Encrypting data in columns
Is there a way to encrypt certain column in a table in 8i?
You can use the dbms_obfuscation package.
Note that you'll have to store your private key somewhere in order to decrypt the data. If you store your private key in the database, some database user will be able to access it to decrypt the data.
Justin
Similar Messages
-
Dbms_crypto encrypt date number datatype
I am using oracle 11g. I am very new to dbms_crypto. I went through documentation but have following doubts:
Is it mandatory to convert varchar2(32) to RAW to use dbms_crypto.encrypt?
If I change varchar2(32) to RAW, Can I make it RAW(32) or does it needs to be bigger?
Does the RAW size must be in multiple of 16?
How can I encrypt data of datatype date and number using dbms_crypto?
Thanks a lot for your time to clarify my quries?spur230 wrote:
Is it mandatory to convert varchar2(32) to RAW to use dbms_crypto.encrypt?It's not mandatory, but it's certainly a good idea. If you store encrypted data in a VARCHAR2 column, that means that it is subject to character set conversion if it's moved from one database to another or sent from a database to a client machine. But if character set conversion happens, your encrypted data is corrupted.
If I change varchar2(32) to RAW, Can I make it RAW(32) or does it needs to be bigger?
Does the RAW size must be in multiple of 16?It would be helpful to specify exactly what algorithm and parameters you intend to use because it may vary. If, for example, we encrypt using AES-256 with Cipher Block Chaining and PKCS#5 compliant padding (which happens to be the example in the DBMS_CRYPTO manual), the output RAW will always be a multiple of 16 and as large or larger than the input RAW.
A VARCHAR2(32) will either allocate 32 characters of storage or 32 bytes of storage depending on your NLS_LENGTH_SEMANTICS parameter. If you're using the default, it will allocate 32 bytes. But 32 bytes in the database character set may require more than 32 bytes of storage once you convert it to a UTF-8 encoded RAW (which, technically, also isn't required but is a good practice) and, thus, the encrypted string might require more than 32 bytes of storage. Your database character set and the actual data you store/ want to be able to store will influence how likely it is that you'll need a larger RAW than your VARCHAR2.
How can I encrypt data of datatype date and number using dbms_crypto?dbms_crypto only operates on RAW data. Just like you convert strings to RAW before encrypting them, you'd need to convert your dates and numbers to RAW. For numbers, you should be able to use UTL_RAW.CAST_FROM_NUMBER. I don't know of a method of casting dates to a RAW other than converting them to a known string representation and then encrypting that (and, of course, doing the reverse when you decrypt the string and convert it back to a date using that same format).
Justin -
How to insert encrypted data by using blowfish into mysql database
Hi
I have encrypted data using blowfish algorithm . And i tried to insert that encrypted data into mysql. it was stored but i dont know that it stores in the same encrypted formate
When i am trying to get the encrypted data from the mysql database and decrypting that data i am getting errors.
Exception are like
input length should be multiple of 8 bits
or Given block are not properly padded
and when i am displaying the data using system.out.println ();
the string is not similar to the string which is in database.
what is the problem how can i solve my problem
thank youIt sounds like your column is a VARCHAR so you need to Base64 or Hex encode the cipertext bytes before putting them in the database.
-
[Flex3/AIR] Storing encrypted data
What symbols can I use when I store encrypted data in a
encrypted local store. I'm trying to store a filepath to it, but
when I try to load it again, I get error # 2030: End of file was
encountered.
Anyone who knows what the problem is?
RdJ-1Hi,
Are you trying this ,
DECLARE @Tmp TABLE(Data XML)
INSERT @Tmp SELECT '<Data>Password</Data>'
SELECT * FROM @Tmp
--Converting XML into VARCHAR and then inserting Encrypted value into VARBINARY column
DECLARE @Tmp1 TABLE(Data VARBINARY(500))
INSERT @Tmp1 SELECT (EncryptByPassPhrase('XX',CONVERT(VARCHAR(500),Data))) FROM @Tmp
SELECT Data Encrypted FROM @Tmp1
--Decrypting by passing passphrase
SELECT CONVERT(XML, DECRYPTBYPASSPHRASE ('XX',Data)) Decrypted FROM @Tmp1
sathya - www.allaboutmssql.com ** Mark as answered if my post solved your problem and Vote as helpful if my post was useful **. -
Hello,
How can I encrypt a table column using oracle. It is more like the password column of the dba_users dictionary views.
Michael EnudiTwo other options.
1.DBMS_CRYPTO
http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/apdvncrp.htm#sthref2539
2.DBMS_OBFUSCATION_TOOLKIT => enables an application to encrypt data using either the Data Encryption Standard (DES) or the Triple DES algorithms.
http://download.oracle.com/docs/cd/B19306_01/appdev.102/b14258/d_obtool.htm#sthref4962 -
Encrypting data for testing - but keeping it legible and the right length
Hello,
I currently work with a client where one of our final stages of testing is done against test databases (9.2), maintained by the client, but holding real data, taken as a snapshot. This gives us volumes of data similar to what will be encountered in production.
The client now has a (valid) concern that our people testing the app therefore get to see 'real', if slightly out-of-date, data, particularly names and addresses, and have asked us if there's some way of hiding this from the testers, who have access to the test db both through a front-end mainly built on Oracle Forms, but also e.g. querying directly with SQL Plus.
I can't just give all the parties stored in the system the same name or address, so what I think I'd like to do is to replace the sensitive data with encrypted versions, possibly using the DBMS_OBFUSCATION_TOOLKIT. A problem with that, though, is that the encrypted data could contain any characters and may cause problems displaying in the front-end, certainly where testers have to e.g. type in a name to search on.
I could use rawtohex to convert the data into an easily read / typed format, but then the results could be too long for the existing columns and the fields in the front-ends.
Has anyone encountered a similar problem and come up with a solution?
Thanks in advance,
JamesThere are a variety of tools out there sold by companies to automate this sort of thing.
One relatively common, and relatively simple, approach would be to run a process that mixes and matches data from different records. That is, you take the first name from record 1, the last name from record 2, address from record 3... Of course, you'd have to figure out how sophisticated a jumbling algorithm you need depending on how sensitive the data and how performant an algorithm you need depending on data volumes.
Relatively efficient, but relatively simple to reverse, would be to use something like this to populate the tables
insert into emp( ename, sal, comm )
select ename,
lag(sal) over( order by empno ),
lag(comm,2) over (order by empno )
from emp@prod_db_linkJustin -
EFS, password change denies access to encrypted data
Hi,
Has anyone had the issue with admin changing users password in Console One
resulting in users not being able to access their encrypted data.
Laptop users are using EFS to encrypt their data.
These users have WinXPPro SP2 and we are running ZfD 6.5SP2.
I have found IR 1 for ZfD 6.5 SP2 which includes TID3003874 "Personal IE
certificates and EFS stop working after password change" however this does
not fix the issue.
Could someone explain in more detail what this fix does as I may have
misunderstood what this fix is.
Regards,
Eric.I know this is an old thread, but I thought it would be best to those who
found it realized that the best method for addressing this issue may be
found here:
http://www.novell.com/support/viewCo...rnalId=3724689
However the MS article could still be useful for some.
Craig Wilson - MCNE, MCSE, CCNA
Novell Support Forums Volunteer Sysop
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.
"ghoskins" <[email protected]> wrote in message
news:[email protected]..
>
> I'm having the same problem. I ran acrosss this Microsoft KB and it
> seems to fix the issue. I'm not certain this is the best security
> practices, but it does work.
>
> 'User cannot gain access to certificate functionality after password
> change or when using a roaming profile'
> (http://support.microsoft.com/default...b;en-us;331333)
>
>
> --
> ghoskins
> ------------------------------------------------------------------------
> ghoskins's Profile: http://forums.novell.com/member.php?userid=12306
> View this thread: http://forums.novell.com/showthread.php?t=215857
> -
What happens to encrypted data when the server is destroyed?
Backups to tape are encrypted with a certificate.
But what happens if the backup server is destroyed? Do I lose all the backup data on those tapes?
Can I backup the certificate or is it specific to that specific DPM server?
In the case of a catastrophic datacenter failure, where everything is lost except the tapes and the certificate, what is the process for recovering the encrypted data?You can absolutely backup the certificates used for DPM encryption and you should store those somewhere safe (for example, burn to CD and put in a fireproof safe offsite somewhere secure in an encrypted file).
This section of TechNet describes the process: http://technet.microsoft.com/en-us/library/jj628058.aspx
If you had to recreate a DPM server to read the tapes then you'd need to the certificates in the correct certificate store on the DPM server, in addition you'd need to ensure you had the certificates for the certificate chain, if there is one, in the correct
locations in the cert store.
Once a cert expires, do not delete it from the DPM until all the tapes that have used that cert are no longer in use or have been overwritten.
The data would need to be imported through the recovery section in DPM but you'd be able to read and recover the data if the certs were present. No cert = no recovery. -
How to export data with column headers in sql server 2008 with bcp command?
Hi all,
I want know "how to export data with column headers in sql server 2008 with bcp command", I know how to import data with import and export wizard. when i
am trying to import data with bcp command data has been copied but column names are not came.
I am using the below query:-
EXEC master..xp_cmdshell
'BCP "SELECT * FROM [tempdb].[dbo].[VBAS_ErrorLog] " QUERYOUT "D:\Temp\SQLServer.log" -c -t , -T -S SERVER-A'
Thanks,
SAAD.Hi All,
I have done as per your suggestion but here i have face the below problem, in print statment it give correct query, in EXEC ( EXEC master..xp_cmdshell @BCPCMD) it was displayed error message like below
DECLARE @BCPCMD
nvarchar(4000)
DECLARE @BCPCMD1
nvarchar(4000)
DECLARE @BCPCMD2
nvarchar(4000)
DECLARE @SQLEXPRESS
varchar(50)
DECLARE @filepath
nvarchar(150),@SQLServer
varchar(50)
SET @filepath
= N'"D:\Temp\LDH_SQLErrorlog_'+CAST(YEAR(GETDATE())
as varchar(4))
+RIGHT('00'+CAST(MONTH(GETDATE())
as varchar(2)),2)
+RIGHT('00'+CAST(DAY(GETDATE())
as varchar(2)),2)+'.log" '
Set @SQLServer
=(SELECT
@@SERVERNAME)
SELECT @BCPCMD1
= '''BCP "SELECT
* FROM [tempdb].[dbo].[wErrorLog] " QUERYOUT '
SELECT @BCPCMD2
= '-c -t , -T -S '
+ @SQLServer +
SET @BCPCMD
= @BCPCMD1+ @filepath
+ @BCPCMD2
Print @BCPCMD
-- Print out below
'BCP "SELECT
* FROM [tempdb].[dbo].[wErrorLog] " QUERYOUT "D:\Temp\LDH_SQLErrorlog_20130313.log" -c -t , -T -S servername'
EXEC
master..xp_cmdshell
@BCPCMD
''BCP' is not recognized as an internal or external command,
operable program or batch file.
NULL
if i copy the print ourt put like below and excecute the CMD it was working fine, could you please suggest me what is the problem in above query.
EXEC
master..xp_cmdshell
'BCP "SELECT * FROM
[tempdb].[dbo].[wErrorLog] " QUERYOUT "D:\Temp\LDH_SQLErrorlog_20130313.log" -c -t , -T -S servername '
Thanks, SAAD. -
iam not able to insert data into datagrid corresponding to the column names..as iam inserting both data and column names programatically..ie iam not able to co relate the data with the column names.plzzz help me asap
A DataGrid is row-based rather than cell-based with each row
corresponding to an item in an underlying collection (specified in the
dataProvider property). In order to add data to a DataGrid you
manipulate the underlying collection, rather than the grid directly.
Based on the limited description of your problem I would imagine you
would need to create dynamic objects with property names that correspond
to the dataFields of your dynamically created datagrid columns.
So if you had created columns with dataFields "alpha", "beta" and
"gamma" on your datagrid, you could create an item in your grid by
adding the following object to your dataProvider:
var gridItem : Object = new Object();
gridItem.alpha = "alphaValue";
gridItem.beta = "betaValue";
gridItem.gamma = "gammaValue"; -
Want to display a date in column heading.
Hi all,
Will be thankful, if anyone can tell me how to solve one of the issue i am facing in webi variable display.
In universe, i am creating one prompt for date and user will enter the desired date, and with respect to that date, the previous date and previous month last working date will come. In my Webi report , i have 3 dates and one measure(Quantity) with other dimensions like Product and Subproduct.
I have one cross table in which in want to show the 3 dates as Column heading, Product as row heading and Quantity(measure) in the table body. I have one more dimension as Area... which i want to show in horizontal way, for each Area, i want to show prompted date, previous date and previous month last date. I have created 3 variables....
1. Current date = Max(date) In Report
2. Previous date = Min(date) In Report
3. Previous Month last day = (date) where (Rank = 2) ForEach(date)
By this way, I am able to show Current date and Previous Month last day in column heading, but not Previous day. Will appreciate if anyone can help me on the issue. let me know if any other information is required.
Thanks
Archit SarwalHi,
The previous date is the previous business day, it can be dynamic. And previous month's last day is last business day, it can also be dynamic. And Previous daye can also be previous month's last business day in one of the scenerio.
Actually i am using 3 filters with prompts (common prompt) in universe side. User will enter the date and corrosponding previous business day and previous month's last business day will come. 3 filters are:
1. Current_Day = @prompt('Enter Date(YYYYMMDD)','A',,Mono,Free,Persistent)
2. Previous_Day = (SELECT TOP 1 Date from [TableName] where Date < @prompt('Enter Date(YYYYMMDD)','A',,Mono,Free,Persistent) Order By Date Desc)
3. Prior_Month last Day = (SELECT TOP 1 Date from [TableName] T where Month(T.Date) = Month(DateAdd(mm,-1,@prompt('Enter Date(YYYYMMDD)','A',,Mono,Free,Persistent))) Order By T.Date Desc)
Dates are coming correct from Universe. In Webi, i have created variables...
CurrentDate = max([Date]) In Report
LastDate = Min([Date]) In Report
PriorDate = [(Date]) where ([Rank]=2) ForEach ([Date])
I have calculated Rank for Date, and Rank 2 shows the Prior Date. Also, i have Entity, and want to show these dates for each entity along with 2 -3 more columns that depends on these 3 dates values. I am attaching the screenshot for the sample.
Thanks
Archit Sarwal -
Encrypting Data on part of a file system.
A few months ago, using hints I found on the internet, I was able to use diskutil command line utililty to create an encrypted partition of the same sort as when turning FileVault on in Security Preferences. File Vault doe not appear to offer a way to choose some pargt of the disk storage such as an entire drive of a folder on a drive. I was able to do it and it worked. When I mount the disk partition to the system (usualy by plugging it in and turning it on), I'm asked for the security pass phrase or key to decrypt it. Once mounted with the key supplied, I can access it as any other mounted disk with the type of access restrictions that might be present on any disk.Since I want the data to be truly privatem U decline to put the key into the a known place such as the keychain. I don't want just anyone who has a log on to this iMac to b e able to read this data. I want them to need to enter a private key to mount the data.
My only problem with this is the hoops I needed to go through to do this. It is complicated and invovlves setting up special partitions for the purpose.
Searching Finder help for encrypting data it offered a solution for data on a removable drive. The stepsare very simple and easy to do:
a) Mount the files to be encrypted if they are not online. They also need to be in a folder or even an entire partition.
b) Open Disk Utility (GUI version)
c)Choose File > New > Disk Image From Folder (or New-> Disk Image ffrom a Device).
d) Select the folder or disk you want to encrypt.
e) A save dialog will pop up. Select the name of the archive you wish to create and select a location. I choose a removable disk partition which has enouh space. Select Compressed if you wish. Then Select Encryption and choose the key size for encryption from the drop dwon. When you click Save, Disk Utility begins creating a disk image that is (possibly) compressed and probably encrypted. Once done, the files in the folder or partiion are hiddent behind the encryption. To get to them, you much open the DMG file and supply the password to unlock the encryption. You can save the key in the keychain if you are not worreid about who can get in. If you wish to restrict access to fewer people, keep the key secret and provide a recovery mechanism that is suitable for you need.
f) One the archive is created, the disk partition containing it may b4 mounted on the system (if it is not there already) and by opening the dmg file you will be asked for the key. The system will validate that the key works and the encryption and comprewssion are working. The archive will be mounted as a virual disk. It can be accessed by any useer of that computer unless the file permissions get in the way. Mounting it only when the computer is being used by authorized people allow you to mount and dismount the archive for use during a limited time.
I have a couple of questions here. Is there an easier way to do this? Is this encryption as strong as that used in FileVault?No. I don't know why it would not be, except it is easier for a person to leave the disk mounted where anyone can then see it. With FileVault forcing a password on wake from sleep, it will likely be encrypted if anyone found it.
I'm not sure why you went to the trouble you did before, except the instructions might have been to create an encrypted partition as opposed to creating the disk image. Disk images have been around for at least a decade.
If you plan on backing up the image with Time Machine, use a sparse bundle disk image as it will write the data to small files, called stripes. Only the stripes that change get backed up instead of the entire image. -
Moving a table with long data type column
hi
1.how to move a table with a long data type column in 8.1.7.3.0 ver database.
alter table APPLSYS.FND_LOBS_DOCUMENT move lob(BLOB_CONTENT) store as (tablespace testing)
ERROR at line 1:
ORA-00997: illegal use of LONG datatype
2. and a table with varray type column
alter table APPLSYS.WF_ERROR move lob("USER_DATA"."PARAMETER_LIST") store as (tablespace testing)
ERROR at line 1:
ORA-22917: use VARRAY to define the storage clause for this column or attribute
table description is:
SQL> desc applsys.wf_error;
Name Null? Type
Q_NAME VARCHAR2(30)
MSGID NOT NULL RAW(16)
CORRID VARCHAR2(128)
PRIORITY NUMBER
STATE NUMBER
DELAY DATE
EXPIRATION NUMBER
TIME_MANAGER_INFO DATE
LOCAL_ORDER_NO NUMBER
CHAIN_NO NUMBER
CSCN NUMBER
DSCN NUMBER
ENQ_TIME DATE
ENQ_UID NUMBER
ENQ_TID VARCHAR2(30)
DEQ_TIME DATE
DEQ_UID NUMBER
DEQ_TID VARCHAR2(30)
RETRY_COUNT NUMBER
EXCEPTION_QSCHEMA VARCHAR2(30)
EXCEPTION_QUEUE VARCHAR2(30)
STEP_NO NUMBER
RECIPIENT_KEY NUMBER
DEQUEUE_MSGID RAW(16)
SENDER_NAME VARCHAR2(30)
SENDER_ADDRESS VARCHAR2(1024)
SENDER_PROTOCOL NUMBER
USER_DATA APPS.WF_EVENT_T
lob column:
SQL> select owner,table_name,column_name from dba_lobs where table_name='WF_ERROR';
OWNER TABLE_NAME COLUMN_NAME
APPLSYS WF_ERROR "USER_DATA"."PARAMETER_LIST"
APPLSYS WF_ERROR "USER_DATA"."EVENT_DATA"
pls help me
thanks and regards
srinivas1. Export and import
2. Sql*Plus 'copy' command
It is a good idea to move from 'LONG' to 'CLOB'. -
** How to encrypt data when saving it in DB directly?
Hi All,
I want a method to encrypt data in the database when saving it directly
that is when any one enabled to see the data he will see it encrypted!Hi..
What is the oracle database version???
As you want the users to see the encypted data, the best option is use DBMS_CRYPTO to encrypt the data.
[http://download.oracle.com/docs/cd/B19306_01/appdev.102/b14258/d_crypto.htm]
[http://www.oracle-base.com/articles/10g/DatabaseSecurityEnhancements10g.php]
HTH
Anand
Edited by: Anand... on Oct 19, 2009 2:11 PM -
Issue with using formatted date value column in order by clause...
Hi,
1) Through a function I am listing all the months in a year.
like JAN-2007, FEB-2007,MAR-2007......
2) i am comparing these values against a date value column in a table.
And if there are no values in a particular period it will return a null value (simply to say, i am using an outer join)
3) The issue.....
When join both the queries then the order of the dates is not mainted .....
My requirement is......
Jan-2007 = 3
Feb-2007 = 5
Mar-2007 = null
etc.....
should be acheived.
But I end up in the alphabetical order of the months....
like
Apr-2007 = 5
Aug-2007 = 10
etc.....
Can anybody let me know how can i acheive my resultant output to be ordered by the date and not by character.
When I use the date column in the order by I run into an error....
saying....
ORA-01858: a non-numeric character was found where a numeric was expected
Its a kind of urgent...
Any help is appreciated....
KKWhen I use a outer join as follows....
"and upper(to_char(a.task_planned_start_date,'mon-rrrr')) = d.period_name(+)"
All the null periods are ending at the bottom.It's standard behavoiur.
Seems, you need to sort by a.task_planned_start_date.
Look below:
SQL> select e.ename, ec.ename from emp e, emp_copy ec
2 where e.empno = ec.empno(+);
ENAME ENAME
SMITH SMITH
ALLEN
WARD WARD
JONES
MARTIN MARTIN
BLAKE
CLARK CLARK
SCOTT
KING KING
TURNER
ADAMS ADAMS
JAMES
FORD FORD
MILLER
14 rows selected.
SQL> select e.ename, ec.ename from emp e, emp_copy ec
2 where e.empno = ec.empno(+)
3 order by ec.ename
4 /
ENAME ENAME
ADAMS ADAMS
CLARK CLARK
FORD FORD
KING KING
MARTIN MARTIN
SMITH SMITH
WARD WARD
JAMES
TURNER
ALLEN
MILLER
BLAKE
JONES
SCOTT
14 rows selected.
SQL> select e.ename, ec.ename from emp e, emp_copy ec
2 where e.empno = ec.empno(+)
3 order by e.ename
4 /
ENAME ENAME
ADAMS ADAMS
ALLEN
BLAKE
CLARK CLARK
FORD FORD
JAMES
JONES
KING KING
MARTIN MARTIN
MILLER
SCOTT
SMITH SMITH
TURNER
WARD WARD
14 rows selected.Rgds.
Maybe you are looking for
-
'Document store operation failed due to missing authorization'
Hi all, I am getting the error message 'Document store operation failed due to missing authorization' when trying to save the workbook as the existing Workbook after changing the structure for it. We are using the Authorization Hierarchies. What is
-
Multiple Header Line In HIERSEQ ALV
Hi Experts, Please guide me how to get miltile Header lines in the HIERSEQ Alv , My requirment it develop a genledger for customers in which the Address of customer should be in 3 or four lines then followed by its balances. Please suggest me ... Reg
-
Report TNS time out errors in EM
TNS 12535 timeouts. they appear in the alert log. Is there a way to get them captured in the EM/Grid control? oel 11.2.0.2 em11
-
SQL Developer and Oracle Database 10g Express Edition, Connection Problem
I am using SQL Developer version 1.2.1 and am connecting to a 10g database on a windows xp. Up until today there have been no problems with the connection. When I tried to connect to the database and have not been able to. The error states that "...l
-
Levels of Job Families - not working in EHP4
Dear SAP Experts, We are on SAP EHP4 and want to use the Functional Area & Job Family. We are a little confused as there is some SAP documentation referring to Levels of Job Family. We created a scale in transaction OOSC and ran report RHTM_T77TM_JF_