DBMS_OBFUSCATION_TOOLKIT

Hello again,

It is a all possible ways to use the device of the customer, in the Oracle DBMS_OBFUSCATION_TOOLKIT package?

I thank you,

Kind regards.

Hi Peter,.

It is not possible to use the PLSQL ORacle DB Lite package.

Oracle Lite provides an API in the database to encrypt a particular column, but you can encrypt the full DB olite.

Plug-in, you can customized to the Oracle Lite database encryption module by adding the EXTERNAL_ENCRYPTION_DLL parameter to the POLITE. INI configuration file. Use this option if you do not want to use the default AES encryption for the database client.

You need to implement your cryptographic module in a DLL for the Windows environment or in a shared object (.) SO) for the UNIX environment.

For example, if you created the module of encryption as a DLL called my_enc.dll, which is located in the C:\my_dir directory, then you would add this module as the default encryption module in the POLITE. INI configuration file, as follows:

[All databases]
EXTERNAL_ENCRYPTION_DLL=C:\my_dir\my_enc.dll

For more information, see Section 14.3, "Providing your own encryption Module for the Oracle Lite Database Client".

Kind regards.
Marc

Tags: Database

Similar Questions

  • ASSESS and DBMS_OBFUSCATION_TOOLKIT.md5

    Hi all

    Looking to encrypt data on the fly in the analysis or the material.

    I know that I can use the following code in the database... I was wondering what syntax I need to use within the EVALUATE function.

    SELECT DBMS_OBFUSCATION_TOOLKIT.md5 (input = > UTL_RAW.cast_to_raw('a|b|123456')) from DUAL;

    My current code looks like this:

    Evaluate('DBMS_OBFUSCATION_TOOLKIT.) MD5 (%1)' AS CHAR ' input = > UTL_RAW.cast_to_raw(''a|b|123456'')')

    Unfortunately, it returns:

    [nQSError: 42015] Cannot function ship the following expression

    Appreciate the help

    Adam

    Sorry for spamming my own thread here guys, but it came down to a syntax problem.

    CAST (EVALUATE ('DBMS_OBFUSCATION_TOOLKIT.md5 (entry-online UTL_RAW.cast_to_raw(%1))' AS VARCHAR (200), 'a') AS VARCHAR (200))

    ^^ Works very well.

  • ADF - decrypt the value of dbms_obfuscation_toolkit.md5

    Currently store us a string value in the DB by using dbms_obfuscation_toolkit.md5 (input_string = > '124').

    How to decrypt this return value so that I can view in the application of the adf it please?

    BTW, md5 is a secure hash algorithm, so you cannot decrypt the value.

    Dario

  • Oracle 8.1.6 DBMS_OBFUSCATION_TOOLKIT

    Hello

    I have this Oracle 8.6.1 and some developers need DBMS_OBFUSCATION_TOOKIT package, but it is not installed on my instance.

    I don't know why this is happenning, because on the Oracle documentation, it is written that "Oracle installs this package in the SYS schema.".

    I thought about it this catalog.sql or catproc.sql installs this package, but if they did not, why it hapenned and how can I fix this (install the package by using a script)?

    Thanks in advance

    Alex

    I don't have your trial version but check the catobtk.sql file and run it. This should install the package.
    HTH
    Aman...

    Published by: Aman... September 30, 2008 21:47
    Corrected a Word and formatted.

  • Is there a function to adjust the length of a string to 8 multiple bytes?

    Hello

    I have a function to encrypt a password.

    FUNCTION encodeit (p_name IN VARCHAR2, p_password IN VARCHAR2) RETURN VARCHAR2
   IS
      l_password   VARCHAR2 (4000);
      l_salt       VARCHAR2 (4000) := 'hdjikndbbhitasuihfnnkqyhiplwmneuyndnloidj';
   BEGIN
      l_password :=
         UTL_RAW.cast_to_raw (
            DBMS_OBFUSCATION_TOOLKIT.md5 (
               input_string => p_password ||
                               SUBSTR (l_salt, 10, 13)||
                               LOWER (p_name)||
                               SUBSTR (l_salt, 4, 10)));
      RETURN l_password;
   END;

    I want to decrypt the password to send to users when they forget it.  I wrote this function:

    FUNCTION decodeit (p_name IN VARCHAR2, p_password in VARCHAR2) RETURN VARCHAR2 IS
    l_salt       VARCHAR2 (4000) := 'hdjikndbbhitasuihfnnkqyhiplwmneuyndnloidj';
    BEGIN
      RETURN DBMS_OBFUSCATION_TOOLKIT.desdecrypt(input_string =>  p_password ||
                                                                  SUBSTR (l_salt, 10, 13)||
                                                                  LOWER (p_name)||
                                                                  SUBSTR (l_salt, 4, 10),
                                                 key_string   => l_salt) ;
    END;

    The problem is that the DBMS_OBFUSCATION_TOOLKIT.desdecrypt function needs a multiple of the input string of 8 bytes. And p_name and p_password are not of fixed length. Is there a function to adjust the length of a string to 8 multiple bytes?

    Best regards.

    They used to work - could be almost ten years (I think version 9 - not tested yet)

    As you can see, you can 'encode' the number of characters, padded in order to set the right length of the decrypted string


    create or replace FUNCTION ' CRYPTIN "(p_str in varchar2) return varchar2 as". "

    l_data VARCHAR2 (255);

    function pad_DES (p_string in varchar2) return varchar2 is

    -platelets p_string with pad_chr containing the number of characters padded (1 to 8)

    -make the string length a multiple of 8 as required by decipher

    pad_length pls_integer;

    pad_char char: = chr (0);

    pad_chars varchar2 (8);

    Start

    pad_length: = 8 - mod (length (p_string), 8);

    pad_chars: = chr (pad_length);

    Return concat (p_string, rpad (pad_chars, pad_length, pad_chars));

    end;

    Start

    l_data: = pad_DES (p_str);

    dbms_obfuscation_toolkit. Decrypt (input_string-online l_data, key_string => 'MagicKey' encrypted_string-online l_data);

    return UTL_RAW. CAST_TO_RAW (l_data);

    end;

    create or replace FUNCTION ' CRYPTOUT "(p_str in varchar2) return varchar2 as". "

    l_data VARCHAR2 (255);

    function unpad_DES (p_string in varchar2) return varchar2 is

    -Removes from p_string upholstered characters (1 to 8)

    pad_length pls_integer;

    Start

    pad_length: = length (p_string);

    pad_length: = pad_length - ascii (substr(p_string,pad_length,1));

    Return substr(p_string,1,pad_length);

    end;

    Start

    l_data: = p_str;

    dbms_obfuscation_toolkit. DESDecrypt (input_string-online l_data, key_string => 'MagicKey', decrypted_string-online l_data);

    Return unpad_DES (l_data);

    end;

    Concerning

    Etbin

  • Oracle PL/SQL Obfuscation replicate 3DES with java

    I have an existing oracle functions that use the function DES3Encrypt and DES3Decrypt.

    I need to write the equivalent of java version to replace the oracle those compatibiliy with encryption legacy system maintenance.

    What are the functions of oracle:

    FUNCTION encr(input_string IN VARCHAR2, key_string IN VARCHAR2)
      RETURN VARCHAR2 IS
      encrypted_string     := NULL;
      len      := lengthb(input_string);
           --String must be a multiple of 8-byte length.
      rest     := len MOD 8;
      IF rest     > 0 THEN
      decrypted_string     := rpad(input_string, len + 8 - rest, ' ');
      ELSE
      decrypted_string     := input_string;
           END IF;

      dbms_obfuscation_toolkit    .DES3Encrypt(input_string  => decrypted_string,
      key_string      => key_string,
      encrypted_string     => encrypted_string);

           /* HEX notation to avoid UNICODE chars */
      SELECT RAWTOHEX    (encrypted_string) INTO encrypted_string FROM DUAL;

      RETURN encrypted_string    ;
    END;

    //DECRYPTION
    FUNCTION decr    (input_string IN VARCHAR2, key_string IN VARCHAR2)
      RETURN VARCHAR2 IS
      decrypted_string     := NULL;
      encrypted_string     := input_string;

           /* HEX to ASCII */
      SELECT utl_raw    .cast_to_varchar2(encrypted_string)
      INTO encrypted_string
      FROM DUAL    ;

      dbms_obfuscation_toolkit    .DES3Decrypt(input_string  => encrypted_string,
      key_string      => key_string,
      decrypted_string     => decrypted_string);

      RETURN rtrim    (decrypted_string);
    END;

    Given the Decrypt function, for example, I wrote this java code:


    import javax.crypto.Cipher;
    import javax.crypto.SecretKey;
    import javax.crypto.spec.IvParameterSpec;
    import javax.crypto.spec.SecretKeySpec;


    public class DesHelper {
      

       private Cipher _dcipher;
               public DesHelper() {
                   try {

                       byte[] tdesKey = new byte[24];
                       System.arraycopy("2557133392096270".getBytes(StandardCharsets.US_ASCII), 0, tdesKey, 0, 16);
                       System.arraycopy("2557133392096270".getBytes(StandardCharsets.US_ASCII), 0, tdesKey, 16, 8);

                       final SecretKey key = new SecretKeySpec(tdesKey, "DESede");
     
                   _dcipher     = Cipher.getInstance("DESede/CBC/NoPadding");
                       final IvParameterSpec iv = new IvParameterSpec(new byte[8]);

                   _dcipher    .init(Cipher.DECRYPT_MODE, key,iv);

                  } catch (final Exception e) {
                      throw new RuntimeException(e);
                  }
          }


          public String decrypt(final String str) {
                  try {

                  final byte[] dec1 = hexToBytes(str);
                      final byte[] decryptedBytes = _dcipher.doFinal(dec1);  
                      return new String(decryptedBytes, StandardCharacters.US_ASCII);
                  } catch (final Exception e) {
                      System.out.println("decrypting string failed: " + str + " (" + e.getMessage() + ")");
                      return null;
                  }
          }

         private static byte[] hexToBytes(final String hex) {
                  final byte[] bytes = new byte[hex.length() / 2];
                  for (int i = 0; i < bytes.length; i++) {
                  bytes    [i] = (byte) Integer.parseInt(hex.substring(i * 2, i * 2 + 2), 16);
                  }
                  return bytes;
         }

    }

    It's the main:

    Public class MainClass {}

    Public Shared Sub main (final String [] args) {}

    String txtToBeDecrypted = "DA67C73756184F20ED92DF1614CB85ED";

    final DesHelper h = new DesHelper();

    String xc = h.decrypt (txtToBeDecrypted);

    System.out.printls (XC);

    }

    }


    But the printed result is still a mess of characters like these:

    lZ5 ????rd     

    where only "rd" is correct (being the last part of the decrypted Word).

    the correct decrypted word should be 'MonMotpasse '.

    If the password is transformed into mypasswordmypass (encrypted: 5543417F4834268A2799D9289D864BFB)... I get: lZ5? rdmypass-> it seems that the first 64 bits are always false.

    What is the problem in my code? is it just a matter of encoding?

    Message modificato da 3136775 added new snippet for completeness

    I found that the tip is in the vector of inialization IV...

    I wrote an algorithm to capture the right bytes value and it worked... it seems not oracle uses to manipulate the first 8 bytes.

  • Integrate R12.1.3 EBS with APEX 4.2.6

    Hello

    I was following the remark, but I could not succeed with this.

    When I click on the function Menu it's redirecting to: SUMMIT like this login page

    http://XXXXX.xxx.xxx:8080/ADR/f? p = 106:LOGIN_DESKTOP:10653362885847

    What I did is:

    (1) update LaunchApex.jsp it comes to success

    (2) created a blank page in the APEX.

    (3) created a package ebs_authenticate and APPS. XXAPX_SECURITY_PKG package as

    CREATE OR REPLACE FUNCTION ebs_authenticate (p_username IN VARCHAR2 )

    p_password IN VARCHAR2 )

    RETURN BOOLEAN AS

    BEGIN

    IF APPS. XXAPX_SECURITY_PKG.validate_hash (p_username, p_password) THEN

    RETURN TRUE ;

    END IF ;

    RETURN (APPS. FND_WEB_SEC.validate_login(p_username,_p_password) = 'Y');

    END ebs_authenticate;

    /

    CREATE OR REPLACE PACKAGE BODY XXAPX_SECURITY_PKG AS

    g_key VARCHAR2 (100);

    FUNCTION generate_hash (p_string IN VARCHAR2,

    p_offset IN DEFAULT NUMBER 0) EAST of RETURN VARCHAR2

    BEGIN

    IF IS NULL THEN p_string

    RETURNS A NULL VALUE.

    END IF;

    RETURN RAWTOHEX (UTL_RAW.cast_to_raw (DBMS_OBFUSCATION_TOOLKIT. MD5 (input_string = > p_string |) ':' ||

    TO_CHAR (SYSDATE-

    (p_offset / 24 * 60 * 60);

    "HH24MISS YYYYMMDD') |

    g_key)));

    END generate_hash;

    FUNCTION validate_hash (p_string IN VARCHAR2,

    P_hash IN VARCHAR2,

    p_delay to the NUMBER DEFAULT 5) RETURN BOOLEAN IS

    BEGIN

    FOR i FROM 0... p_delay LOOP

    IF p_hash = generate_hash (p_string, i) THEN

    RETURN TRUE;

    END IF;

    END LOOP;

    RETURN FALSE;

    END validate_hash;

    BEGIN

    SELECT encrypted_user_password

    IN g_key

    FROM APPS. FND_USER

    WHERE user_name = 'SYSADMIN ';

    END XXAPX_SECURITY_PKG;

    /

    create or replace procedure ebs_getsession1 (p_username out nocopy varchar2)

    as

    Start

    APPS.wfa_sec.getsession (p_username);

    end ebs_getsession1;

    (4) created in the APEX authentication:

    (5) created get Username Cookie

    BEGIN

    APPS.ebs_getsession1(:P101_USERNAME);

    : P101_PASSWORD: =.

    APPS. XXAPX_SECURITY_PKG.generate_hash

    (APPS. FND_GLOBAL.user_name);

    IF: P101_PASSWORD IS NOT NULL THEN

    (APEX_CUSTOM_AUTH). Login

    P_UNAME = >: P101_USERNAME,.

    P_PASSWORD = >: P101_PASSWORD,.

    P_SESSION_ID = > v ('APP_SESSION').

    P_APP_PAGE = >: APP_ID | » : 1'

    );

    END IF;

    EXCEPTION: WHEN OTHER THEN NULL;

    END;

    EBS links:

    ++++++++++++

    Call of HTML:

    1. LaunchApex.jsp? app = 106 & page = 1

    Hello

    Its solved thank you

    Make SURE APEX AREA and EBS should be to even:

    ex:

    http://xxx.yyyy.com:8000 / OA_HTML

    http://zzz.yyyy.com:8080 / ADR

    Thank you and regards

    Françoise

    Teyseer.

  • In 11g default Audit policy

    Hi all

    11.2.0.3.11

    AIX6

    This point of view v$ can I select all the information on our database of Audit policy setting? This shows the type of actions, events and information that is captured?

    Thank you

    MK

    Thank you Vlad,

    So note that Oracle does not recommend, usually, to revoke the privileges of the audience granted by default to the parcel (the functionality may be affected), but warns on privileges such as (a stupid example: GRANT SELECT ANY TABLE to PUBLIC) because this will affect the security.



    Then there are stupid privileges being revoked in the document above, in part as follows:

    (one of this broke our prod database?)

    REVOKE EXECUTE ON DBMS_ADVISOR TO PUBLIC;

    REVOKE EXECUTE ON THE PUBLIC DBMS_CRYPTO;

    REVOKE EXECUTE ON DBMS_JAVA TO PUBLIC;

    REVOKE EXECUTE ON DBMS_JAVA_TEST TO PUBLIC;

    REVOKE EXECUTE ON THE PUBLIC DBMS_JOB;

    REVOKE EXECUTE ON THE PUBLIC DBMS_LDAP;

    REVOKE EXECUTE ON THE PUBLIC DBMS_LOB.

    REVOKE EXECUTE ON THE PUBLIC DBMS_OBFUSCATION_TOOLKIT;

    REVOKE EXECUTE ON DBMS_BACKUP_RESTORE TO PUBLIC;

    REVOKE EXECUTE ON THE PUBLIC DBMS_SCHEDULER;

    REVOKE EXECUTE ON THE PUBLIC DBMS_SQL.

    REVOKE EXECUTE ON THE PUBLIC DBMS_XMLGEN;

    REVOKE EXECUTE ON DBMS_XMLQUERY TO THE PUBLIC;

    REVOKE EXECUTE ON UTL_FILE TO THE PUBLIC;

    REVOKE EXECUTE ON UTL_INADDR TO PUBLIC;

    REVOKE EXECUTE ON THE PUBLIC UTL_TCP;

    REVOKE EXECUTE ON UTL_MAIL TO PUBLIC;

    REVOKE EXECUTE ON THE PUBLIC UTL_SMTP.

    REVOKE EXECUTE ON UTL_DBWS TO PUBLIC;

    REVOKE EXECUTE ON UTL_ORAMTS TO PUBLIC;

    REVOKE EXECUTE ON THE PUBLIC UTL_HTTP.

    REVOKE EXECUTE ON THE PUBLIC HTTPURITYPE.

    REVOKE EXECUTE ON DBMS_SYS_SQL TO THE PUBLIC;

    REVOKE EXECUTE ON DBMS_BACKUP_RESTORE TO PUBLIC;

    REVOKE EXECUTE ON DBMS_AQADM_SYSCALLS TO PUBLIC;

    Revoke execute on DBMS_REPACT_SQL_UTL to PUBLIC;

    Revoke execute on INITJVMAUX to PUBLIC;

    Revoke execute on DBMS_STREAMS_ADM_UTL to PUBLIC;

    Revoke execute on DBMS_AQADM_SYS to PUBLIC;

    Revoke execute on DBMS_STREAMS_RPC to PUBLIC;

    Revoke execute on DBMS_AQADM_SYS to PUBLIC;

    Revoke execute on the PUBLIC DBMS_PRVTAQIM;

    Revoke execute on the PUBLIC LTADM.

    Revoke execute on WWV_DBMS_SQL to PUBLIC;

    Revoke execute on WWV_EXECUTE_IMMEDIATE to PUBLIC;

    Revoke execute on DBMS_IJOB to PUBLIC;

    Revoke execute on DBMS_FILE_TRANSFER to PUBLIC;

    revoke EXECUTE them ALL the PROCEDURE of OUTLN;

    revoke EXECUTE them ENTIRE DBSNMP PROCESS;

    Thank you

  • "The current version of the database has changed since... "Error

    Now I downloaded my application at the APEX. ORACLE.COM and my workspace is PSGCA and I have problems with the page 310 - details of the Bill.  How can I get the APEX. ORACLE.COM gurus to look over the page?  I'm having a problem with the part detail of this master-detail page.  Specifically, if I add data or update data to the captain only section, no problem.  This is when I need to update the data on the detail starting with my problems section!  If I add to the start of the line, no problem.  If I add information to a field null, no problem.  The problem arises when I want to change the HOURS/DAYS and COSTS.  He will take the initial value, but if I want to change then I get the error "database version has changed since... »

    No indication of this error would be greatly appreciated!

    Do you guys need for me to add table definitions and sample data.  In the past, I was told that it was not necessary; everything you had needed was the page.

    Is this correct?

    Can I add data and table definitions?

    For some reason that I could reduce it to the format mask on the expenditures column, which has been

    999G999G999G999G990D00PR

    When I changed it to

    999G999G999G999G990D00

    everything magically started working.

    For people wondering about the PR:

    PR

    9999PR

    Returns negative value in .

    Returns the positive value with a beginning and end empty.

    Restriction: The PR format item can only appear in the last position of a model number format.

    Documents: http://docs.oracle.com/cd/B19306_01/server.102/b14200/sql_elements004.htm

    I'm not sure why this particular mask causes. Because checksums are generated, I ran this sql to take a guess:

    select
DBMS_OBFUSCATION_TOOLKIT.md5 (input => UTL_RAW.cast_to_raw(exp1)) md5_val1,
DBMS_OBFUSCATION_TOOLKIT.md5 (input => UTL_RAW.cast_to_raw(exp2)) md5_val2,
DBMS_OBFUSCATION_TOOLKIT.md5 (input => UTL_RAW.cast_to_raw('1.00')) md5_val1_1,
DBMS_OBFUSCATION_TOOLKIT.md5 (input => UTL_RAW.cast_to_raw('1.00')) md5_val2_2
from (
select
expenses exp1,
to_char(expenses,'999G999G999G990D00PR') exp2
from invoice_details
) a

    which produces this output.

    MD5_VAL1 MD5_VAL2 MD5_VAL1_1 MD5_VAL2_2
    C4CA4238A0B923820DCC509A6F75849B 4DF59D42C9EE6119AEB2ADC95E7B7CF6 41CF2677CC4EC9356DAD8E76DFB87448 41CF2677CC4EC9356DAD8E76DFB87448

    Still not sure, but maybe it's to do with how and when checksums are generated?

    A space of drawing here - as you can see there is no guru, ace or oracle badge under my name, so I'm sure

    I've made changes on page 310, make backup to 24 but probably is not serious because your application is local. Probably no danger of change your credentials and/or remove your application.

    impressive effort on the example. This helps us better help you!

  • Issue in custom authentication

    Hi all

    I created a new custom authentication. The name of the function specified in the authentication scheme. My code seems to work very well (Boolean condition works) but authentication fails. Here's the package. Is there any other condition, I need the installation when you create to authenticate.

    can someone please suggest.


    create or replace package body app_login
is
Function get_hash(p_input IN varchar2)
return varchar2
is 
begin

RETURN UPPER(DBMS_OBFUSCATION_TOOLKIT.MD5 (
                 INPUT => UTL_I18N.STRING_TO_RAW(P_INPUT)));
                    -- return p_input;
end get_hash;

FUNCTION valid_user(p_username IN VARCHAR2 ,p_password IN VARCHAR2)
return boolean
is

v_hash varchar2(200);
V_RESULT number;
v_pwd DEMO1_USER.PASSWORD%type;

begin
v_hash:=app_login.get_hash(P_USERNAME || P_PASSWORD);

SELECT COUNT(*)
         INTO V_RESULT
          FROM DEMO1_USER
            WHERE UPPER(USERNAME) = UPPER(P_USERNAME)
                        AND UPPER(PASSWORD) = UPPER(V_HASH);


 IF V_RESULT > 0 THEN
       RETURN TRUE;
    ELSE
       RETURN FALSE;
    END IF;

end valid_user;

Procedure add_user(p_username IN VARCHAR2 ,p_password IN VARCHAR2)
is 
v_pwd_hash varchar2(200);
begin
v_pwd_hash:=app_login.get_hash(P_USERNAME || P_PASSWORD);
insert into demo1_user values(APP_USER_SEQ.nextval,p_username,v_pwd_hash);
commit;
end add_user;



end app_login;
    Thank you
    REDA

    Renon wrote:
    Hi Hari,

    Thank you very much for your time this issue. His works now.
    But the add_user function and the valid_user calls the function get_hash even without stem previously so why validation fails? Is required to be capitalized?

    Concerning
    REDA

    User name will always be in uppercase letters, regardless of how the user entered in the login screen. So in fact, UPPER (P_USERNAME) based on authentication valid_user is not necessary. However I have just kept it so that it returns the correct value when you run it go back. (for the objective test) etc.

    Value of variable binding that app_user will always be as HIGH of breakage.

    Kind regards
    Hari

  • Discover the parse error

    Got a new view complex using a dbms_obfuscation_toolkit.md5 function in the where clause: SELECT invalid token '=' Statement.Unexpected

    The generated DDL works very well and is running in the database. Data Modeler just don't like him. R3.3EA1

    The view:
    CREATE OR REPLACE VIEW V_ADD_H_INSR_CO AS
    SELECT I.CITY,
    I.NAME,
    I.STATE,
    I.ADDRESS1,
    I.ADDRESS2,
    I.ZIPCODE,
    PROCESS_DATES. LOAD_DTS,
    'G2' AS REC_SRC
    OF G2EDW. INSURANCE_STG I,.
    PROCESS_DATES
    WHERE THERE IS NO
    (SELECT 1
    OF H_INSR_CO H
    WHERE dbms_obfuscation_toolkit.md5 (input_string = >)
    I.CITY | ':'||
    I.NAME | ':'||
    I.STATE | ':'||
    I.ADDRESS1 | ':'||
    I.ADDRESS2 | ':'||
    I.ZIPCODE | ':'
    ) = dbms_obfuscation_toolkit.md5 (input_string = >)
    H.INSR_CO_CITY | ':'||
    H.INSR_CO_NM | ':'||
    H.INSR_CO_ST | ':'||
    H.INSR_CO_STREET_ADDR_1 | ':'||
    H.INSR_CO_STREET_ADDR_2 | ':'||
    H.INSR_CO_ZIP_CD | ':'
    )
    )
    I.CITY GROUP,
    I.NAME,
    I.STATE,
    I.ADDRESS1,
    I.ADDRESS2,
    I.ZIPCODE,
    PROCESS_DATES. LOAD_DTS,
    "G2";

    Hello Kent,

    I logged a bug for this.
    Why are you still using DM 3.3 EA1? Is there something holding you back?

    Philippe

  • Display Messages customized login Page

    I use a custom with APEX 4.1.1 authentication and I want to display error messages that are customized on the login page if authentication fails. In my authentication function, I use apex_util.set_authenication_result to set a result code (code below). I tried to use the apex_util.get_authenication_result on the login page to hide and display custom messages, but it does not work. I don't think that the apex_util.get_authenication_result is in fact to get the result? I'm doing something wrong? Is there a better way?
    FUNCTION verify_user(
    p_username VARCHAR2,
    p_password VARCHAR2
  ) RETURN BOOLEAN
  IS
    v_ctr      NUMBER;
    v_id       NUMBER;
    v_attempts NUMBER;
  BEGIN

    SELECT COUNT(1) INTO v_ctr FROM users_tbl 
       WHERE username = TRIM(UPPER(p_username)) 
       AND password = utl_raw.cast_to_raw(dbms_obfuscation_toolkit.md5(input_string => p_password || TRIM(UPPER(p_username))));

    IF v_ctr = 1 THEN

      SELECT user_id INTO v_id FROM users_tbl WHERE username = TRIM(UPPER(p_username));
      UPDATE users_tbl SET login_attempts = 0 WHERE user_id = v_id;
      APEX_UTIL.SET_AUTHENTICATION_RESULT(0);
      RETURN TRUE;

    ELSE
      SELECT COUNT(1) INTO v_ctr FROM users_tbl WHERE username = TRIM(UPPER(p_username));

      IF v_ctr = 1 THEN

        SELECT user_id INTO v_id FROM users_tbl WHERE username = TRIM(UPPER(p_username));

        SELECT login_attempts INTO v_attempts FROM users_tbl WHERE user_id = v_id;
        IF v_attempts > 5 THEN
          APEX_UTIL.SET_AUTHENTICATION_RESULT(2);
          RETURN FALSE;
        ELSE
          UPDATE users_tbl SET login_attempts = login_attempts + 1 WHERE user_id = v_id;
        END IF;

      END IF;

      APEX_UTIL.SET_AUTHENTICATION_RESULT(1);
      RETURN FALSE;

    END IF;

  END verify_user;
    Thank you
    Mark

    Hello

    Thank you.

    In your example, it's that you have used the page element.
    In this solution, you must use the application to store the custom login message.
    I have fix your example. Please check

    Kind regards
    Jari
    -----
    My Blog: http://dbswh.webhop.net/htmldb/f?p=BLOG:HOME:0
    Twitter: http://www.twitter.com/jariolai

  • dbms_sqlhash and online md5 calculator return different results

    Does anyone know how dbms_sqlhash.gethash () works?
    I get the same result for string 123456.
    Md5 (http://md5-hash-online.waraxe.us/) online calculator returns e10adc3949ba59abbe56e057f20f883e.
    DBMS_SQLHASH. GETHASH() returns 7E8FEB2276322ECDDD4423B649DFD4D9.
    --the second parameter value 2 means MD5 hash.
select DBMS_SQLHASH.GETHASH('select 123456 from dual',2) from dual;

    Hello
    >
    I get the same result for string 123456.
    Md5 (http://md5-hash-online.waraxe.us/) online calculator returns e10adc3949ba59abbe56e057f20f883e.
    DBMS_SQLHASH. GETHASH() returns 7E8FEB2276322ECDDD4423B649DFD4D9.

    --the second parameter value 2 means MD5 hash.
select DBMS_SQLHASH.GETHASH('select 123456 from dual',2) from dual;

    DBMS_SQLHASH. GETHASH returns the hash of the SQL statement in the first parameter Select 123456 of double, not 123456

    To get the MD5 hash of the 123456 you should use DBMS_OBFUSCATION_TOOLKIT or DBMS_CRYPTO packages. The latest is preferable and more recent.

    Kind regards

  • How to compare the current password encrypted pasword enter APEX4.1

    Hi all
    In my application uses the following package
    create or replace PACKAGE BODY app_security_pkg
AS
PROCEDURE login 
          (
           p_uname IN VARCHAR2
          ,p_password IN VARCHAR2
          ,p_session_id IN VARCHAR2
          ,p_flow_page IN VARCHAR2
          )
IS
 lv_goto_page NUMBER DEFAULT 1;
BEGIN
 
 -- This logic is a demonstration of how to redirect 
 -- to different pages depending on who successfully 
 -- authenticates. In my example, it simply demonstrates 
 -- the ADMIN user going to page 1 and all other users going
 -- to page 2. Add you own logic here to detrmin which page 
 -- a user should be directed to post authentication.
 IF UPPER(p_uname) = 'ADMIN'
 THEN
  lv_goto_page := 1;
 ELSE
  lv_goto_page := 2;
 END IF;

APEX_UTIL.SET_SESSION_STATE('FSP_AFTER_LOGIN_URL');

 wwv_flow_custom_auth_std.login 
 (
  p_uname => p_uname,
  p_password => p_password,
  p_session_id => p_session_id,
  p_flow_page => p_flow_page || ':' || lv_goto_page
  );

EXCEPTION
WHEN OTHERS
THEN 
 RAISE;
END login;

PROCEDURE add_user 
(
 p_username IN VARCHAR2
,p_password IN VARCHAR2
)
AS
BEGIN
INSERT INTO app_users (username, PASSWORD)
    VALUES (UPPER (p_username),
        get_hash (TRIM (p_username), p_password));

COMMIT;

EXCEPTION
WHEN OTHERS
THEN 
 ROLLBACK; 
 RAISE;
END add_user;

-- Function to Perform a oneway hash of the users 
-- passwords. This cannot be reversed. This exmaple 
-- is a very week hash and if been used on a production 
-- system, you may want to use a stronger hash algorithm.
-- Read the Documentation for more info on DBMS_CRYPTO as 
-- this is the supported package from Oracle and 
-- DBMS_OBFUSCATION_TOOLKIT is now depricated.
FUNCTION get_hash (p_username IN VARCHAR2, p_password IN VARCHAR2)
RETURN VARCHAR2
AS
BEGIN
RETURN DBMS_OBFUSCATION_TOOLKIT.md5 (
input_string => UPPER (p_username) 
                || '/' 
                || UPPER (p_password));
END get_hash;

PROCEDURE valid_user2 (p_username IN VARCHAR2, p_password IN VARCHAR2)
AS
v_dummy VARCHAR2 (1);
BEGIN
SELECT '1'
INTO v_dummy
FROM app_users
WHERE UPPER (username) = UPPER (p_username)
AND PASSWORD = get_hash (p_username, p_password);
EXCEPTION
WHEN NO_DATA_FOUND
THEN raise_application_error (-20000, 'Invalid username / password.');
END valid_user2;

FUNCTION valid_user (p_username IN VARCHAR2, p_password IN VARCHAR2)
RETURN BOOLEAN
AS
BEGIN
valid_user2 (UPPER (p_username), p_password);
RETURN TRUE;
EXCEPTION
WHEN OTHERS
THEN RETURN FALSE;
END valid_user;

END app_security_pkg;
    Here the ADD_USER procedure will convert the password and stores in the Table app_users in encrypted form.

    In my application, users can change their password,
    So I need to compare the password entering the Current_password field with the password encrypted in the app_users table.
    So I used the following code,
    declare
  l_x varchar2(30);
begin
  select username into l_x
        from app_users
    where upper(username) = upper(:P7_USERNAME)
      and password = :P7_CURRENT_PASSWORD;
  return (true);
exception
  when no_data_found then
    return (false);
end;
    This code works fine when the password is stored without encryption, but it displays error, after encryption

    because the password entered is simply password and not encrypted if the two are different even if the user enters the correct password.

    Please tel me how encrypt the entered password to compare with the encrypted password.

    Thank you
    Kind regards
    gurujothi.

    Hi guru,.

    When you say comparing it is obvious that both must be in the same format, so either you have to compare both encrypted or not encrypted.

    Do you have an example on apex.oracle.com?

    Thank you

  • Excution of function in the problem of the adf?

    My problem description:
    ADF: Add this JSF error message: the number of parameter names does not match that of the registered
     am code
    public String checkthis(String p_us, String p_pwd)
 {
        
        CallableStatement cs=null;

        try{

        cs=getDBTransaction().createCallableStatement("begin ? := FUNC_GET_SH(?,?); end;",0);

        cs.registerOutParameter(1, Types.VARCHAR);

        cs.setInt(p_us, 2);
        
        cs.setInt(p_pwd,3 );

        cs.executeUpdate();

       return cs.getString(1);

       }catch(SQLException e){

        throw new JboException(e);

        } 
         
   }
     ora db 10g code
CREATE OR REPLACE FUNCTION "FUNC_GT_SH"("P_USERNAME" IN VARCHAR2,  "P_PASSWORD" IN VARCHAR2) RETURN VARCHAR2    IS
BEGIN

    RETURN DBMS_OBFUSCATION_TOOLKIT.MD5(
      input_string => UPPER(p_username) || '/' || UPPER(p_password));

END;
/
    above method am exposed as a button in the user interface. while hitting the error recovery
    <Utils> <buildFacesMessage> ADF: Adding the following JSF error message: The number of parameter names does not match the number of registered praremeters
java.sql.SQLException: The number of parameter names does not match the number of registered praremeters
     at oracle.jdbc.driver.OracleSql.setNamedParameters(OracleSql.java:216)
     at oracle.jdbc.driver.OracleCallableStatement.executeUpdate(OracleCallableStatement.java:9319)
     at oracle.jdbc.driver.OraclePreparedStatementWrapper.executeUpdate(OraclePreparedStatementWrapper.java:1508)
     at com.rits.suplr.model.servicesAM.SupplierAMImpl.checkLogin(SupplierAMImpl.java:1294)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at oracle.adf.model.binding.DCInvokeMethod.invokeMethod(DCInvokeMethod.java:648)
     at oracle.adf.model.binding.DCDataControl.invokeMethod(DCDataControl.java:2142)
     at oracle.adf.model.bc4j.DCJboDataControl.invokeMethod(DCJboDataControl.java:3063)
     at oracle.adf.model.binding.DCInvokeMethod.callMethod(DCInvokeMethod.java:261)
     at oracle.jbo.uicli.binding.JUCtrlActionBinding.doIt(JUCtrlActionBinding.java:1635)
     at oracle.adf.model.binding.DCDataControl.invokeOperation(DCDataControl.java:2149)
     at oracle.jbo.uicli.binding.JUCtrlActionBinding.invoke(JUCtrlActionBinding.java:740)
     at oracle.adf.controller.v2.lifecycle.PageLifecycleImpl.executeEvent(PageLifecycleImpl.java:402)
     at oracle.adfinternal.view.faces.model.binding.FacesCtrlActionBinding._execute(FacesCtrlActionBinding.java:252)
     at oracle.adfinternal.view.faces.model.binding.FacesCtrlActionBinding.execute(FacesCtrlActionBinding.java:210)
     at com.rits.suplr.view.backing.login.OnDialogAction(login.java:59)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.sun.el.parser.AstValue.invoke(Unknown Source)
     at com.sun.el.MethodExpressionImpl.invoke(Unknown Source)
     at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodExpression(UIXComponentBase.java:1300)
     at oracle.adf.view.rich.component.UIXDialog.broadcast(UIXDialog.java:97)
     at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
     at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
     at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
     at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:102)
     at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
     at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
     at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
     at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:96)
     at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.broadcastEvents(LifecycleImpl.java:902)
     at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:313)
     at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:186)
     at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
     at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
     at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
     at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
     at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
     at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:175)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
     at java.security.AccessController.doPrivileged(Native Method)
     at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
     at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
     at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
     at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
     at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
     at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
     at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
     at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
    jdev11.1.1.5.0 - BC.

    How can solve this problem.

    Nothing to do with the ADF, but with proper use of JDBC

        public String checkthis(String p_us, String p_pwd)
 {

        CallableStatement cs=null;

        try{

        cs=getDBTransaction().createCallableStatement("begin ? := FUNC_GET_SH(?,?); end;",0);

        cs.registerOutParameter(1, Types.VARCHAR);

        cs.setString(2, p_us);

        cs.setString(3, p_pwd);

        cs.executeUpdate();

       return cs.getString(1);

       }catch(SQLException e){

        throw new JboException(e);

        } 

   }

Maybe you are looking for

  • Recommended update driver wireless router

    After we connected a new router, the Assistant HP invited to "update driver broadcom 802.11n wireless LAN".  I clicked download and to during the installation process has received the message, like him best as I can remember, "wireless would be disco

  • Links not working not not in Safari and Mail.

    Since I've updated my iPhone 6 more (128 GB) iOS 9.3, an annoying problem has come to life in Safari and Mail. In Safari, I can do a search or add a site URL Web through the top bar, but then I can't navigate more because one of the links is clickabl

  • Problems with Server 2008 R2 Kerberos with Mac and CentOS machines? Need to re - join domain

    We are having a problem with our Mac and Linux / CentOS machines constantly having to be re-attached to our AD domain.We are able to join machines to the domain successfully, but after a few weeks or if authentication is broken and we again join them

  • Windows Vista - could not start 0xc00000f

    I have the Dell Studio laptop. Windows could not start. A recent hardware or software change might be the cause. To solve the problem: 1. Insert your windows installation disc and restart your computer.2. choose your language settings, and then click

  • License IPS 4200

    Hello I want to install the license in Cisco series IPS 4215. Please can anyone provide any reference document