Home » RDBMS Server » Server Administration » Encryption options for Standard editions
Encryption options for Standard editions [message #668741] Tue, 13 March 2018 06:53 Go to next message
adovgan
Messages: 12
Registered: March 2018
Junior Member
Hello,

Could anyone help what data encryption options are available for 11g and 12C standard editions, i.e. row-level, table or tablespace encryption?

Thanks.
Re: Encryption options for Standard editions [message #668742 is a reply to message #668741] Tue, 13 March 2018 06:58 Go to previous messageGo to next message
Roachcoach
Messages: 1571
Registered: May 2010
Location: UK
Senior Member
It'll depend on your requirements. I find management have VERY different ideas about what "encryption" actually means.

What is their expectation?
Re: Encryption options for Standard editions [message #668744 is a reply to message #668741] Tue, 13 March 2018 06:59 Go to previous messageGo to next message
BlackSwan
Messages: 26325
Registered: January 2009
Location: SoCal
Senior Member
Unwilling or incapable to use GOOGLE yourself?

http://lmgtfy.com/?q=data+encryption+options+are+available+for+11g+and+12C+standard+editions%2C
Re: Encryption options for Standard editions [message #668746 is a reply to message #668741] Tue, 13 March 2018 07:01 Go to previous messageGo to next message
John Watson
Messages: 7704
Registered: January 2010
Location: Global Village
Senior Member
You have to do it programmatically. It is straightforward enough: cover your table with a view, and have the view decrypt on SELECT and use INSTEAD OF triggers to encrypt for INSERT and UPDATE.
Re: Encryption options for Standard editions [message #668748 is a reply to message #668746] Tue, 13 March 2018 07:12 Go to previous messageGo to next message
adovgan
Messages: 12
Registered: March 2018
Junior Member
My question is not limited by the Oracle database options. May be there are third-party software products providing similar to Oracle functionality?
Re: Encryption options for Standard editions [message #668749 is a reply to message #668748] Tue, 13 March 2018 07:16 Go to previous messageGo to next message
John Watson
Messages: 7704
Registered: January 2010
Location: Global Village
Senior Member
Quote:
May be there are third-party software products providing similar to Oracle functionality?
We could write one, sell it to CA, and be rich Smile

You need to reply to RC, explaining what you want to achieve. It would be polite to reply, anyway.
Re: Encryption options for Standard editions [message #668750 is a reply to message #668742] Tue, 13 March 2018 07:26 Go to previous messageGo to next message
adovgan
Messages: 12
Registered: March 2018
Junior Member
Roachcoach wrote on Tue, 13 March 2018 06:58
It'll depend on your requirements. I find management have VERY different ideas about what "encryption" actually means.

What is their expectation?
My minimum expectations are to find any available commercial product:

a.compatible to Standard Edition 11g and up
b.providing encryption/decryption for SQL, PL/SQL data types, especially for dates
and numbers
c.with security token encryption feature

Thanks.
Re: Encryption options for Standard editions [message #668753 is a reply to message #668750] Tue, 13 March 2018 07:49 Go to previous messageGo to next message
Roachcoach
Messages: 1571
Registered: May 2010
Location: UK
Senior Member
You're missing my point a little.

What do management expect to see when someone issues "select * from table"? <<<this is usually the management "idea" of "encryption"
Ditto what do they expect when someone cats/strings out of a datafile?
What about redo vectors?
What about backups?

All of these have different answers/requirements in my experience.
Re: Encryption options for Standard editions [message #668754 is a reply to message #668753] Tue, 13 March 2018 07:52 Go to previous messageGo to next message
John Watson
Messages: 7704
Registered: January 2010
Location: Global Village
Senior Member
And more:
What if someone steals the sever and sells it on eBay?
Are there regulatory compliance (PCI, HIPAA, all the othjers) issues?
Third party accreditations and audits?
Re: Encryption options for Standard editions [message #668755 is a reply to message #668753] Tue, 13 March 2018 08:16 Go to previous messageGo to next message
adovgan
Messages: 12
Registered: March 2018
Junior Member
>>What do management expect to see when someone issues "select * from table"? <<<this is usually the management "idea" of "encryption"

Correct. That's the main idea. Obliviously to see encrypted data if user is not authorized to see plain data, and vice versa if he/she is.

>>Ditto what do they expect when someone cats/strings out of a datafile?

(*) If crypto keys aren't provided to/by dba or stored inside database and data are encrypted on row level, at least, I see no big sense to stole even a whole data file.

>>What about redo vectors?

Definitely redo vectors are out management interests. But what wrong with redo vectors if table data are encrypted?

>>What about backups?

The same as for (*)
Re: Encryption options for Standard editions [message #668756 is a reply to message #668754] Tue, 13 March 2018 08:23 Go to previous messageGo to next message
adovgan
Messages: 12
Registered: March 2018
Junior Member
John Watson wrote on Tue, 13 March 2018 07:52
And more:
What if someone steals the sever and sells it on eBay?
Are there regulatory compliance (PCI, HIPAA, all the othjers) issues?
Third party accreditations and audits?
HIPAA says personal healthcare data encryption is "addressable" rather than "required." Thus any data encryption is better than no encryption.

Re: Encryption options for Standard editions [message #668757 is a reply to message #668756] Tue, 13 March 2018 08:25 Go to previous messageGo to next message
Roachcoach
Messages: 1571
Registered: May 2010
Location: UK
Senior Member
So you want to store gobeldegook on disk itself?

It'll certainly pass encryption muster (assuming key management), but you'll set yourself up for some "interesting" performance Smile
Re: Encryption options for Standard editions [message #668758 is a reply to message #668757] Tue, 13 March 2018 08:38 Go to previous messageGo to next message
adovgan
Messages: 12
Registered: March 2018
Junior Member
Roachcoach wrote on Tue, 13 March 2018 08:25
So you want to store gobeldegook on disk itself?

It'll certainly pass encryption muster (assuming key management), but you'll set yourself up for some "interesting" performance Smile
Gobbledygook? Yes, it's (and there will no data files to stole, right?). "Interesting" performance can be overcome via global temporary tables plus indexes. Sure it requires programmers' additional efforts.

Re: Encryption options for Standard editions [message #668759 is a reply to message #668758] Tue, 13 March 2018 09:10 Go to previous messageGo to next message
John Watson
Messages: 7704
Registered: January 2010
Location: Global Village
Senior Member
It sounds as though you want to encrypt data at rest, which is easy if you encrypt the file system. But you don't want transparent decryption, so you can't do it at that level. I do not think you are going to find any third party product that can encrypt when writing data and decrypt selectively according to who the user is. So as you are using Standard Edition, I see only two options:
1. Use views, as I described before, if you are worried about ad-hoc SQLs. Or
2. Permit access to the tables only through PL/SQL APIs.
You are going to have to do some work. Or commission the company I work for to do it for you Smile
Re: Encryption options for Standard editions [message #668762 is a reply to message #668759] Tue, 13 March 2018 09:28 Go to previous messageGo to next message
adovgan
Messages: 12
Registered: March 2018
Junior Member
John Watson wrote on Tue, 13 March 2018 09:10

Or commission the company I work for to do it for you Smile
Thank you for proposition.
Re: Encryption options for Standard editions [message #668764 is a reply to message #668762] Tue, 13 March 2018 09:45 Go to previous messageGo to next message
adovgan
Messages: 12
Registered: March 2018
Junior Member
As I was told in #msg_668744 message to use Google I've just found
FCBCrypto software from http://www.oracleongpu.com/fcbcrypto
Does anyone have experience using it?

Thanks.
Re: Encryption options for Standard editions [message #668770 is a reply to message #668764] Tue, 13 March 2018 16:56 Go to previous messageGo to next message
EdStevens
Messages: 1022
Registered: September 2013
Senior Member
adovgan wrote on Tue, 13 March 2018 09:45
As I was told in #msg_668744 message to use Google I've just found
FCBCrypto software from http://www.oracleongpu.com/fcbcrypto
Does anyone have experience using it?

Thanks.
Concept looks interesting.
A license (beyond the 60 day free trial) costs less than your dept. director spends on a single business luncheon.

However . . .
It is obviously a one-man startup operation based in a country involved in a "civil" war.
Do you want to hang your organization's operations on that?

Re: Encryption options for Standard editions [message #668776 is a reply to message #668770] Wed, 14 March 2018 04:56 Go to previous messageGo to next message
adovgan
Messages: 12
Registered: March 2018
Junior Member
I don't know what to answer. But Redwood is placed near the San Andreas Fault and the largest supervolcano on the Earth. I don't take that into account when I think about future.
Re: Encryption options for Standard editions [message #668781 is a reply to message #668776] Wed, 14 March 2018 06:36 Go to previous messageGo to next message
EdStevens
Messages: 1022
Registered: September 2013
Senior Member
adovgan wrote on Wed, 14 March 2018 04:56
I don't know what to answer. But Redwood is placed near the San Andreas Fault and the largest supervolcano on the Earth. I don't take that into account when I think about future.
Then you are not doing your job in terms of risk assessment and mitigation. I wouldn't worry too much about the volcano, but the Sand Andreas is a very real and proven threat of generating earthquakes that could knock out your data center.

As for the assessment of your proposed software solution, the question is still valid. Do you want to hang your organization's data on a one-man startup? I certainly wouldn't, regardless of the technical merits of the product.
Re: Encryption options for Standard editions [message #668789 is a reply to message #668781] Wed, 14 March 2018 08:23 Go to previous messageGo to next message
adovgan
Messages: 12
Registered: March 2018
Junior Member
EdStevens wrote on Wed, 14 March 2018 06:36

Do you want to hang your organization's data on a one-man startup? I certainly wouldn't, regardless of the technical merits of the product.

Frankly speaking quoted topic is out of my interests and I'm not sure forum's rules allow to discuss not technical questions, but I suppose in case of zero trust (does quality assurance process still exist?) and a presence of necessity in that guy's software for someone, that guy can be hired or that software can be bought as a source code.

Thanks.
Re: Encryption options for Standard editions [message #668816 is a reply to message #668789] Thu, 15 March 2018 06:22 Go to previous message
EdStevens
Messages: 1022
Registered: September 2013
Senior Member
adovgan wrote on Wed, 14 March 2018 08:23

Frankly speaking quoted topic is out of my interests and I'm not sure forum's rules allow to discuss not technical questions, but I suppose in case of zero trust (does quality assurance process still exist?) and a presence of necessity in that guy's software for someone, that guy can be hired or that software can be bought as a source code.

Thanks.
You asked for an assessment of the product and I gave you mine. That is not out of topic for the forum.
And my considered professional advice (I've been in this business over 37 years) is that when considering a product you need to look at it for more than just the technical merits.
That guy can be hired? You think so?
Buy the source code? Good luck with that. And good luck actually using it if you can buy it.
Previous Topic: UNDO TABLESPACE
Next Topic: Materialized join view with an IOT
Goto Forum:
  


Current Time: Tue Dec 18 16:23:04 CST 2018