Home > Software design >  How to insert encrypted value in table Oracle apex
How to insert encrypted value in table Oracle apex

Time:07-22

Hi everyone so I'm making an authentification scheme that has 2 functions. A function that authenticates the user. All the data for the user is stored in a table called DJELATNIK which has attributes KORISNICKO_IME (username) and LOZINKA (password) and some more.

So this function just returns true if the username and password match in that table.

    create or replace FUNCTION 
    prijava_custom(p_username IN VARCHAR2, p_password IN VARCHAR2)
RETURN BOOLEAN
AS
    v_korisnicko varchar2(100);
    v_lozinka varchar2(100);
BEGIN
    SELECT KORISNICKO_IME, LOZINKA
    INTO v_korisnicko, v_lozinka
    FROM DJELATNIK
    WHERE UPPER(KORISNICKO_IME) = UPPER(p_username)
    AND LOZINKA = enkripcija_MD5(p_password);
    RETURN TRUE;
EXCEPTION 
   WHEN NO_DATA_FOUND THEN
   RETURN FALSE;
END;

The other function is the encryption mentioned in the last function.

create or replace Function enkripcija_MD5 (pstring IN VARCHAR2) Return VARCHAR2 IS
    hash_lozinka VARCHAR2(32) := '' ;
BEGIN
    hash_lozinka := DBMS_OBFUSCATION_TOOLKIT.md5(input => UTL_I18N.STRING_TO_RAW (pstring, 'AL32UTF8' ));
    RETURN hash_lozinka;
END enkripcija_MD5;

The thing that escapes my mind at the moment is how I save the encrypted password in the table instead of the plain text password?

I tried making an "After submit" process on the FORM edit page but that didn't work. Tried making a dynamic action that sets the password value right away to the hashed value, but that didnt work either. I know it's like a really banal thing and I should know it but I really cant think of it so I'm looking for ideas.

CodePudding user response:

One option would be a database trigger.

Here's an example.

Simplified table:

SQL> CREATE TABLE djelatnik
  2  (
  3     korisnicko_ime   VARCHAR2 (20),
  4     lozinka          VARCHAR2 (32)
  5  );

Table created.

Function:

SQL> CREATE OR REPLACE FUNCTION enkripcija_MD5 (pstring IN VARCHAR2)
  2     RETURN VARCHAR2
  3  IS
  4     hash_lozinka  VARCHAR2 (32) := '';
  5  BEGIN
  6     hash_lozinka :=
  7        DBMS_OBFUSCATION_TOOLKIT.md5 (
  8           input  => UTL_I18N.STRING_TO_RAW (pstring, 'AL32UTF8'));
  9     RETURN hash_lozinka;
 10  END enkripcija_MD5;
 11  /

Function created.

Trigger:

SQL> CREATE OR REPLACE TRIGGER trg_biu_djel
  2     BEFORE INSERT OR UPDATE
  3     ON djelatnik
  4     FOR EACH ROW
  5  BEGIN
  6     :new.lozinka := enkripcija_md5 (:new.lozinka);
  7  END;
  8  /

Trigger created.

Let's test it:

SQL> INSERT INTO djelatnik (korisnicko_ime, lozinka)
  2       VALUES ('little', 'foot');

1 row created.

Table contents:

SQL> SELECT * FROM djelatnik;

KORISNICKO_IME       LOZINKA
-------------------- --------------------------------
little               D8735F7489C94F42F508D7EB1C249584

Query from your prijava_custom function:

SQL> SELECT *
  2    FROM djelatnik
  3   WHERE     UPPER (korisnicko_ime) = 'LITTLE'
  4         AND lozinka = enkripcija_md5 ('foot');

KORISNICKO_IME       LOZINKA
-------------------- --------------------------------
little               D8735F7489C94F42F508D7EB1C249584

SQL>

Testing your function:

SQL> set serveroutput on
SQL> CREATE OR REPLACE FUNCTION prijava_custom (p_username  IN VARCHAR2,
  2                                             p_password  IN VARCHAR2)
  3     RETURN BOOLEAN
  4  AS
  5     v_korisnicko  VARCHAR2 (100);
  6     v_lozinka     VARCHAR2 (100);
  7  BEGIN
  8     SELECT KORISNICKO_IME, LOZINKA
  9       INTO v_korisnicko, v_lozinka
 10       FROM DJELATNIK
 11      WHERE     UPPER (KORISNICKO_IME) = UPPER (p_username)
 12            AND LOZINKA = enkripcija_MD5 (p_password);
 13
 14     RETURN TRUE;
 15  EXCEPTION
 16     WHEN NO_DATA_FOUND
 17     THEN
 18        RETURN FALSE;
 19  END;
 20  /

Function created.

SQL> begin
  2    if prijava_custom('little', 'foot') then
  3       dbms_output.put_line('True');
  4    else
  5       dbms_output.put_line('False');
  6    end if;
  7  end;
  8  /
True

PL/SQL procedure successfully completed.

SQL>

Everything looks OK to me.

  • Related