How to encrypt password with hash function in Java?

Similar Messages

• How to encrypt password in Forms10g while calling in batch mode

  We are migrating our Forms 6i batch jobs to Forms10g. There are two ways we can pass login
  information.
  1. In formsweb.cfg
  2. Pass in URL string 'userid=username/password@connectstring'
  In both cases the password is not secured. In option # 1 password is in the configuration file in plain text. In
  second option # 2, its in the URL.
  BTW, we are using HTTPS protocol while calling form in batch mode and we are not using SSO.
  Is there a way, we can use data source in frmservlet while calling form in batch mode. Like in Java, we can create data source with indirect password, the password is encrypted.
  Basically, we would like to encrypt our password, we have very strict security guidelines.
  Please let us know if there are any options, how to encrypt password in Forms 10g
  Regards,
  Gufran

  One option maybe the following :
  - Create a file holding the encrpyted username/password on the application server side (in the working directory of your oracle forms application)
  - As a parameter, pass the name of your file to the form
  - when the form is getting called, read the name file in (TEXT_IO) and use the logon built-in with the value from the password file
  How to create an encrpyted file :
  - use the obfuscation toolkit to encrypt username/password@instance into a varchar2
  - write this value to a file using oracle forms (TEXT_IO)
  FUNCTION f_encrypt_string(p_key IN VARCHAR2)
  RETURN VARCHAR2 IS v_encrypt_string VARCHAR2(2000) := 'N/A';
  l_data VARCHAR2(2000);
  BEGIN
  -- if neccessary create a text where the length of the string
  -- is diviteable by 8 (which is a requirement of dbms_obfuscation_toolkit)
  l_data := RPAD(p_key, (TRUNC(LENGTH(p_key)/8)+1)*8, CHR(0));
  DBMS_OBFUSCATION_TOOLKIT.DESEncrypt(input_string => l_data,
  key_string => 'MagicKey',
  encrypted_string=> v_encrypt_string);
  RETURN (v_encrypt_string);
  END;
  Edited by: user434854 on Apr 8, 2009 5:17 AM

• How to encrypte password using form 6i?

  Dear all,
  How to encrypte password using form 6i?
  Best Regards,
  Amy
  Edited by: amychan60 on Sep 29, 2008 8:23 PM

  DBMS_CRYPTO and DBMS_OBFUSCATION_TOOLKIT packages provide APIs for data encryption.
  Note: 102902.1 - Encrypting Data using the DBMS_OBFUSCATION_TOOLKIT package
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=102902.1
  Note: 197400.1 - Example Code Encrypting Credit Card Numbers
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=197400.1
  Developing Applications Using Data Encryption
  http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/apdvncrp.htm

• How to encrypt password using md5

  Hello all,
  I would like to generate a password and encrypt it using md5 with the current time(System's time) as the key, in Servlets.
  How do i go about doing this?
  Kindly guide.
  regards
  appu

  >
  I would like to generate a password and encrypt it
  using md5 MD5 is a non-reversible hashing, not an encryption!
  with the current time(System's time) as the
  key, If you use the current system time as the key for any encryption algorithm then how are you going to know what system time to use to decrypt?
  in Servlets.
  How do i go about doing this?Read up on encryption, the JCE and Servlets.

• How to encrypt password columns

  I would like to create a table to store the username and password for all my application users. There are a problem with password encryption. When I create a table as follows,
  create table usrmas
  (username varchar2(10),
  passwd varchar2(20))
  All password from the passwd column will be disclosed when somebody query the table. It is not secure. Right?
  When I tried to use the table dba_users, for example, there are a user scott with password tiger, I am fail to find a record when I type a sql as follows,
  select *
  from dba_users
  where username = 'SCOTT'
  and password = 'TIGER'
  Please advice me how I can authenticate user. Thanks

  If you have a 10g database, it should be installed by default.
  Note, however, that Oracle stores hashed passwords, not encrypted passwords, in the dba_users table. That's more secure since there is no decrypt method for a hashed value. With a hashed value, you can only check whether the user has provided the right password, you can't find out what the right password is.
  Justin
  Distributed Database Consulting, Inc.
  http://www.ddbcinc.com/askDDBC

• Encrypt password with a keyword

  Hello
  I want to store passwords in a data table.
  The passwords must be encrypt with a keyword. The idea is that we need this keyword to decrypt the password.
  So only the users who knows the keyword will be able to decrypt the password stored in the table through a specific transaction.
  Do you know if there are function modules which can make this kind of encryption / decryption ?
  Thank you for your help.

  > Yes, I know these functions but it's not sufficient.
  > We really need to encrypt the passwords with a keyword in order to guarantee the security.
  Thank you for that. These function modules are urban legends caused by their misleading names.
  Last I heard, they will be deleted in a future release.
  > The standard authorisation are not sufficient because anyone who can access to SE37 will be able to decrypt the passwords.
  Well, you can and should protect that in a productive environment... (the ability to display, and execute, the FM - see SAP Note 587410).
  > That's why we want that only the users who knows that keyword will be able to decrypt.
  Then you will need to prompt the user for a password, before the decryption.
  So there are 2 issues:
  Password prompt
  You can create a symbolic user without any access (roles) and manage it's password. Before the decryption, check that the calling user at least knows the password of this user.
  You can do this locally in the same client (see report RDDPWDCHK for coding examples - carefull, it updates the "lock count" for failed password attempts now) or remotly using an RFC connection without saved login data to a different client or system. The latter can be usefull, as the ability to set the password = the ability to decrypt.
  Encryption / Decryption
  You will need to save the algorithm somewhere, or use an existing function which offers the ability to decrypt. Obviously, the latter option can bypass your prompt...
  One way of doing it would be to write your own external RFC server program which does this task, and protect it.
  Another way would be to store the sensitive parts of the code in an encrypted file which can only be accessed from your program context. It would then only be "visible" at runtime. In this case, folks could also access the hidden parts via developer traces or short dumps or debugging.
  Restricting access to the "real" code is the easiest option, and other more complicated approaches generally require restricted access anyway.
  > anyone who can access to SE37 will be able to decrypt the passwords.
  If someone has access to display source code and single-test all function modules, then all security is toasted anyway...
  Cheers,
  Julius

• How to change password with commadmin command?

  I am using JES 2004Q2, Directory shema2.
  HOw to change password for email account ?
  Email account created in identity server with commadmin comand.
  I can't find this information in :
  "Sun Java System Communications Services 6 2004Q2 User Management Utility Administration Guide"

  http://docs.sun.com/source/817-5703/commcli_ref.html#wp1021656
  commadmin doesn't seem to offer a password modify/replace option.
  You can use the Directory Console to replace a password, or ldapmodify, or webmail/comms express.

• How to protect password with pdf file in oracle database

  hiiii,,,,i have a form in 6i where i am sending pdf file(by running report) to the other clients in the network,,now my requirement is that i want to protect a password with this pdf file whenevr i run new report ,,wat should i do..
  plz help
  lovely sethi

  [email protected] wrote:
  hiiii,,,,i have a form in 6i where i am sending pdf file(by running report) to the
  other clients in the network,,now my requirement is that i want to protect a
  password with this pdf file whenevr i run new report ,,wat should i do..Why not just rely on OS security withing the server? If you email it to a
  particular individual, then it's protected as far as you trust that individual
  anyway!
  Those who are in the dba group on the server can get at the data
  in any case.
  I just don't see the point in trying to do what you're asking - unless
  I've missed something?
  BTW, you haven't mentioned OS or db version (see .sig).
  Paul...
  lovely sethi--
  When asking database related questions, please give other posters
  some clues, like OS (with version), version of Oracle being used and DDL.
  Other trivia such as CPU, RAM + Disk configuration might also be useful.
  The exact text and/or number of error messages is useful (!= "it didn't work!"). Thanks.
  Furthermore, as a courtesy to those who spend time analysing and attempting to help,
  please do not top post and do try to trim your replies!

• How to encrypt password in serverstopper class??

  Hi,
  I have configured the weblogic server as windows service and currently using boot identity file for username/pw to startup. To enable graceful shutdown of the server, i am using serverstopper class. But to facilitate changing of pw, i am reading the password from a property file in which the password is stored in plain text format. Is there a way to encrypt the password and configure serverstopper class to use the encrypted password or the serverstopper class can use boot identity file to shutdown? When i tried the serverstopper class without username/pw, i am not able to shutdown the service and getting anonymous user can't shutdown the service. Thanks in advance for your reply.
  Thanks,
  Kuppusamy.V.,

  Hi Kuppuswamy,
  Here is the simple "WLST interpreter script", I didn't have time so tried to keep java code as simple as possible(didn't follow good coding practices :-( ). Before executing this java program you need to generate keys. Below is the procedure for that.
  Assumption :-
  BEA_HOME :- /usr/VASVijay/bea10mp1
  WL_HOME :- BEA_HOME/wlserver_10.0
  1) Go to WL_HOME/server/bin and set the environment by executing "setWLSEnv.sh".
  2) Then execute below command which generate "userconfig" and "userkey" files in the directory you had execute this command
  java weblogic.Admin -adminurl t3://adminserverl:port -username <adminusername> -password <adminpassword> -userconfigfile userconfig -userkeyfile userkey -STOREUSERCONFIG
  This command prompts for "Y" or "N", select "Y", then creates two files "userconfig" and "userkey"
  3) Validate above keys are correct, execute below command
  java weblogic.Admin -adminurl t3://adminserverl:port -userconfigfile userconfig -userkeyfile userkey -GETSTATE
  Above command should display "RUNNING".
  4) Compile below java code and execute. Change the server name(VASMS1) in "shutdown('VASMS1','Server') according to your server name.
  import java.util.*;
  import weblogic.management.scripting.utils.WLSTInterpreter;
  import org.python.util.InteractiveInterpreter;
  public class VASServerShutdown
  static InteractiveInterpreter interpreter = null;
  VASServerShutdown()
  interpreter = new WLSTInterpreter();
  private static void connect()
  StringBuffer buffer = new StringBuffer();
  buffer.append("connect(userConfigFile='/usr/VASVijay/VASDomains/VASNewDomain/userconfig',userKeyFile='/usr/VASVijay/VASDomains/VAS
  NewDomain/userkey',url='t3://localhost:8001') \n");
  buffer.append("print(cmo)");
  interpreter.exec(buffer.toString());
  public static void serverShutdown()
  StringBuffer buffer = new StringBuffer();
  buffer.append("shutdown('VASMS1','Server')");
  interpreter.exec(buffer.toString());
  public static void main(String args[])
  new VASServerShutdown();
  connect();
  serverShutdown();
  Let me know if you have any issues or you require something additional.
  Thanks.
  Vijay Bheemineni.
  Edited by: VAS Vijay Bheemineni on Nov 3, 2009 9:18 PM

• Help with Hash Function in Properties

  Hi, I need to know the algorithm of the Hash Function that is used by Java in its HashMap, Properties, etc... classes.
  Can I get it somewhere or is it private? I need it for documentation purposes.
  Thanks!
  Sigurd

  Hi.
  You can download the source for the entire JDK from the usual download locations, so you can see the details of the implementation there. If you're looking for a higher level description, I don't know where you'd find that, other than a few pages which document general ways to get well distributed hashes; look at http://java.sun.com/developer/Books/effectivejava/Chapter3.pdf for an example of this - a chapter from the mighty Joshua Bloch's 'Effective Java'.
  Regards,
  Lance

• HASH FUNCTION IN JAVA

  i need help!!
  i have to create a program in java in which i want to compare passwords by using hash function.More specifically,the parameters of hash should be like this hash(password,salt).
  which is the library that i have to use and how can i call it in main function?
  thank you!
  plz respond as soon as possible!

  The same way you would call it in any other method :) You should start with the JCE develop guide and go from there. The more reading you can do on cryptography the better. If you understand the concepts, the Java code will become easier to write.
  http://download.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#MDEx

• One way hash function in java

  Simply i want to save a password entered to a java program and save it in a MySQL database
  Here I want to encrypt that password and save it in the database.... I prefer one way hash function encryption because it fulfills my need.
  SHA-1 is the best in java now as I read from a article, is it?
  What I need is that if someone can post a complete code which uses SHA-1 (if it is the best preferred one).
  I've tried some codes published in the web but didn't work
  one code worked very well but when I entered characters like "@#$%%" it failed.
  Thank You!!!

  797241 wrote:
  I've search using your key terms and got a good code that works ("java sha-1 example")
  thanks for that
  I didn't got that when i was searchingHard to believe.
  So suggesting that working link was enough though you've put some other annoying comment tooIt is considered extremely bad mannered just to ask for code. If you have presented code that has problems and ask for help in fixing the problems you will normally get help but just to ask for code implies you are very lazy.
  thanks for that too
  I would rather prefer if you would have written "You are not going to get an answer, get the hell out of here!!!"Now that would have invoked the wrath of the moderators!
  P.S. Just using a SHA-1 digest is insecure as the result is open to a dictionary attack. You should use a randomly seeded digest with both the random value and digest value being stored in the database.

• How to set Password protection in excel using java

  Dear all,
  I have no idea to write a java program that how to set password protection in excel. Please give me some solution using java tools. Thank a lot!
  Regards,
  kzyo

  Dear Bamkin ,
  I used your code and paste it in my program. The error is as the follow:
  Code:
       stmnt = c.createStatement();
                 String query = "select StudentNumber, Email, New_Email_Address from [Sheet1$] where Len(New_Email_Address) > 0";
                 System.out.println(query);
                 rs = stmnt.executeQuery(query);
                 stmnt.executeUpdate("SET PASSWORD=PASSWORD('Test')");
  Error:
  (Remark: Invalid SQL statement)
  java.sql.SQLException: [Microsoft][ODBC Excel Driver] �����I SQL ���q���G�a����'DELETE'�A'INSERT'�A'PROCEDURE'�A'SELECT' �� 'UPDATE' �B
       at sun.jdbc.odbc.JdbcOdbc.createSQLException(JdbcOdbc.java:6958)
       at sun.jdbc.odbc.JdbcOdbc.standardError(JdbcOdbc.java:7115)
       at sun.jdbc.odbc.JdbcOdbc.SQLExecDirect(JdbcOdbc.java:3111)
       at sun.jdbc.odbc.JdbcOdbcStatement.execute(JdbcOdbcStatement.java:338)
       at sun.jdbc.odbc.JdbcOdbcStatement.executeUpdate(JdbcOdbcStatement.java:288)
       at hk.gov.edb.util.ExcelHandle.updateNewEmail(ExcelHandle.java:414)
       at hk.gov.edb.core.AppMain.doUpdate(AppMain.java:369)
       at hk.gov.edb.core.AppMain$7.construct(AppMain.java:584)
       at hk.gov.edb.util.SwingWorker$2.run(SwingWorker.java:127)
       at java.lang.Thread.run(Thread.java:595)

• How can i call a c++ function through java

  Hi,
  dose anyone knows how to call a C++ function in java?
  Thanks.

  see JNI...
  basically declare a native method in your java class, then run javah on the class thus generating a *.h file. Then implement the c/c++ function. Compile the c/c++ part as a shared library, and make sure its accessible from your LD_LIBRARY_PATH env variable.
  Go through the steps in the JNI docs, and things shoulde be fine... hopefully ;)

• How can i play with Network packets in java

  Hi all
  How can i play with packets, traverse them and get the desired information from packets in java...is it possible in java? if its possible then how? and if its not possible then is their any other way out to get them traversed or to play with them in java? if its not possilbe in java then wht else i can do about it?any help would be highly appreciated..Take care All
  Warm regards
  waqas

  Here are 2 diff java libraries (with the same name):
  http://jpcap.sourceforge.net/
  http://netresearch.ics.uci.edu/kfujii/jpcap/doc/
  Not surprisingly, they both need the libpcap libray installed.