ram-oracle
v1.0.3
Published
Hash check input password against Oracle database password.
Downloads
49
Readme
About This Package
This module hash checks the input password against a schema's password in the Oracle database. Why? Some database driven Oracle enterprise applications use database schema authentication as application authentication. This module was developed so that other applications using the same database can mirror the same authentication. Other appropriate uses would include checking for weak passwords.
About Oracle Database Security
Oracle stores the trimmed encrypted value of the trimmed encrypted value of the SCHEMA + PASSWORD in the [SYS.USER$] table/view. Out of the box Oracle databases use a standard and well know, to the security minded, encryption key. (Oracle calle it a "key", to the security community an initialization vector.)
Installation
$ npm install ram-oracle
Test
$ mocha test
or
$ npm test
Usage
const ram = require('ram-oracle');
//.match(<ORACLE SCHEMA>,<ORACLE PASSWORD>,<INPUT PASSWORD>)
let matches = ram.match('JDOE','587F72032A3C828E','password');
console.log('The input matches the Oracle Database password: ' + matches + '.');
let matches = ram.match('JDOE','587F72032A3C828E','incorrect_password');
console.log('The input matches the Oracle Database password: ' + matches + '.');
Thanks
This package was inspired by a couple pieces of work and notes.
- Merit and explination of some concepts => http://seclists.org/pen-test/2000/Nov/198
- (PLSQL) => http://www.petefinnigan.com/tools.htm
- (JAVA) => https://community.oracle.com/thread/1528235
- (Ruby) => https://stackoverflow.com/questions/19718060/des3-encryption-ruby-opensslcipher-vs-oracle-dbms-obfuscation-toolkit
License
MIT License, Copyright (c) 2018 Dee Clawson