Database Reference
In-Depth Information
System.out.print( "\n" );
Again, we print the String value of the encrypted RAW in parentheses beside the data. In this case
there is a single RAW that represents the entire row of concatenated data.
Sending Encrypted Data to Oracle Database for Insert/Update
I wouldn't say that this next example procedure bears no resemblance to our previous examples, but you
will notice there are none of the trappings of key exchange in either direction. This is an update, and in
order to encrypt the data at the client, we would already have had to exchange keys. Listing 7-24 shows
the code to call our encrypted data update procedure, p_update_employees_sensitive .
Listing 7-24. Update Sensitive Data in Employees, call p_update_employees_sensitive
stmt = ( OracleCallableStatement )conn.prepareCall(
"CALL hr.hr_sec_pkg. p_update_employees_sensitive (?,?,?,?,?,?,?,?,?,?,?,?,?)" );
stmt.registerOutParameter( 12, OracleTypes.NUMBER );
stmt.registerOutParameter( 13, OracleTypes.VARCHAR );
stmt.setInt( 1, 300 );
stmt.setString( 2, "David" );
stmt.setString( 3, "Coffin" );
stmt.setString( 4, "DAVID.COFFIN" );
stmt.setString( 5, "800.555.1212" );
stmt.setDate( 6, new Date( ( new java.util.Date() ).getTime() ) );
stmt.setString( 7, "SA_REP" );
// Note - may not have locModulus, locExponent, at this time!
stmt.setRAW( 8, OracleJavaSecure.getCryptData( "9000.25" ) ) ;
stmt.setRAW( 9, OracleJavaSecure.getCryptData( "0.15" ) ) ;
stmt.setInt( 10, 147 );
stmt.setInt( 11, 80 );
stmt.setInt( 12, 0 );
stmt.setNull( 13, OracleTypes.VARCHAR );
stmt.executeUpdate();
errNo = stmt.getInt( 12 );
if( errNo != 0 ) {
errMsg = stmt.getString( 13 );
System.out.println( "Oracle error 3) " + errNo + ", " + errMsg );
}
else System.out.println( "Oracle success 3)" );
if( null != stmt ) stmt.close();
For our encrypted data, we first call the getCryptData() method. Then we set a RAW parameter in our
Oracle procedure. When we execute this statement, both the clear-text and encrypted data values get
sent to Oracle database for Insert or Update, as determined by the procedure.
A TALE OF TWO DATE CLASSES
As in our previous examples, here in Listing 7-24 we are setting our parameters, except that this time, we
are setting data instead of key artifacts. In our sixth parameter, we are instantiating a java.util.Date
 
 
Search WWH ::




Custom Search