Encryption of Database User Password Fields using MD5 Encoding

1. As we all know, MD5 is currently the most widely used password protection method. It is regarded as irreversible encryption. <that is to say, the original code cannot be recalculated.>. Using MD5 to encrypt the user's operation password can effectively prevent system maintenance personnel from directly accessing the database with a system security vulnerability <query using the SELECT statement directly, and view the user password field only

1. As we all know, MD5 is currently the most widely used password protection method. It is regarded as irreversible encryption. <that is to say, the original code cannot be recalculated.>. Using MD5 to encrypt the user's operation password can effectively prevent system maintenance personnel from directly accessing the database with a system security vulnerability <query using the SELECT statement directly, and view the user password field only

1 Preface
As we all know, MD5 is currently the most widely used password protection method, which is considered irreversible encryption <that is to say, never calculate the original code>. Using MD5 to encrypt the user's operation password can effectively prevent system maintenance personnel from directly accessing the database with a system security vulnerability <query using the SELECT statement directly, and only garbled characters can be seen in the user password field, or "*****">
This article provides an example of password field encryption, hoping to help you build your system.
　　
2 technical points
2.1 DBMS_OBFUSCATION_TOOLKIT.MD5
DBMS_OBFUSCATION_TOOLKIT.MD5 is an MD5-encoded data packet function, but an error message is displayed when select DBMS_OBFUSCATION_TOOLKIT.MD5 (input_string => 'abc') a from Dual, it seems that this function can only be called directly in the package and cannot be directly applied to SELECT statements.
　　
2.2 Utl_Raw.Cast_To_Raw
The string returned by DBMS_OBFUSCATION_TOOLKIT.MD5 is of the RAW type. to display it correctly, it must be converted to Utl_Raw.Cast_To_Raw. <this knowledge point is obtained from the NICK511 post in the Forum before>

<无>

3 instance walkthrough 3.1 Use Scott/Tiger @ YourDBName -- 3.2.1 to CREATE a data Table Drop TABLE Test_User; CREATE Table Test_User (UserName VARCHAR2 (30) not null, PassWord VARCHAR2 (2000) not null) /-- 3.2.2 Create a Package Create Or Replace Package Test_MD5 AS Function FN_GetMD5 (P_Str In VarChar2) Return VarChar2; Function FN_CheckUser (P_UserName In VarChar2, P_Password In VarChar2) Return Number; End; /CREATE OR REPLACE PACKAGE BODY Test_MD5 as function FN_GetMD5 (P_Str IN VARCHAR2) RETURN VARCHAR2 as begin return encode (input_string => Upper (P_Str); END; Function FN_CheckUser (P_UserName IN VARCHAR2, P_Password IN VARCHAR2) return Number Is L_Password VarChar2 (2000); begin select Utl_Raw.Cast_To_Raw (Password) INTO L_Password FROM Test_User WHERE Upper (UserName) = UPPER (P_UserName); If Utl_Raw.Cast_To _ Raw (FN_GetMD5 (P_Password) = L_Password Then Return 1; Else Return 0; End If; exception when NO_DATA_FOUND THEN Return 0; END; End;/-- 3.3 test Delete Test_User; insert Into Test_User Values ('A', Test_MD5.FN_GetMD5 ('A'); Insert Into Test_User Values ('B', Test_MD5.FN_GetMD5 ('bb'); Commit; select Test_MD5.FN_CheckUser ('A', 'A') From Dual; Select Test_MD5.FN_CheckUser ('A', 'bb ') From Dual; Note: Comparison of MD5 encoding, It does not need to undergo Utl_Raw.Cast_To_Raw conversion. The purpose of Utl_Raw.Cast_To_Raw is to facilitate debugging and provide more knowledge.