||Oracle Tips by Burleson
Chapter 6 Oracle Encryption
Decryption Process with Input Vector
Using an IV in the encryption process will
require the same IV to be applied during the decryption process. If
the user somehow gets into the database, learns the keys and tries
to steal the procedure codes, he or she will not be successful.
Reason: the IV value, which is another key in the process, will not
be set in that manner.
As we saw in Chapter 4, the only way the
application context attributes can be set is through a trusted
procedure, never independently. This will prevent the hacker from
setting the value of input_vector to the expected string
some_string_that_can_be_set_here and therefore the decryption will
never be successful. Similarly, if the hacker tries to set another
value of the input vector in the encryption process, he or she will
not be successful, either.
The above text is
an excerpt from:
Oracle Privacy Security Auditing
Final Word on Oracle Security
This is the only authoritative
book on Oracle Security, Oracle Privacy, and Oracle Auditing written
by two of the world’s leading Oracle Security experts.
This indispensable book is only
and has an
immediate download of working security scripts: