射精一区欧美专区|国产精品66xx|亚洲视频一区导航|日韩欧美人妻精品中文|超碰婷婷xxnx|日韩无码综合激情|特级黄片一区二区|四虎日韩成人A√|久久精品内谢片|亚洲成a人无码电影

您現(xiàn)在的位置:首頁 > IT認(rèn)證 > oracle認(rèn)證 >

Oracle性能調(diào)優(yōu):Oracle查詢密碼加密串方法


Oracle查詢密碼加密串方法

     

    方法也是參考網(wǎng)上牛人的結(jié)果改寫的,原來作者的需求是驗(yàn)證用戶名和明文密碼是否匹配,當(dāng)時(shí)覺得用處不是很大,因?yàn)槲业男枨笫菣z查在線庫是否有弱密碼存在,最后發(fā)現(xiàn)原來這樣是有原因的。因?yàn)镺racle的密碼是根據(jù)用戶名和密碼共同生成的密碼。也就是說,A用戶使用APP作為密碼和B用戶使用APP作為密碼,生成的密文是不一樣的。

     

    

     

   廢話不多說,貼一下我改動(dòng)的函數(shù)吧。修改的東西非常少,原來是從庫里面進(jìn)行驗(yàn)證,現(xiàn)在我只是想得到加密串:

  [sql]

  create or replace function testpwd(password in varchar2)

  return varchar2

  authid current_user

  is

  --

  raw_key raw(128):= hextoraw('0123456789ABCDEF');

  --

  raw_ip raw(128);

  pwd_hash varchar2(16);

  -- procedure unicode_str(userpwd in varchar2, unistr out raw)

  is

  enc_str varchar2(124):='';

  tot_len number;

  curr_char char(1);

  padd_len number;

  ch char(1);

  mod_len number;

  debugp varchar2(256);

  begin

  tot_len:=length(userpwd);

  for i in 1..tot_len loop

  curr_char:=substr(userpwd,i,1);

  enc_str:=enc_str||chr(0)||curr_char;

  end loop;

  mod_len:= mod((tot_len*2),8);

  if (mod_len = 0) then

  padd_len:= 0;

  else

  padd_len:=8 - mod_len;

  end if;

  for i in 1..padd_len loop

  enc_str:=enc_str||chr(0);

  end loop;

  unistr:=utl_raw.cast_to_raw(enc_str);

  end;function crack (userpwd in raw) return varchar2

  is

  enc_raw raw(2048);

  --

  raw_key2 raw(128);

  pwd_hash raw(2048);

  --

  hexstr varchar2(2048);

  len number;

  password_hash varchar2(16);

  begin

  dbms_obfuscation_toolkit.DESEncrypt(input => userpwd,

  key => raw_key, encrypted_data => enc_raw );

  hexstr:=rawtohex(enc_raw);

  len:=length(hexstr);

  raw_key2:=hextoraw(substr(hexstr,(len-16+1),16));

  dbms_obfuscation_toolkit.DESEncrypt(input => userpwd,

  key => raw_key2, encrypted_data => pwd_hash );

  hexstr:=hextoraw(pwd_hash);

  len:=length(hexstr);

  password_hash:=substr(hexstr,(len-16+1),16);

  return(password_hash);

  end;

  begin

  unicode_str(upper(password),raw_ip);

  return crack(raw_ip);

  end;

  /

  用法:

  SQL> select TESTPWD('AAPP')   from dual;

  TESTPWD('AAPP')

  --------------------------------------------------------------------------------

  EA3CE5815EDA5617

  SQL> select TESTPWD('BAPP')   from dual;

  TESTPWD('BAPP')

  --------------------------------------------------------------------------------

  86A292000F76737A

  這里可以看到生成的密碼串和上面查詢出來的是一致的,所以AAPP代表的就是A用戶,密碼是APP,BAPP代表的就是B用戶,密碼是APP。

  我這樣改寫的目的是準(zhǔn)備測試弱密碼口令,需要進(jìn)行大量數(shù)據(jù)的對比和測試,因此不希望使用線上數(shù)據(jù)庫進(jìn)行破解,所以可以將線上的數(shù)據(jù)拷貝出來,然后在線下進(jìn)行對比處理

  [sql] -- -----------------------------------------------------------------------------

  --                 LIMITED

  -- -----------------------------------------------------------------------------

  -- Script Name : testpwd.sql

  -- Author      : Pete Finnigan

  -- Date        : May 2009

  -- -----------------------------------------------------------------------------

  -- Description : This script can be used to test users passwords in databases

  --               of versions 7 - 10gR2

  -- -----------------------------------------------------------------------------

  -- Maintainer  : Pete Finnigan

  -- Copyright   : Copyright (C) 2008, 2009, Limited. All rights

  --               reserved. All registered trademarks are the property of their

  --               respective owners and are hereby acknowledged.

  -- -----------------------------------------------------------------------------

  -- License     : This software is free software BUT it is not in the public

  --               domain. This means that you can use it for personal or

  --               commercial work but you cannot remove this notice or copyright

  --               notices or the banner output by the program or edit them in any

  --               way at all. You also cannot host/distribute/copy or in anyway

  --               make this script available through any means either in original

  --               form or any derivitive work based on it. The script is

  --               only available from its own webpage

  --               ./testpwd.sql or any other page that

  --               Limited hosts it from.

  --               This script cannot be incorporated into any other free or

  --               commercial tools without permission from

相關(guān)文章

無相關(guān)信息
更新時(shí)間2022-09-16 10:07:20【至頂部↑】
聯(lián)系我們 | 郵件: | 客服熱線電話:4008816886(QQ同號(hào)) | 

付款方式留言簿投訴中心網(wǎng)站糾錯(cuò)二維碼手機(jī)版

電話:
付款方式   |   給我留言   |   我要糾錯(cuò)   |   聯(lián)系我們