Oracle® OLAP DML Reference 10g Release 2 (10.2) Part Number B14346-02 |
|
|
View PDF |
The OBSCURE function provides two mechanisms for encrypting a single-line text expression. Depending on the mechanism you use, OBSCURE can also restore the encrypted value to its original form.
Important:
The OBSCURE function does not conform to the C2 security level specified by the Department of Defense.Return Value
TEXT
Note:
The return value of the OBSCURE function always has a text data type. However, unless you specify the TEXT keyword, the actual value returned byOBSCURE(HASH)
and OBSCURE(HIDE)
is binary. When you want to be able to manage these encrypted values as text (for example, when you want to be able to store them in a text file), you must specify the TEXT keyword. See Example 21-13, "Generating Text Data".Syntax
OBSCURE({HASH|HIDE|UNHIDE} [TEXT] seed-exp input-exp)
Arguments
Specifies that Oracle OLAP encrypts the input text expression according to the seed expression that you specify. With the HASH keyword:
Encrypted values cannot be restored to their original form.
The same seed expression and input text always produce the same result.
A typical application would be a local password validation scheme. You can use OBSCURE with the HASH keyword to encrypt passwords, store them, and then validate the passwords presented by users against the stored encrypted values. See Example 21-11, "Using HASH".
Specifies that Oracle OLAP encrypts the input text expression according to the seed expression that you specify. With the HIDE keyword:
Encrypted values can be restored to their original form with UNHIDE.
The same seed expression and input text always produce different results.
The HIDE keyword provides a mechanism for storing values in encrypted form while actually comparing their unencrypted values. A typical application would be a remote password validation scheme. You could use OBSCURE with the HIDE keyword to store passwords in encrypted form on a local system. You could then pass them in encrypted form to a remote system for validation against unencrypted criteria on the host. See Example 21-12, "Using HIDE".
When specified with the original seed expression, restores values encrypted with the HIDE keyword to their original form. See "Restoring Text".
The TEXT keyword causes OBSCURE to convert binary data to text, such that the return value consists only of text data. When you do not specify the TEXT keyword, the output of OBSCURE is binary data. See "Restoring Text", and "Generating Text Data".
A single-line case-sensitive text expression that is used as a seed value in the encryption of the input text expression.
A single-line case-sensitive text expression to be encrypted or restored by OBSCURE.
Notes
Restoring Text
When you have used OBSCURE(HIDE) with the TEXT keyword to encrypt a text expression, you must also specify the TEXT keyword with OBSCURE(UNHIDE)
to restore the encrypted expression to its original form.
Examples
Example 21-11 Using HASH
The following example shows how you could use the HASH keyword to store a password in encrypted form in the variable first_user
. When a new user attempts to log in, his password is encrypted with the HASH keyword and compared to the value stored in first_user
. When the values are the same, the program validate_user
, which allows the new user to log in, is invoked.
passvar = 'JoeSmith' first_user = OBSCURE(HASH 'lxyz' passvar) ... 'Run a login procedure that assigns a password 'presented by a user to the variable NEW_USER 'and checks it against the stored encrypted value ... IF OBSCURE(HASH 'xyz' new_user) EQ first_user THEN validate_user ELSE deny_access
Example 21-12 Using HIDE
You can encrypt the name JSmith
with the seed expression abc
and restore it to its original form, using the following statements.
DEFINE pswobsc VARIABLE TEXT pswobsc = OBSCURE(HIDE 'abc' 'JSmith') SHOW OBSCURE(UNHIDE 'abc' pswobsc)
This SHOW statement generates the following output.
jsmith
Example 21-13 Generating Text Data
The following statements illustrate the use of the TEXT keyword.
DEFINE encrypted_text VARIABLE TEXT DEFINE unencrypted_text VARIABLE TEXT unencrypted_text = 'max' encrypted_text = OBSCURE(HIDE TEXT 'XXXX' unencrypted_text) SHOW encrypted_text
This SHOW statement generates the following output.
c5WF/XfABuY
The same statements without the TEXT keyword would produce binary output from the SHOW statement.