Database Reference
In-Depth Information
mCryptSessionSecretDESAlgorithm, mCryptSessionSecretDESSalt,
mCryptSessionSecretDESIterationCount ) );
if( null != stmt ) stmt.close();
Normally we wouldn't call Oracle database to encrypt clear text data from the client, and then
decrypt it at the client to obtain the clear text. Nevertheless, that is precisely what we did here.
Sending Encrypted Data to Oracle
In our last test in Listing 6-25, we will encrypt clear text data, “Thursday” on the client. We encrypt it
with the copy of the DES secret password key, based on the artifacts we got from Oracle. Then we submit
the encrypted data to Oracle database by calling the
f_get_decrypt_data
function. Oracle database will
decrypt the data using the original secret password key, and then our client will read the clear text
String
that is returned as parameter 1. We print that result and close the
Statement
.
Listing 6-25.
Get Decrypt Data, from
main()
cryptData = getCryptData( "Thursday" )
;
stmt = ( OracleCallableStatement )conn.prepareCall(
"{? = call app_sec_pkg.
f_get_decrypt_data(?)
}" );
stmt.registerOutParameter( 1, OracleTypes.VARCHAR );
stmt.setRAW( 2, cryptData )
;
stmt.executeUpdate();
System.out.println( stmt.getString( 1 ) )
;
if( null != stmt ) stmt.close();
This is another unlikely scenario where we are calling an Oracle function to decrypt data for use on
the client. Don't worry about exposing unneeded functionality to the client; we will be sorting this out as
we continue. In fact, we already have! Our client applications will not be connecting as
appsec
user, and
only
appsec
will be able to execute procedures and functions in the
app_sec_pkg
package.
Testing Our Secure Client/Server Data Transmission
In a Command Prompt, Change directories to
Chapter6
. Compile the code with this command:
javac orajavsec/OracleJavaSecure.java
Again, if you have any problems, refer to Chapter 3 for directions on compiling at the command
prompt and setting your environment
CLASSPATH
to include
ojdbc6.jar
. Then run the code from that
same directory with this command:
java orajavsec.OracleJavaSecure
The following six lines will be printed as a result:
Monday
PBEWithSHA1AndDESede
PBEWithMD5AndDES
Tuesday
Wednesday
Thursday
