrypt the string and convert it back to a date using that same format).
  Justin

• How to insert encrypted data by using blowfish into mysql database

  Hi
  I have encrypted data using blowfish algorithm . And i tried to insert that encrypted data into mysql. it was stored but i dont know that it stores in the same encrypted formate
  When i am trying to get the encrypted data from the mysql database and decrypting that data i am getting errors.
  Exception are like
  input length should be multiple of 8 bits
  or Given block are not properly padded
  and when i am displaying the data using system.out.println ();
  the string is not similar to the string which is in database.
  what is the problem how can i solve my problem
  thank you

  It sounds like your column is a VARCHAR so you need to Base64 or Hex encode the cipertext bytes before putting them in the database.

• [Flex3/AIR] Storing encrypted data

  What symbols can I use when I store encrypted data in a
  encrypted local store. I'm trying to store a filepath to it, but
  when I try to load it again, I get error # 2030: End of file was
  encountered.
  Anyone who knows what the problem is?
  RdJ-1

  Hi,
  Are you trying this ,
  DECLARE @Tmp TABLE(Data XML)
  INSERT @Tmp SELECT '<Data>Password</Data>'
  SELECT * FROM @Tmp
  --Converting XML into VARCHAR and then inserting Encrypted value into VARBINARY column
  DECLARE @Tmp1 TABLE(Data VARBINARY(500))
  INSERT @Tmp1 SELECT (EncryptByPassPhrase('XX',CONVERT(VARCHAR(500),Data))) FROM @Tmp
  SELECT Data Encrypted FROM @Tmp1
  --Decrypting by passing passphrase
  SELECT CONVERT(XML, DECRYPTBYPASSPHRASE ('XX',Data)) Decrypted FROM @Tmp1
  sathya - www.allaboutmssql.com ** Mark as answered if my post solved your problem and Vote as helpful if my post was useful **.

• Encrypt a table column

  Hello,
  How can I encrypt a table column using oracle. It is more like the password column of the dba_users dictionary views.
  Michael Enudi

  Two other options.
  1.DBMS_CRYPTO
  http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/apdvncrp.htm#sthref2539
  2.DBMS_OBFUSCATION_TOOLKIT => enables an application to encrypt data using either the Data Encryption Standard (DES) or the Triple DES algorithms.
  http://download.oracle.com/docs/cd/B19306_01/appdev.102/b14258/d_obtool.htm#sthref4962

• Encrypting data for testing - but keeping it legible and the right length

  Hello,
  I currently work with a client where one of our final stages of testing is done against test databases (9.2), maintained by the client, but holding real data, taken as a snapshot. This gives us volumes of data similar to what will be encountered in production.
  The client now has a (valid) concern that our people testing the app therefore get to see 'real', if slightly out-of-date, data, particularly names and addresses, and have asked us if there's some way of hiding this from the testers, who have access to the test db both through a front-end mainly built on Oracle Forms, but also e.g. querying directly with SQL Plus.
  I can't just give all the parties stored in the system the same name or address, so what I think I'd like to do is to replace the sensitive data with encrypted versions, possibly using the DBMS_OBFUSCATION_TOOLKIT. A problem with that, though, is that the encrypted data could contain any characters and may cause problems displaying in the front-end, certainly where testers have to e.g. type in a name to search on.
  I could use rawtohex to convert the data into an easily read / typed format, but then the results could be too long for the existing columns and the fields in the front-ends.
  Has anyone encountered a similar problem and come up with a solution?
  Thanks in advance,
  James

  There are a variety of tools out there sold by companies to automate this sort of thing.
  One relatively common, and relatively simple, approach would be to run a process that mixes and matches data from different records. That is, you take the first name from record 1, the last name from record 2, address from record 3... Of course, you'd have to figure out how sophisticated a jumbling algorithm you need depending on how sensitive the data and how performant an algorithm you need depending on data volumes.
  Relatively efficient, but relatively simple to reverse, would be to use something like this to populate the tables
  insert into emp( ename, sal, comm )
  select ename,
        lag(sal) over( order by empno ),
        lag(comm,2) over (order by empno )
    from emp@prod_db_linkJustin

• EFS, password change denies access to encrypted data

  Hi,
  Has anyone had the issue with admin changing users password in Console One
  resulting in users not being able to access their encrypted data.
  Laptop users are using EFS to encrypt their data.
  These users have WinXPPro SP2 and we are running ZfD 6.5SP2.
  I have found IR 1 for ZfD 6.5 SP2 which includes TID3003874 "Personal IE
  certificates and EFS stop working after password change" however this does
  not fix the issue.
  Could someone explain in more detail what this fix does as I may have
  misunderstood what this fix is.
  Regards,
  Eric.

  I know this is an old thread, but I thought it would be best to those who
  found it realized that the best method for addressing this issue may be
  found here:
  http://www.novell.com/support/viewCo...rnalId=3724689
  However the MS article could still be useful for some.
  Craig Wilson - MCNE, MCSE, CCNA
  Novell Support Forums Volunteer Sysop
  Novell does not officially monitor these forums.
  Suggestions/Opinions/Statements made by me are solely my own.
  These thoughts may not be shared by either Novell or any rational human.
  "ghoskins" <[email protected]> wrote in message
  news:[email protected]..
  >
  > I'm having the same problem. I ran acrosss this Microsoft KB and it
  > seems to fix the issue. I'm not certain this is the best security
  > practices, but it does work.
  >
  > 'User cannot gain access to certificate functionality after password
  > change or when using a roaming profile'
  > (http://support.microsoft.com/default...b;en-us;331333)
  >
  >
  > --
  > ghoskins
  > ------------------------------------------------------------------------
  > ghoskins's Profile: http://forums.novell.com/member.php?userid=12306
  > View this thread: http://forums.novell.com/showthread.php?t=215857
  >

• What happens to encrypted data when the server is destroyed?

  Backups to tape are encrypted with a certificate. 
  But what happens if the backup server is destroyed? Do I lose all the backup data on those tapes?
  Can I backup the certificate or is it specific to that specific DPM server?
  In the case of a catastrophic datacenter failure, where everything is lost except the tapes and the certificate, what is the process for recovering the encrypted data?

  You can absolutely backup the certificates used for DPM encryption and you should store those somewhere safe (for example, burn to CD and put in a fireproof safe offsite somewhere secure in an encrypted file).
  This section of TechNet describes the process: http://technet.microsoft.com/en-us/library/jj628058.aspx
  If you had to recreate a DPM server to read the tapes then you'd need to the certificates in the correct certificate store on the DPM server, in addition you'd need to ensure you had the certificates for the certificate chain, if there is one, in the correct
  locations in the cert store.
  Once a cert expires, do not delete it from the DPM until all the tapes that have used that cert are no longer in use or have been overwritten.
  The data would need to be imported through the recovery section in DPM but you'd be able to read and recover the data if the certs were present. No cert = no recovery.

• How to export data with column headers in sql server 2008 with bcp command?

  Hi all,
  I want know "how to export data with column headers in sql server 2008 with bcp command", I know how to import data with import and export wizard. when i
  am trying to import data with bcp command data has been copied but column names are not came.
  I am using the below query:-
  EXEC master..xp_cmdshell
  'BCP "SELECT  * FROM   [tempdb].[dbo].[VBAS_ErrorLog] " QUERYOUT "D:\Temp\SQLServer.log" -c -t , -T -S SERVER-A'
  Thanks,
  SAAD.

  Hi All,
  I have done as per your suggestion but here i have face the below problem, in print statment it give correct query, in EXEC ( EXEC master..xp_cmdshell @BCPCMD) it was displayed error message like below
  DECLARE @BCPCMD
  nvarchar(4000)
  DECLARE @BCPCMD1
  nvarchar(4000)
  DECLARE @BCPCMD2
  nvarchar(4000)
  DECLARE @SQLEXPRESS
  varchar(50)
  DECLARE @filepath
  nvarchar(150),@SQLServer
  varchar(50)
  SET @filepath
  = N'"D:\Temp\LDH_SQLErrorlog_'+CAST(YEAR(GETDATE())
  as varchar(4))
  +RIGHT('00'+CAST(MONTH(GETDATE())
  as varchar(2)),2)
  +RIGHT('00'+CAST(DAY(GETDATE())
  as varchar(2)),2)+'.log" '
  Set @SQLServer
  =(SELECT
  @@SERVERNAME)
  SELECT @BCPCMD1
  = '''BCP "SELECT 
  * FROM   [tempdb].[dbo].[wErrorLog] " QUERYOUT '
  SELECT @BCPCMD2
  = '-c -t , -T -S '
  + @SQLServer + 
  SET @BCPCMD
  = @BCPCMD1+ @filepath 
  + @BCPCMD2
  Print @BCPCMD
  -- Print out below
  'BCP "SELECT 
  * FROM   [tempdb].[dbo].[wErrorLog] " QUERYOUT "D:\Temp\LDH_SQLErrorlog_20130313.log" -c -t , -T -S servername'
  EXEC
  master..xp_cmdshell
  @BCPCMD
    ''BCP' is not recognized as an internal or external command,
  operable program or batch file.
  NULL
  if i copy the print ourt put like below and excecute the CMD it was working fine, could you please suggest me what is the problem in above query.
  EXEC
  master..xp_cmdshell
  'BCP "SELECT  * FROM  
  [tempdb].[dbo].[wErrorLog] " QUERYOUT "D:\Temp\LDH_SQLErrorlog_20130313.log" -c -t , -T -S servername '
  Thanks, SAAD.

• How to insert data into datagrid dynamically and also programatically with data and column names being retrived from a xml file..

  iam not able to insert data into datagrid corresponding to the column names..as iam inserting both data and column names programatically..ie iam not able to co relate the data with the column names.plzzz help me asap

  A DataGrid is row-based rather than cell-based with each row
  corresponding to an item in an underlying collection (specified in the
  dataProvider property). In order to add data to a DataGrid you
  manipulate the underlying collection, rather than the grid directly.
  Based on the limited description of your problem I would imagine you
  would need to create dynamic objects with property names that correspond
  to the dataFields of your dynamically created datagrid columns.
  So if you had created columns with dataFields "alpha", "beta" and
  "gamma" on your datagrid, you could create an item in your grid by
  adding the following object to your dataProvider:
  var gridItem : Object = new Object();
  gridItem.alpha = "alphaValue";
  gridItem.beta = "betaValue";
  gridItem.gamma = "gammaValue";

• Want to display a date in column heading.

  Hi all,
  Will be thankful, if anyone can tell me how to solve one of the issue i am facing in webi variable display.
  In universe, i am creating one prompt for date and user will enter the desired date, and with respect to that date, the previous date and previous month last working date will come. In my Webi report , i have 3 dates and one measure(Quantity) with other dimensions like Product and Subproduct. 
  I have one cross table in which in want to show the 3 dates as Column heading, Product as row heading and Quantity(measure) in the table body. I have one more dimension as Area... which i want to show in horizontal way, for each Area, i want to show prompted date, previous date and previous month last date. I have created 3 variables.... 
  1. Current date = Max(date) In Report
  2. Previous date = Min(date) In Report
  3. Previous Month last day = (date) where (Rank = 2) ForEach(date)
  By this way, I am able to show Current date and  Previous Month last day in column heading, but not Previous day. Will appreciate if anyone can help me on the issue. let me know if any other information is required.
  Thanks
  Archit Sarwal

  Hi,
  The previous date is the previous business day, it can be dynamic. And previous month's last day is last business day, it can also be dynamic. And Previous daye can also be previous month's last business day in one of the scenerio.
  Actually i am using 3 filters with prompts (common prompt) in universe side. User will enter the date and corrosponding previous business day and previous month's last business day will come. 3 filters are:
  1. Current_Day = @prompt('Enter Date(YYYYMMDD)','A',,Mono,Free,Persistent)
  2. Previous_Day = (SELECT TOP 1 Date from [TableName] where Date < @prompt('Enter Date(YYYYMMDD)','A',,Mono,Free,Persistent) Order By Date Desc)
  3. Prior_Month last Day = (SELECT TOP 1 Date from [TableName] T where Month(T.Date) = Month(DateAdd(mm,-1,@prompt('Enter Date(YYYYMMDD)','A',,Mono,Free,Persistent))) Order By T.Date Desc)
  Dates are coming correct from Universe.  In Webi, i have created variables...
  CurrentDate = max([Date]) In Report
  LastDate = Min([Date]) In Report
  PriorDate = [(Date]) where ([Rank]=2) ForEach ([Date])
  I have calculated Rank for Date, and Rank 2 shows the Prior Date. Also, i have Entity, and want to show these dates for each entity along with 2 -3 more columns that depends on these 3 dates values. I am attaching the screenshot for the sample.
  Thanks
  Archit Sarwal

• Encrypting Data on part of a file system.

  A few months ago, using hints I found on the internet, I was able to use diskutil command line utililty to create an encrypted partition of the same sort as when turning FileVault on in Security Preferences.  File Vault doe not appear to offer a way to choose some pargt of the disk storage such as an entire drive of a folder on a drive.  I was able to do it and it worked.  When I mount the disk partition to the system (usualy by plugging it in and turning it on), I'm asked for the security pass phrase or key to decrypt it.  Once mounted with the key supplied, I can access it as any other mounted disk with the type of access restrictions that might be present on any disk.Since I want the data to be truly privatem U decline to put the key into the a known place such as the keychain.  I don't want just anyone who has a log on to this iMac to b e able to read this data.  I want them to need to enter a private key to mount the data. 
  My only problem with this is the hoops I needed to go through to do this.  It is complicated and invovlves setting up special partitions for the purpose.
  Searching Finder help for encrypting data it offered a solution for data on a removable drive.  The stepsare very simple and easy to do:
     a) Mount the files to be encrypted if they are not  online.  They also need to be in a folder or even an entire partition.
      b) Open Disk Utility (GUI version)
      c)Choose File > New > Disk Image From Folder (or New-> Disk Image ffrom a Device).
      d) Select the folder or disk you want to encrypt.
      e) A save dialog will pop up.  Select the name of the archive you wish to create and select a location.  I choose a removable disk partition which has enouh space.  Select Compressed if you wish.  Then Select Encryption and choose the key size for encryption from the drop dwon.  When you click Save, Disk Utility begins creating a disk image that is (possibly) compressed and probably encrypted.  Once done, the files in the folder or partiion are hiddent behind the encryption.  To get to them, you much open the DMG file and supply the password to unlock the encryption.  You can save the key in the keychain if you are not worreid about who can get in.  If you wish to restrict access to fewer people, keep the key secret and provide a recovery mechanism that is suitable for you need.
     f)  One the archive is created, the disk partition containing it may b4 mounted on the system (if it is not there already) and by opening the dmg file you will be asked for the key.  The system will validate that the key works and the encryption and comprewssion are working.  The archive will be mounted as a virual disk.  It can be accessed by any useer of that computer unless the file permissions get in the way.  Mounting it only when the computer is being used by authorized people allow you to mount and dismount the archive for use during a limited time.
  I have a couple of questions here.  Is there an easier way to do this?  Is this encryption as strong as that used in FileVault? 

  No. I don't know why it would not be, except it is easier for a person to leave the disk mounted where anyone can then see it. With FileVault forcing a password on wake from sleep, it will likely be encrypted if anyone found it.
  I'm not sure why you went to the trouble you did before, except the instructions might have been to create an encrypted partition as opposed to creating the disk image. Disk images have been around for at least a decade.
  If you plan on backing up the image with Time Machine, use a sparse bundle disk image as it will write the data to small files, called stripes. Only the stripes that change get backed up instead of the entire image.

• Moving a table with long data type column

  hi
  1.how to move a table with a long data type column in 8.1.7.3.0 ver database.
  alter table APPLSYS.FND_LOBS_DOCUMENT move lob(BLOB_CONTENT) store as (tablespace testing)
  ERROR at line 1:
  ORA-00997: illegal use of LONG datatype
  2. and a table with varray type column
  alter table APPLSYS.WF_ERROR move lob("USER_DATA"."PARAMETER_LIST") store as (tablespace testing)
  ERROR at line 1:
  ORA-22917: use VARRAY to define the storage clause for this column or attribute
  table description is:
  SQL> desc applsys.wf_error;
  Name Null? Type
  Q_NAME VARCHAR2(30)
  MSGID NOT NULL RAW(16)
  CORRID VARCHAR2(128)
  PRIORITY NUMBER
  STATE NUMBER
  DELAY DATE
  EXPIRATION NUMBER
  TIME_MANAGER_INFO DATE
  LOCAL_ORDER_NO NUMBER
  CHAIN_NO NUMBER
  CSCN NUMBER
  DSCN NUMBER
  ENQ_TIME DATE
  ENQ_UID NUMBER
  ENQ_TID VARCHAR2(30)
  DEQ_TIME DATE
  DEQ_UID NUMBER
  DEQ_TID VARCHAR2(30)
  RETRY_COUNT NUMBER
  EXCEPTION_QSCHEMA VARCHAR2(30)
  EXCEPTION_QUEUE VARCHAR2(30)
  STEP_NO NUMBER
  RECIPIENT_KEY NUMBER
  DEQUEUE_MSGID RAW(16)
  SENDER_NAME VARCHAR2(30)
  SENDER_ADDRESS VARCHAR2(1024)
  SENDER_PROTOCOL NUMBER
  USER_DATA APPS.WF_EVENT_T
  lob column:
  SQL> select owner,table_name,column_name from dba_lobs where table_name='WF_ERROR';
  OWNER TABLE_NAME COLUMN_NAME
  APPLSYS WF_ERROR "USER_DATA"."PARAMETER_LIST"
  APPLSYS WF_ERROR "USER_DATA"."EVENT_DATA"
  pls help me
  thanks and regards
  srinivas

  1. Export and import
  2. Sql*Plus 'copy' command
  It is a good idea to move from 'LONG' to 'CLOB'.

• ** How to encrypt data when saving it in DB directly?

  Hi All,
  I want a method to encrypt data in the database when saving it directly
  that is when any one enabled to see the data he will see it encrypted!

  Hi..
  What is the oracle database version???
  As you want the users to see the encypted data, the best option is use DBMS_CRYPTO to encrypt the data.
  [http://download.oracle.com/docs/cd/B19306_01/appdev.102/b14258/d_crypto.htm]
  [http://www.oracle-base.com/articles/10g/DatabaseSecurityEnhancements10g.php]
  HTH
  Anand
  Edited by: Anand... on Oct 19, 2009 2:11 PM

• Issue with using formatted date value column in order by clause...

  Hi,
  1) Through a function I am listing all the months in a year.
  like JAN-2007, FEB-2007,MAR-2007......
  2) i am comparing these values against a date value column in a table.
  And if there are no values in a particular period it will return a null value (simply to say, i am using an outer join)
  3) The issue.....
  When join both the queries then the order of the dates is not mainted .....
  My requirement is......
  Jan-2007 = 3
  Feb-2007 = 5
  Mar-2007 = null
  etc.....
  should be acheived.
  But I end up in the alphabetical order of the months....
  like
  Apr-2007 = 5
  Aug-2007 = 10
  etc.....
  Can anybody let me know how can i acheive my resultant output to be ordered by the date and not by character.
  When I use the date column in the order by I run into an error....
  saying....
  ORA-01858: a non-numeric character was found where a numeric was expected
  Its a kind of urgent...
  Any help is appreciated....
  KK

  When I use a outer join as follows....
  "and upper(to_char(a.task_planned_start_date,'mon-rrrr')) = d.period_name(+)"
  All the null periods are ending at the bottom.It's standard behavoiur.
  Seems, you need to sort by a.task_planned_start_date.
  Look below:
  SQL> select e.ename, ec.ename from emp e, emp_copy ec
    2  where e.empno = ec.empno(+);
  ENAME      ENAME
  SMITH      SMITH
  ALLEN
  WARD       WARD
  JONES
  MARTIN     MARTIN
  BLAKE
  CLARK      CLARK
  SCOTT
  KING       KING
  TURNER
  ADAMS      ADAMS
  JAMES
  FORD       FORD
  MILLER
  14 rows selected.
  SQL> select e.ename, ec.ename from emp e, emp_copy ec
    2  where e.empno = ec.empno(+)
    3  order by ec.ename
    4  /
  ENAME      ENAME
  ADAMS      ADAMS
  CLARK      CLARK
  FORD       FORD
  KING       KING
  MARTIN     MARTIN
  SMITH      SMITH
  WARD       WARD
  JAMES
  TURNER
  ALLEN
  MILLER
  BLAKE
  JONES
  SCOTT
  14 rows selected.
  SQL> select e.ename, ec.ename from emp e, emp_copy ec
    2  where e.empno = ec.empno(+)
    3  order by e.ename
    4  /
  ENAME      ENAME
  ADAMS      ADAMS
  ALLEN
  BLAKE
  CLARK      CLARK
  FORD       FORD
  JAMES
  JONES
  KING       KING
  MARTIN     MARTIN
  MILLER
  SCOTT
  SMITH      SMITH
  TURNER
  WARD       WARD
  14 rows selected.Rgds.