如何在Oracle数据库中存储敏感数据(例如数据库密码)
[英]How do i store sensitive data (such as Database passwords) in an Oracle Database
问题描述
Basically i'm building a WebApp (ASP.NET MVC5) working with Oracle Database. 
基本上,我正在构建使用Oracle数据库的WebApp(ASP.NET MVC5)。 The application connects to multiple oracle databases and an admin should be able to dynamically add new database connections to the webapp. 该应用程序连接到多个oracle数据库,并且管理员应能够将新的数据库连接动态添加到该webapp。
The way we are doing it now, when an admin adds a new database via the admin panel, the database connection info is stored in our own Oracle Database (this includes the username and password to the database). 我们现在的操作方式是,当管理员通过管理面板添加新数据库时,数据库连接信息存储在我们自己的Oracle数据库中(包括数据库的用户名和密码)。 These passwords are currently stored plaintext. 这些密码当前存储为纯文本。
All the webapp would have to do is retrieve the database credentials from our own database, format them into a connection string and connect to the database. Webapp所需要做的就是从我们自己的数据库中检索数据库凭据,将它们格式化为连接字符串并连接到数据库。
The problem is, if we hash the passwords, they will not work in a connection string, nor would this add any security at all. 问题是,如果我们对密码进行哈希处理,它们将无法在连接字符串中使用,也根本不会增加任何安全性。 All the encryption of these passwords should happen on the databas-side. 这些密码的所有加密都应在数据库侧进行。
I found out about TDE (transparant data encryption) but i believe this is only available in the enterprise edition of Oracle Database and i do not have access to this. 我发现了有关TDE(透明数据加密)的信息,但我相信这仅在Oracle数据库的企业版中可用,我无权访问。 Is there any other way to securely store the database passwords? 还有其他方法可以安全地存储数据库密码吗? Am i missing something ? 我想念什么吗?
1 个解决方案
解决方案1
0 2019-04-17 15:07:30
You can simply encrypt the passwords and store it in the database. 您可以简单地加密密码并将其存储在数据库中。 When a user changes the password or signs up for the first time, simply encrypt them. 用户更改密码或首次注册时,只需对其进行加密。 While checking for validation, encrypt the text box and check if two strings match. 在检查验证时,请加密文本框并检查两个字符串是否匹配。
And when you require to know the passwords, decrypt them. 当您需要知道密码时,请对其解密。
A sample code for encryption looks like 加密的示例代码如下所示
// Encrypt the text
public static string EncryptText(string strText)
{
return Encrypt(strText, "a#94tOc*"); // use any string to encrypt other than a#94tOc*
}
//The function used to encrypt the text
private static string Encrypt(string strText, string strEncrKey)
{
byte[] byKey = { };
byte[] IV = { 0X12, 0X34, 0X56, 0X78, 0X90, 0XAB, 0XCD, 0XEF };
byKey = System.Text.Encoding.UTF8.GetBytes(strEncrKey.Substring(0, 8));
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
byte[] inputByteArray = System.Text.Encoding.UTF8.GetBytes(strText);
MemoryStream ms = new MemoryStream();
CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(byKey, IV), CryptoStreamMode.Write);
cs.Write(inputByteArray, 0, inputByteArray.Length);
cs.FlushFinalBlock();
return Convert.ToBase64String(ms.ToArray());
}
Similarly for decrypting, use: 同样,对于解密,请使用:
//Decrypt the text
public static string DecryptText(string strText)
{
return Decrypt(strText, "a#94tOc*"); // use same as encryption string
}
//The function used to decrypt the text
private static string Decrypt(string strText, string sDecrKey)
{
byte[] byKey = { };
byte[] IV = { 0X12, 0X34, 0X56, 0X78, 0X90, 0XAB, 0XCD, 0XEF };
byte[] inputByteArray = new byte[strText.Length + 1];
byKey = System.Text.Encoding.UTF8.GetBytes(sDecrKey.Substring(0, 8));
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
inputByteArray = Convert.FromBase64String(strText.Replace(' ', '+'));
MemoryStream ms = new MemoryStream();
CryptoStream cs = new CryptoStream(ms, des.CreateDecryptor(byKey, IV), CryptoStreamMode.Write);
cs.Write(inputByteArray, 0, inputByteArray.Length);
cs.FlushFinalBlock();
System.Text.Encoding encoding = System.Text.Encoding.UTF8;
return encoding.GetString(ms.ToArray());
}
So basically just call EncryptText(password) to encrypt and DecryptText(encrypted_password) to decrypt. 因此,基本上只需调用EncryptText(password)进行加密,然后DecryptText(encrypted_password)进行解密。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.