DBMS_OBFUSCATION_TOOLKIT
Hello again,It is a all possible ways to use the device of the customer, in the Oracle DBMS_OBFUSCATION_TOOLKIT package?
I thank you,
Kind regards.
Hi Peter,.
It is not possible to use the PLSQL ORacle DB Lite package.
Oracle Lite provides an API in the database to encrypt a particular column, but you can encrypt the full DB olite.
Plug-in, you can customized to the Oracle Lite database encryption module by adding the EXTERNAL_ENCRYPTION_DLL parameter to the POLITE. INI configuration file. Use this option if you do not want to use the default AES encryption for the database client.
You need to implement your cryptographic module in a DLL for the Windows environment or in a shared object (.) SO) for the UNIX environment.
For example, if you created the module of encryption as a DLL called my_enc.dll, which is located in the C:\my_dir directory, then you would add this module as the default encryption module in the POLITE. INI configuration file, as follows:
[All databases]
EXTERNAL_ENCRYPTION_DLL=C:\my_dir\my_enc.dll
For more information, see Section 14.3, "Providing your own encryption Module for the Oracle Lite Database Client".
Kind regards.
Marc
Tags: Database
Similar Questions
-
ASSESS and DBMS_OBFUSCATION_TOOLKIT.md5
Hi all
Looking to encrypt data on the fly in the analysis or the material.
I know that I can use the following code in the database... I was wondering what syntax I need to use within the EVALUATE function.
SELECT DBMS_OBFUSCATION_TOOLKIT.md5 (input = > UTL_RAW.cast_to_raw('a|b|123456')) from DUAL;
My current code looks like this:
Evaluate('DBMS_OBFUSCATION_TOOLKIT.) MD5 (%1)' AS CHAR ' input = > UTL_RAW.cast_to_raw(''a|b|123456'')')
Unfortunately, it returns:
[nQSError: 42015] Cannot function ship the following expression
Appreciate the help
Adam
Sorry for spamming my own thread here guys, but it came down to a syntax problem.
CAST (EVALUATE ('DBMS_OBFUSCATION_TOOLKIT.md5 (entry-online UTL_RAW.cast_to_raw(%1))' AS VARCHAR (200), 'a') AS VARCHAR (200))
^^ Works very well.
-
ADF - decrypt the value of dbms_obfuscation_toolkit.md5
Currently store us a string value in the DB by using dbms_obfuscation_toolkit.md5 (input_string = > '124').
How to decrypt this return value so that I can view in the application of the adf it please?
BTW, md5 is a secure hash algorithm, so you cannot decrypt the value.
Dario
-
Oracle 8.1.6 DBMS_OBFUSCATION_TOOLKIT
Hello
I have this Oracle 8.6.1 and some developers need DBMS_OBFUSCATION_TOOKIT package, but it is not installed on my instance.
I don't know why this is happenning, because on the Oracle documentation, it is written that "Oracle installs this package in the SYS schema.".
I thought about it this catalog.sql or catproc.sql installs this package, but if they did not, why it hapenned and how can I fix this (install the package by using a script)?
Thanks in advance
AlexI don't have your trial version but check the catobtk.sql file and run it. This should install the package.
HTH
Aman...Published by: Aman... September 30, 2008 21:47
Corrected a Word and formatted. -
Is there a function to adjust the length of a string to 8 multiple bytes?
Hello
I have a function to encrypt a password.
FUNCTION encodeit (p_name IN VARCHAR2, p_password IN VARCHAR2) RETURN VARCHAR2 IS l_password VARCHAR2 (4000); l_salt VARCHAR2 (4000) := 'hdjikndbbhitasuihfnnkqyhiplwmneuyndnloidj'; BEGIN l_password := UTL_RAW.cast_to_raw ( DBMS_OBFUSCATION_TOOLKIT.md5 ( input_string => p_password || SUBSTR (l_salt, 10, 13)|| LOWER (p_name)|| SUBSTR (l_salt, 4, 10))); RETURN l_password; END;
I want to decrypt the password to send to users when they forget it. I wrote this function:
FUNCTION decodeit (p_name IN VARCHAR2, p_password in VARCHAR2) RETURN VARCHAR2 IS l_salt VARCHAR2 (4000) := 'hdjikndbbhitasuihfnnkqyhiplwmneuyndnloidj'; BEGIN RETURN DBMS_OBFUSCATION_TOOLKIT.desdecrypt(input_string => p_password || SUBSTR (l_salt, 10, 13)|| LOWER (p_name)|| SUBSTR (l_salt, 4, 10), key_string => l_salt) ; END;
The problem is that the DBMS_OBFUSCATION_TOOLKIT.desdecrypt function needs a multiple of the input string of 8 bytes. And p_name and p_password are not of fixed length. Is there a function to adjust the length of a string to 8 multiple bytes?
Best regards.
They used to work - could be almost ten years (I think version 9 - not tested yet)
As you can see, you can 'encode' the number of characters, padded in order to set the right length of the decrypted string
create or replace FUNCTION ' CRYPTIN "(p_str in varchar2) return varchar2 as". "
l_data VARCHAR2 (255);
function pad_DES (p_string in varchar2) return varchar2 is
-platelets p_string with pad_chr containing the number of characters padded (1 to 8)
-make the string length a multiple of 8 as required by decipher
pad_length pls_integer;
pad_char char: = chr (0);
pad_chars varchar2 (8);
Start
pad_length: = 8 - mod (length (p_string), 8);
pad_chars: = chr (pad_length);
Return concat (p_string, rpad (pad_chars, pad_length, pad_chars));
end;
Start
l_data: = pad_DES (p_str);
dbms_obfuscation_toolkit. Decrypt (input_string-online l_data, key_string => 'MagicKey' encrypted_string-online l_data);
return UTL_RAW. CAST_TO_RAW (l_data);
end;
create or replace FUNCTION ' CRYPTOUT "(p_str in varchar2) return varchar2 as". "
l_data VARCHAR2 (255);
function unpad_DES (p_string in varchar2) return varchar2 is
-Removes from p_string upholstered characters (1 to 8)
pad_length pls_integer;
Start
pad_length: = length (p_string);
pad_length: = pad_length - ascii (substr(p_string,pad_length,1));
Return substr(p_string,1,pad_length);
end;
Start
l_data: = p_str;
dbms_obfuscation_toolkit. DESDecrypt (input_string-online l_data, key_string => 'MagicKey', decrypted_string-online l_data);
Return unpad_DES (l_data);
end;
Concerning
Etbin
-
Oracle PL/SQL Obfuscation replicate 3DES with java
I have an existing oracle functions that use the function DES3Encrypt and DES3Decrypt.
I need to write the equivalent of java version to replace the oracle those compatibiliy with encryption legacy system maintenance.
What are the functions of oracle:
FUNCTION encr(input_string IN VARCHAR2, key_string IN VARCHAR2)
RETURN VARCHAR2 IS
encrypted_string := NULL;
len := lengthb(input_string);
--String must be a multiple of 8-byte length.
rest := len MOD 8;
IF rest > 0 THEN
decrypted_string := rpad(input_string, len + 8 - rest, ' ');
ELSE
decrypted_string := input_string;
END IF;
dbms_obfuscation_toolkit.DES3Encrypt(input_string => decrypted_string,
key_string => key_string,
encrypted_string => encrypted_string);
/* HEX notation to avoid UNICODE chars */
SELECT RAWTOHEX(encrypted_string) INTO encrypted_string FROM DUAL;
RETURN encrypted_string;
END;
//DECRYPTION
FUNCTION decr(input_string IN VARCHAR2, key_string IN VARCHAR2)
RETURN VARCHAR2 IS
decrypted_string := NULL;
encrypted_string := input_string;
/* HEX to ASCII */
SELECT utl_raw.cast_to_varchar2(encrypted_string)
INTO encrypted_string
FROM DUAL;
dbms_obfuscation_toolkit.DES3Decrypt(input_string => encrypted_string,
key_string => key_string,
decrypted_string => decrypted_string);
RETURN rtrim(decrypted_string);
END;Given the Decrypt function, for example, I wrote this java code:
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
public class DesHelper {
private Cipher _dcipher;
public DesHelper() {
try {
byte[] tdesKey = new byte[24];
System.arraycopy("2557133392096270".getBytes(StandardCharsets.US_ASCII), 0, tdesKey, 0, 16);
System.arraycopy("2557133392096270".getBytes(StandardCharsets.US_ASCII), 0, tdesKey, 16, 8);
final SecretKey key = new SecretKeySpec(tdesKey, "DESede");
_dcipher = Cipher.getInstance("DESede/CBC/NoPadding");
final IvParameterSpec iv = new IvParameterSpec(new byte[8]);
_dcipher.init(Cipher.DECRYPT_MODE, key,iv);
} catch (final Exception e) {
throw new RuntimeException(e);
}
}
public String decrypt(final String str) {
try {final byte[] dec1 = hexToBytes(str);
final byte[] decryptedBytes = _dcipher.doFinal(dec1);
return new String(decryptedBytes, StandardCharacters.US_ASCII);
} catch (final Exception e) {
System.out.println("decrypting string failed: " + str + " (" + e.getMessage() + ")");
return null;
}
}
private static byte[] hexToBytes(final String hex) {
final byte[] bytes = new byte[hex.length() / 2];
for (int i = 0; i < bytes.length; i++) {
bytes[i] = (byte) Integer.parseInt(hex.substring(i * 2, i * 2 + 2), 16);
}
return bytes;
}}
It's the main:
Public class MainClass {}
Public Shared Sub main (final String [] args) {}
String txtToBeDecrypted = "DA67C73756184F20ED92DF1614CB85ED";
final DesHelper h = new DesHelper();
String xc = h.decrypt (txtToBeDecrypted);
System.out.printls (XC);
}
}
But the printed result is still a mess of characters like these:
lZ5 ????rd
where only "rd" is correct (being the last part of the decrypted Word).
the correct decrypted word should be 'MonMotpasse '.
If the password is transformed into mypasswordmypass (encrypted: 5543417F4834268A2799D9289D864BFB)... I get: lZ5? rdmypass-> it seems that the first 64 bits are always false.
What is the problem in my code? is it just a matter of encoding?
Message modificato da 3136775 added new snippet for completeness
I found that the tip is in the vector of inialization IV...
I wrote an algorithm to capture the right bytes value and it worked... it seems not oracle uses to manipulate the first 8 bytes.
-
Integrate R12.1.3 EBS with APEX 4.2.6
Hello
I was following the remark, but I could not succeed with this.
When I click on the function Menu it's redirecting to: SUMMIT like this login page
http://XXXXX.xxx.xxx:8080/ADR/f? p = 106:LOGIN_DESKTOP:10653362885847
What I did is:
(1) update LaunchApex.jsp it comes to success
(2) created a blank page in the APEX.
(3) created a package ebs_authenticate and APPS. XXAPX_SECURITY_PKG package as
CREATE OR REPLACE FUNCTION ebs_authenticate (p_username IN VARCHAR2 )
p_password IN VARCHAR2 )
RETURN BOOLEAN AS
BEGIN
IF APPS. XXAPX_SECURITY_PKG.validate_hash (p_username, p_password) THEN
RETURN TRUE ;
END IF ;
RETURN (APPS. FND_WEB_SEC.validate_login(p_username,_p_password) = 'Y');
END ebs_authenticate;
/
CREATE OR REPLACE PACKAGE BODY XXAPX_SECURITY_PKG AS
g_key VARCHAR2 (100);
FUNCTION generate_hash (p_string IN VARCHAR2,
p_offset IN DEFAULT NUMBER 0) EAST of RETURN VARCHAR2
BEGIN
IF IS NULL THEN p_string
RETURNS A NULL VALUE.
END IF;
RETURN RAWTOHEX (UTL_RAW.cast_to_raw (DBMS_OBFUSCATION_TOOLKIT. MD5 (input_string = > p_string |) ':' ||
TO_CHAR (SYSDATE-
(p_offset / 24 * 60 * 60);
"HH24MISS YYYYMMDD') |
g_key)));
END generate_hash;
FUNCTION validate_hash (p_string IN VARCHAR2,
P_hash IN VARCHAR2,
p_delay to the NUMBER DEFAULT 5) RETURN BOOLEAN IS
BEGIN
FOR i FROM 0... p_delay LOOP
IF p_hash = generate_hash (p_string, i) THEN
RETURN TRUE;
END IF;
END LOOP;
RETURN FALSE;
END validate_hash;
BEGIN
SELECT encrypted_user_password
IN g_key
FROM APPS. FND_USER
WHERE user_name = 'SYSADMIN ';
END XXAPX_SECURITY_PKG;
/
create or replace procedure ebs_getsession1 (p_username out nocopy varchar2)
as
Start
APPS.wfa_sec.getsession (p_username);
end ebs_getsession1;
(4) created in the APEX authentication:
(5) created get Username Cookie
BEGIN
APPS.ebs_getsession1(:P101_USERNAME);
: P101_PASSWORD: =.
APPS. XXAPX_SECURITY_PKG.generate_hash
(APPS. FND_GLOBAL.user_name);
IF: P101_PASSWORD IS NOT NULL THEN
(APEX_CUSTOM_AUTH). Login
P_UNAME = >: P101_USERNAME,.
P_PASSWORD = >: P101_PASSWORD,.
P_SESSION_ID = > v ('APP_SESSION').
P_APP_PAGE = >: APP_ID | » : 1'
);
END IF;
EXCEPTION: WHEN OTHER THEN NULL;
END;
EBS links:
++++++++++++
Call of HTML:
- LaunchApex.jsp? app = 106 & page = 1
Hello
Its solved thank you
Make SURE APEX AREA and EBS should be to even:
ex:
http://xxx.yyyy.com:8000 / OA_HTML
http://zzz.yyyy.com:8080 / ADR
Thank you and regards
Françoise
Teyseer.
-
Hi all
11.2.0.3.11
AIX6
This point of view v$ can I select all the information on our database of Audit policy setting? This shows the type of actions, events and information that is captured?
Thank you
MK
Thank you Vlad,
So note that Oracle does not recommend, usually, to revoke the privileges of the audience granted by default to the parcel (the functionality may be affected), but warns on privileges such as (a stupid example: GRANT SELECT ANY TABLE to PUBLIC) because this will affect the security.
Then there are stupid privileges being revoked in the document above, in part as follows:
(one of this broke our prod database?)
REVOKE EXECUTE ON DBMS_ADVISOR TO PUBLIC;
REVOKE EXECUTE ON THE PUBLIC DBMS_CRYPTO;
REVOKE EXECUTE ON DBMS_JAVA TO PUBLIC;
REVOKE EXECUTE ON DBMS_JAVA_TEST TO PUBLIC;
REVOKE EXECUTE ON THE PUBLIC DBMS_JOB;
REVOKE EXECUTE ON THE PUBLIC DBMS_LDAP;
REVOKE EXECUTE ON THE PUBLIC DBMS_LOB.
REVOKE EXECUTE ON THE PUBLIC DBMS_OBFUSCATION_TOOLKIT;
REVOKE EXECUTE ON DBMS_BACKUP_RESTORE TO PUBLIC;
REVOKE EXECUTE ON THE PUBLIC DBMS_SCHEDULER;
REVOKE EXECUTE ON THE PUBLIC DBMS_SQL.
REVOKE EXECUTE ON THE PUBLIC DBMS_XMLGEN;
REVOKE EXECUTE ON DBMS_XMLQUERY TO THE PUBLIC;
REVOKE EXECUTE ON UTL_FILE TO THE PUBLIC;
REVOKE EXECUTE ON UTL_INADDR TO PUBLIC;
REVOKE EXECUTE ON THE PUBLIC UTL_TCP;
REVOKE EXECUTE ON UTL_MAIL TO PUBLIC;
REVOKE EXECUTE ON THE PUBLIC UTL_SMTP.
REVOKE EXECUTE ON UTL_DBWS TO PUBLIC;
REVOKE EXECUTE ON UTL_ORAMTS TO PUBLIC;
REVOKE EXECUTE ON THE PUBLIC UTL_HTTP.
REVOKE EXECUTE ON THE PUBLIC HTTPURITYPE.
REVOKE EXECUTE ON DBMS_SYS_SQL TO THE PUBLIC;
REVOKE EXECUTE ON DBMS_BACKUP_RESTORE TO PUBLIC;
REVOKE EXECUTE ON DBMS_AQADM_SYSCALLS TO PUBLIC;
Revoke execute on DBMS_REPACT_SQL_UTL to PUBLIC;
Revoke execute on INITJVMAUX to PUBLIC;
Revoke execute on DBMS_STREAMS_ADM_UTL to PUBLIC;
Revoke execute on DBMS_AQADM_SYS to PUBLIC;
Revoke execute on DBMS_STREAMS_RPC to PUBLIC;
Revoke execute on DBMS_AQADM_SYS to PUBLIC;
Revoke execute on the PUBLIC DBMS_PRVTAQIM;
Revoke execute on the PUBLIC LTADM.
Revoke execute on WWV_DBMS_SQL to PUBLIC;
Revoke execute on WWV_EXECUTE_IMMEDIATE to PUBLIC;
Revoke execute on DBMS_IJOB to PUBLIC;
Revoke execute on DBMS_FILE_TRANSFER to PUBLIC;
revoke EXECUTE them ALL the PROCEDURE of OUTLN;
revoke EXECUTE them ENTIRE DBSNMP PROCESS;
Thank you
-
"The current version of the database has changed since... "Error
Now I downloaded my application at the APEX. ORACLE.COM and my workspace is PSGCA and I have problems with the page 310 - details of the Bill. How can I get the APEX. ORACLE.COM gurus to look over the page? I'm having a problem with the part detail of this master-detail page. Specifically, if I add data or update data to the captain only section, no problem. This is when I need to update the data on the detail starting with my problems section! If I add to the start of the line, no problem. If I add information to a field null, no problem. The problem arises when I want to change the HOURS/DAYS and COSTS. He will take the initial value, but if I want to change then I get the error "database version has changed since... »
No indication of this error would be greatly appreciated!
Do you guys need for me to add table definitions and sample data. In the past, I was told that it was not necessary; everything you had needed was the page.
Is this correct?
Can I add data and table definitions?
For some reason that I could reduce it to the format mask on the expenditures column, which has been
999G999G999G999G990D00PR
When I changed it to
999G999G999G999G990D00
everything magically started working.
For people wondering about the PR:
PR
9999PR
Returns negative value in
. Returns the positive value with a beginning and end empty.
Restriction: The PR format item can only appear in the last position of a model number format.
Documents: http://docs.oracle.com/cd/B19306_01/server.102/b14200/sql_elements004.htm
I'm not sure why this particular mask causes. Because checksums are generated, I ran this sql to take a guess:
select DBMS_OBFUSCATION_TOOLKIT.md5 (input => UTL_RAW.cast_to_raw(exp1)) md5_val1, DBMS_OBFUSCATION_TOOLKIT.md5 (input => UTL_RAW.cast_to_raw(exp2)) md5_val2, DBMS_OBFUSCATION_TOOLKIT.md5 (input => UTL_RAW.cast_to_raw('1.00')) md5_val1_1, DBMS_OBFUSCATION_TOOLKIT.md5 (input => UTL_RAW.cast_to_raw('1.00')) md5_val2_2 from ( select expenses exp1, to_char(expenses,'999G999G999G990D00PR') exp2 from invoice_details ) a
which produces this output.
MD5_VAL1 MD5_VAL2 MD5_VAL1_1 MD5_VAL2_2 C4CA4238A0B923820DCC509A6F75849B 4DF59D42C9EE6119AEB2ADC95E7B7CF6 41CF2677CC4EC9356DAD8E76DFB87448 41CF2677CC4EC9356DAD8E76DFB87448 Still not sure, but maybe it's to do with how and when checksums are generated?
A space of drawing here - as you can see there is no guru, ace or oracle badge under my name, so I'm sure
I've made changes on page 310, make backup to 24 but probably is not serious because your application is local. Probably no danger of change your credentials and/or remove your application.
impressive effort on the example. This helps us better help you!
-
Issue in custom authentication
Hi all
I created a new custom authentication. The name of the function specified in the authentication scheme. My code seems to work very well (Boolean condition works) but authentication fails. Here's the package. Is there any other condition, I need the installation when you create to authenticate.
can someone please suggest.
Thank youcreate or replace package body app_login is Function get_hash(p_input IN varchar2) return varchar2 is begin RETURN UPPER(DBMS_OBFUSCATION_TOOLKIT.MD5 ( INPUT => UTL_I18N.STRING_TO_RAW(P_INPUT))); -- return p_input; end get_hash; FUNCTION valid_user(p_username IN VARCHAR2 ,p_password IN VARCHAR2) return boolean is v_hash varchar2(200); V_RESULT number; v_pwd DEMO1_USER.PASSWORD%type; begin v_hash:=app_login.get_hash(P_USERNAME || P_PASSWORD); SELECT COUNT(*) INTO V_RESULT FROM DEMO1_USER WHERE UPPER(USERNAME) = UPPER(P_USERNAME) AND UPPER(PASSWORD) = UPPER(V_HASH); IF V_RESULT > 0 THEN RETURN TRUE; ELSE RETURN FALSE; END IF; end valid_user; Procedure add_user(p_username IN VARCHAR2 ,p_password IN VARCHAR2) is v_pwd_hash varchar2(200); begin v_pwd_hash:=app_login.get_hash(P_USERNAME || P_PASSWORD); insert into demo1_user values(APP_USER_SEQ.nextval,p_username,v_pwd_hash); commit; end add_user; end app_login;
REDARenon wrote:
Hi Hari,Thank you very much for your time this issue. His works now.
But the add_user function and the valid_user calls the function get_hash even without stem previously so why validation fails? Is required to be capitalized?Concerning
REDAUser name will always be in uppercase letters, regardless of how the user entered in the login screen. So in fact, UPPER (P_USERNAME) based on authentication valid_user is not necessary. However I have just kept it so that it returns the correct value when you run it go back. (for the objective test) etc.
Value of variable binding that app_user will always be as HIGH of breakage.
Kind regards
Hari -
Got a new view complex using a dbms_obfuscation_toolkit.md5 function in the where clause: SELECT invalid token '=' Statement.Unexpected
The generated DDL works very well and is running in the database. Data Modeler just don't like him. R3.3EA1
The view:
CREATE OR REPLACE VIEW V_ADD_H_INSR_CO AS
SELECT I.CITY,
I.NAME,
I.STATE,
I.ADDRESS1,
I.ADDRESS2,
I.ZIPCODE,
PROCESS_DATES. LOAD_DTS,
'G2' AS REC_SRC
OF G2EDW. INSURANCE_STG I,.
PROCESS_DATES
WHERE THERE IS NO
(SELECT 1
OF H_INSR_CO H
WHERE dbms_obfuscation_toolkit.md5 (input_string = >)
I.CITY | ':'||
I.NAME | ':'||
I.STATE | ':'||
I.ADDRESS1 | ':'||
I.ADDRESS2 | ':'||
I.ZIPCODE | ':'
) = dbms_obfuscation_toolkit.md5 (input_string = >)
H.INSR_CO_CITY | ':'||
H.INSR_CO_NM | ':'||
H.INSR_CO_ST | ':'||
H.INSR_CO_STREET_ADDR_1 | ':'||
H.INSR_CO_STREET_ADDR_2 | ':'||
H.INSR_CO_ZIP_CD | ':'
)
)
I.CITY GROUP,
I.NAME,
I.STATE,
I.ADDRESS1,
I.ADDRESS2,
I.ZIPCODE,
PROCESS_DATES. LOAD_DTS,
"G2";Hello Kent,
I logged a bug for this.
Why are you still using DM 3.3 EA1? Is there something holding you back?Philippe
-
Display Messages customized login Page
I use a custom with APEX 4.1.1 authentication and I want to display error messages that are customized on the login page if authentication fails. In my authentication function, I use apex_util.set_authenication_result to set a result code (code below). I tried to use the apex_util.get_authenication_result on the login page to hide and display custom messages, but it does not work. I don't think that the apex_util.get_authenication_result is in fact to get the result? I'm doing something wrong? Is there a better way?
Thank youFUNCTION verify_user( p_username VARCHAR2, p_password VARCHAR2 ) RETURN BOOLEAN IS v_ctr NUMBER; v_id NUMBER; v_attempts NUMBER; BEGIN SELECT COUNT(1) INTO v_ctr FROM users_tbl WHERE username = TRIM(UPPER(p_username)) AND password = utl_raw.cast_to_raw(dbms_obfuscation_toolkit.md5(input_string => p_password || TRIM(UPPER(p_username)))); IF v_ctr = 1 THEN SELECT user_id INTO v_id FROM users_tbl WHERE username = TRIM(UPPER(p_username)); UPDATE users_tbl SET login_attempts = 0 WHERE user_id = v_id; APEX_UTIL.SET_AUTHENTICATION_RESULT(0); RETURN TRUE; ELSE SELECT COUNT(1) INTO v_ctr FROM users_tbl WHERE username = TRIM(UPPER(p_username)); IF v_ctr = 1 THEN SELECT user_id INTO v_id FROM users_tbl WHERE username = TRIM(UPPER(p_username)); SELECT login_attempts INTO v_attempts FROM users_tbl WHERE user_id = v_id; IF v_attempts > 5 THEN APEX_UTIL.SET_AUTHENTICATION_RESULT(2); RETURN FALSE; ELSE UPDATE users_tbl SET login_attempts = login_attempts + 1 WHERE user_id = v_id; END IF; END IF; APEX_UTIL.SET_AUTHENTICATION_RESULT(1); RETURN FALSE; END IF; END verify_user;
MarkHello
Thank you.
In your example, it's that you have used the page element.
In this solution, you must use the application to store the custom login message.
I have fix your example. Please checkKind regards
Jari
-----
My Blog: http://dbswh.webhop.net/htmldb/f?p=BLOG:HOME:0
Twitter: http://www.twitter.com/jariolai -
dbms_sqlhash and online md5 calculator return different results
Does anyone know how dbms_sqlhash.gethash () works?
I get the same result for string 123456.
Md5 (http://md5-hash-online.waraxe.us/) online calculator returns e10adc3949ba59abbe56e057f20f883e.
DBMS_SQLHASH. GETHASH() returns 7E8FEB2276322ECDDD4423B649DFD4D9.
--the second parameter value 2 means MD5 hash. select DBMS_SQLHASH.GETHASH('select 123456 from dual',2) from dual;
Hello
>
I get the same result for string 123456.
Md5 (http://md5-hash-online.waraxe.us/) online calculator returns e10adc3949ba59abbe56e057f20f883e.
DBMS_SQLHASH. GETHASH() returns 7E8FEB2276322ECDDD4423B649DFD4D9.--the second parameter value 2 means MD5 hash. select DBMS_SQLHASH.GETHASH('select 123456 from dual',2) from dual;
DBMS_SQLHASH. GETHASH returns the hash of the SQL statement in the first parameter Select 123456 of double, not 123456
To get the MD5 hash of the 123456 you should use DBMS_OBFUSCATION_TOOLKIT or DBMS_CRYPTO packages. The latest is preferable and more recent.
Kind regards
-
How to compare the current password encrypted pasword enter APEX4.1
Hi all
In my application uses the following package
Here the ADD_USER procedure will convert the password and stores in the Table app_users in encrypted form.create or replace PACKAGE BODY app_security_pkg AS PROCEDURE login ( p_uname IN VARCHAR2 ,p_password IN VARCHAR2 ,p_session_id IN VARCHAR2 ,p_flow_page IN VARCHAR2 ) IS lv_goto_page NUMBER DEFAULT 1; BEGIN -- This logic is a demonstration of how to redirect -- to different pages depending on who successfully -- authenticates. In my example, it simply demonstrates -- the ADMIN user going to page 1 and all other users going -- to page 2. Add you own logic here to detrmin which page -- a user should be directed to post authentication. IF UPPER(p_uname) = 'ADMIN' THEN lv_goto_page := 1; ELSE lv_goto_page := 2; END IF; APEX_UTIL.SET_SESSION_STATE('FSP_AFTER_LOGIN_URL'); wwv_flow_custom_auth_std.login ( p_uname => p_uname, p_password => p_password, p_session_id => p_session_id, p_flow_page => p_flow_page || ':' || lv_goto_page ); EXCEPTION WHEN OTHERS THEN RAISE; END login; PROCEDURE add_user ( p_username IN VARCHAR2 ,p_password IN VARCHAR2 ) AS BEGIN INSERT INTO app_users (username, PASSWORD) VALUES (UPPER (p_username), get_hash (TRIM (p_username), p_password)); COMMIT; EXCEPTION WHEN OTHERS THEN ROLLBACK; RAISE; END add_user; -- Function to Perform a oneway hash of the users -- passwords. This cannot be reversed. This exmaple -- is a very week hash and if been used on a production -- system, you may want to use a stronger hash algorithm. -- Read the Documentation for more info on DBMS_CRYPTO as -- this is the supported package from Oracle and -- DBMS_OBFUSCATION_TOOLKIT is now depricated. FUNCTION get_hash (p_username IN VARCHAR2, p_password IN VARCHAR2) RETURN VARCHAR2 AS BEGIN RETURN DBMS_OBFUSCATION_TOOLKIT.md5 ( input_string => UPPER (p_username) || '/' || UPPER (p_password)); END get_hash; PROCEDURE valid_user2 (p_username IN VARCHAR2, p_password IN VARCHAR2) AS v_dummy VARCHAR2 (1); BEGIN SELECT '1' INTO v_dummy FROM app_users WHERE UPPER (username) = UPPER (p_username) AND PASSWORD = get_hash (p_username, p_password); EXCEPTION WHEN NO_DATA_FOUND THEN raise_application_error (-20000, 'Invalid username / password.'); END valid_user2; FUNCTION valid_user (p_username IN VARCHAR2, p_password IN VARCHAR2) RETURN BOOLEAN AS BEGIN valid_user2 (UPPER (p_username), p_password); RETURN TRUE; EXCEPTION WHEN OTHERS THEN RETURN FALSE; END valid_user; END app_security_pkg;
In my application, users can change their password,
So I need to compare the password entering the Current_password field with the password encrypted in the app_users table.
So I used the following code,
This code works fine when the password is stored without encryption, but it displays error, after encryptiondeclare l_x varchar2(30); begin select username into l_x from app_users where upper(username) = upper(:P7_USERNAME) and password = :P7_CURRENT_PASSWORD; return (true); exception when no_data_found then return (false); end;
because the password entered is simply password and not encrypted if the two are different even if the user enters the correct password.
Please tel me how encrypt the entered password to compare with the encrypted password.
Thank you
Kind regards
gurujothi.Hi guru,.
When you say comparing it is obvious that both must be in the same format, so either you have to compare both encrypted or not encrypted.
Do you have an example on apex.oracle.com?
Thank you
-
Excution of function in the problem of the adf?
My problem description:ADF: Add this JSF error message: the number of parameter names does not match that of the registered
am code public String checkthis(String p_us, String p_pwd) { CallableStatement cs=null; try{ cs=getDBTransaction().createCallableStatement("begin ? := FUNC_GET_SH(?,?); end;",0); cs.registerOutParameter(1, Types.VARCHAR); cs.setInt(p_us, 2); cs.setInt(p_pwd,3 ); cs.executeUpdate(); return cs.getString(1); }catch(SQLException e){ throw new JboException(e); } }
above method am exposed as a button in the user interface. while hitting the error recoveryora db 10g code CREATE OR REPLACE FUNCTION "FUNC_GT_SH"("P_USERNAME" IN VARCHAR2, "P_PASSWORD" IN VARCHAR2) RETURN VARCHAR2 IS BEGIN RETURN DBMS_OBFUSCATION_TOOLKIT.MD5( input_string => UPPER(p_username) || '/' || UPPER(p_password)); END; /
jdev11.1.1.5.0 - BC.<Utils> <buildFacesMessage> ADF: Adding the following JSF error message: The number of parameter names does not match the number of registered praremeters java.sql.SQLException: The number of parameter names does not match the number of registered praremeters at oracle.jdbc.driver.OracleSql.setNamedParameters(OracleSql.java:216) at oracle.jdbc.driver.OracleCallableStatement.executeUpdate(OracleCallableStatement.java:9319) at oracle.jdbc.driver.OraclePreparedStatementWrapper.executeUpdate(OraclePreparedStatementWrapper.java:1508) at com.rits.suplr.model.servicesAM.SupplierAMImpl.checkLogin(SupplierAMImpl.java:1294) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at oracle.adf.model.binding.DCInvokeMethod.invokeMethod(DCInvokeMethod.java:648) at oracle.adf.model.binding.DCDataControl.invokeMethod(DCDataControl.java:2142) at oracle.adf.model.bc4j.DCJboDataControl.invokeMethod(DCJboDataControl.java:3063) at oracle.adf.model.binding.DCInvokeMethod.callMethod(DCInvokeMethod.java:261) at oracle.jbo.uicli.binding.JUCtrlActionBinding.doIt(JUCtrlActionBinding.java:1635) at oracle.adf.model.binding.DCDataControl.invokeOperation(DCDataControl.java:2149) at oracle.jbo.uicli.binding.JUCtrlActionBinding.invoke(JUCtrlActionBinding.java:740) at oracle.adf.controller.v2.lifecycle.PageLifecycleImpl.executeEvent(PageLifecycleImpl.java:402) at oracle.adfinternal.view.faces.model.binding.FacesCtrlActionBinding._execute(FacesCtrlActionBinding.java:252) at oracle.adfinternal.view.faces.model.binding.FacesCtrlActionBinding.execute(FacesCtrlActionBinding.java:210) at com.rits.suplr.view.backing.login.OnDialogAction(login.java:59) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.sun.el.parser.AstValue.invoke(Unknown Source) at com.sun.el.MethodExpressionImpl.invoke(Unknown Source) at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodExpression(UIXComponentBase.java:1300) at oracle.adf.view.rich.component.UIXDialog.broadcast(UIXDialog.java:97) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:102) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:96) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.broadcastEvents(LifecycleImpl.java:902) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:313) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:186) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446) at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177) at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:175) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111) at java.security.AccessController.doPrivileged(Native Method) at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313) at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413) at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94) at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161) at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209) at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
How can solve this problem.Nothing to do with the ADF, but with proper use of JDBC
public String checkthis(String p_us, String p_pwd) { CallableStatement cs=null; try{ cs=getDBTransaction().createCallableStatement("begin ? := FUNC_GET_SH(?,?); end;",0); cs.registerOutParameter(1, Types.VARCHAR); cs.setString(2, p_us); cs.setString(3, p_pwd); cs.executeUpdate(); return cs.getString(1); }catch(SQLException e){ throw new JboException(e); } }
Maybe you are looking for
-
Recommended update driver wireless router
After we connected a new router, the Assistant HP invited to "update driver broadcom 802.11n wireless LAN". I clicked download and to during the installation process has received the message, like him best as I can remember, "wireless would be disco
-
Links not working not not in Safari and Mail.
Since I've updated my iPhone 6 more (128 GB) iOS 9.3, an annoying problem has come to life in Safari and Mail. In Safari, I can do a search or add a site URL Web through the top bar, but then I can't navigate more because one of the links is clickabl
-
Problems with Server 2008 R2 Kerberos with Mac and CentOS machines? Need to re - join domain
We are having a problem with our Mac and Linux / CentOS machines constantly having to be re-attached to our AD domain.We are able to join machines to the domain successfully, but after a few weeks or if authentication is broken and we again join them
-
Windows Vista - could not start 0xc00000f
I have the Dell Studio laptop. Windows could not start. A recent hardware or software change might be the cause. To solve the problem: 1. Insert your windows installation disc and restart your computer.2. choose your language settings, and then click
-
Hello I want to install the license in Cisco series IPS 4215. Please can anyone provide any reference document