Crypter un mot de passe

lolita-01 Messages postés 90 Date d'inscription Statut Membre Dernière intervention -
moiced59 Messages postés 1145 Date d'inscription Statut Membre Dernière intervention - 15 sept. 2012 à 15:36

Bonsoir,
En fait je cherchais un code sql pour que un mot de passe soit crypté avant stockage dans la base et je suis tombé sur ce code la:
SQL> CREATE TABLE demo_users (
id_user NUMBER(12) NOT NULL,
username VARCHAR2(128) NOT NULL,
password VARCHAR2(128) NOT NULL
);

SQL> Table created.

SQL>ALTER TABLE demo_users ADD (
CONSTRAINT id_users_pk PRIMARY KEY (id_user)
);

SQL> Table altered.

SQL>ALTER TABLE demo_users ADD (
CONSTRAINT users_name_uk UNIQUE (username)
);

SQL> Table altered.

SQL>CREATE SEQUENCE demo_users_seq;

SQL> sequence created.

--Création du package pour la sécurisation des informations des utilisateur
SQL> CREATE OR REPLACE PACKAGE demo_user_security AS

FUNCTION GET_HASH (p_username IN VARCHAR2,
p_password IN VARCHAR2)
RETURN VARCHAR2;

PROCEDURE add_user (p_username IN VARCHAR2,
p_password IN VARCHAR2);

PROCEDURE change_password (p_username IN VARCHAR2,
p_old_password IN VARCHAR2,
p_new_password IN VARCHAR2);

PROCEDURE valid_user (p_username IN VARCHAR2,
p_password IN VARCHAR2);

FUNCTION valid_user (p_username IN VARCHAR2,
p_password IN VARCHAR2)
RETURN BOOLEAN;

END;

SQL> package created.

SQL>CREATE OR REPLACE PACKAGE BODY demo_user_security AS

FUNCTION GET_HASH (p_username IN VARCHAR2,
p_password IN VARCHAR2)
RETURN VARCHAR2 AS
v_secur VARCHAR2(30) := 'Test';
BEGIN
-- Pre Oracle 10g
RETURN DBMS_OBFUSCATION_TOOLKIT.MD5(
input_string => UPPER(p_username) || v_secur || UPPER(p_password));

-- Oracle 10g+ : Require EXECUTE on DBMS_CRYPTO
--RETURN DBMS_CRYPTO.HASH(UTL_RAW.CAST_TO_RAW(UPPER(p_username)
--|| v_secur || UPPER(p_password)),DBMS_CRYPTO.HASH_SH1);
END;

PROCEDURE add_user (p_username IN VARCHAR2,
p_password IN VARCHAR2) AS
BEGIN
INSERT INTO demo_users (
id_user,
username,
password
)
VALUES (
demo_users_seq.NEXTVAL,
UPPER(p_username),
GET_HASH(p_username, p_password)
);

COMMIT;
END;

PROCEDURE change_password (p_username IN VARCHAR2,
p_old_password IN VARCHAR2,
p_new_password IN VARCHAR2) AS
v_rowid ROWID;
BEGIN
SELECT rowid
INTO v_rowid
FROM demo_users
WHERE username = UPPER(p_username)
AND password = get_hash(p_username, p_old_password)
FOR UPDATE;

UPDATE demo_users
SET password = get_hash(p_username, p_new_password)
WHERE rowid = v_rowid;

COMMIT;
EXCEPTION
WHEN NO_DATA_FOUND THEN
RAISE_APPLICATION_ERROR(-20010, 'nom utilisateur/mot de passe incorrect.');
END;

PROCEDURE valid_user (p_username IN VARCHAR2,
p_password IN VARCHAR2) AS
v_numy VARCHAR2(1);
BEGIN
SELECT '1'
INTO v_numy
FROM demo_users
WHERE username = UPPER(p_username)
AND password = get_hash(p_username, p_password);
EXCEPTION
WHEN NO_DATA_FOUND THEN
RAISE_APPLICATION_ERROR(-20000, 'nom utilisateur/mot de passe incorrect.');
END;

FUNCTION valid_user (p_username IN VARCHAR2,
p_password IN VARCHAR2)
RETURN BOOLEAN AS
BEGIN
valid_user(p_username, p_password);
RETURN TRUE;
EXCEPTION
WHEN OTHERS THEN
RETURN FALSE;
END;

END;
/
SQL> package body created.

Je l'ai exécuté et jusque la ça marche tout est bon et puis y a ce code la qui marche pas et j'ai pas compris d'ailleurs c'est quoi ce PL/SQL:
--Création des utilisateurs

SQL> exec demo_user_security.add_user('Smith','secret');

PL/SQL procedure successfully completed.

SQL> exec demo_user_security.add_user('William','terces121');
PL/SQL procedure successfully completed.
SQL> select * from demo_users;
ID USERNAME PASSWORD
----------- -----------------------------------------------
1 Smith ãXFõ^C"®W3-E
2 William b¾õmûMÀ*æ"¶ }^

--Ensuite on va vérifier la procédure VALID_USER

SQL> EXEC demo_user_security.valid_user('Smith','secret');

PL/SQL procedure successfully completed.

SQL> EXEC demo_user_security.valid_user('William','bblsld');
BEGIN app_user_security.valid_user('william','bblsld'); END;

*
ERROR at line 1:
ORA-20000: nom utilisateur/mot de passe incorrect.
ORA-06512: at "W2K1.DEMO_USER_SECURITY", line 66
ORA-06512: at line 1

--Ensuite on vérifiéra la fonction VALID_USER.

SQL> SET SERVEROUTPUT ON
SQL> BEGIN
2 IF demo_user_security.valid_user('Smith','secret') THEN
3 DBMS_OUTPUT.PUT_LINE('TRUE');
4 ELSE
5 DBMS_OUTPUT.PUT_LINE('FALSE');
6 END IF;
7 END;
8 /
TRUE

PL/SQL procedure successfully completed.

SQL> BEGIN
2 IF demo_user_security.valid_user('William','bblsld') THEN
3 DBMS_OUTPUT.PUT_LINE('TRUE');
4 ELSE
5 DBMS_OUTPUT.PUT_LINE('FALSE');
6 END IF;
7 END;
8 /
FALSE

PL/SQL procedure successfully completed.

SQL>

--Au final on vérifiéra la procédure CHANGE_PASSWORD.

SQL> exec demo_user_security.change_password('Smith','secret','tresect');

PL/SQL procedure successfully completed.

SQL> exec demo_user_security.change_password('William','vfrdtg','vcftg12');
BEGIN app_user_security.change_password('William','vfrdtg','vfrd14g'); END;

Si quelqu'un peut m'aider svp , tout ce que je veut c'est les mots de passe avant leurs insertion dans la base. Merci d'avance

Afficher la suite

A voir également:

1 réponse

Réponse 1 / 1

moiced59 Messages postés 1145 Date d'inscription Statut Membre Dernière intervention 60

Bonjour

Tu as la fonction md5(password)

Discussions similaires

Mot de passe administrateur Freebox : où le trouver ?

Trouver le mdp administrateur freebox ?

Votre réponse

Discussions similaires