Home » RDBMS Server » Security » Prevent DBA to change password of owner of encrypted data
Prevent DBA to change password of owner of encrypted data [message #260936] Tue, 21 August 2007 05:24 Go to next message
aydenise
Messages: 6
Registered: April 2007
Location: HK
Junior Member
Dear all,

We are using DBSec to enrypt the database data but the ecrypted database data are owned by one user.

As we think that DBA can change the password of the user, then the DBA can also access these sensitive data.

Is there any method to prevent this case ?

Please advice.

Denise
Re: Prevent DBA to change password of owner of encrypted data [message #260941 is a reply to message #260936] Tue, 21 August 2007 05:30 Go to previous messageGo to next message
ebrian
Messages: 2794
Registered: April 2006
Senior Member
Data Vault.
Re: Prevent DBA to change password of owner of encrypted data [message #260942 is a reply to message #260936] Tue, 21 August 2007 05:30 Go to previous messageGo to next message
Michel Cadot
Messages: 68722
Registered: March 2007
Location: Saint-Maur, France, https...
Senior Member
Account Moderator
If the data are encrypted what is the problem?
Is this not the purpose of encryption to prevent from knowing what are the data even if they are stealed?

Regards
Michel
Re: Prevent DBA to change password of owner of encrypted data [message #261134 is a reply to message #260942] Tue, 21 August 2007 23:16 Go to previous messageGo to next message
aydenise
Messages: 6
Registered: April 2007
Location: HK
Junior Member
Hi,

The purpose of guarding the DBA from changing the password of the user account controlling the encrypted data in order to prevent the DBA to access the sensitive information.

Thanks.

Denise
Re: Prevent DBA to change password of owner of encrypted data [message #261170 is a reply to message #261134] Wed, 22 August 2007 01:38 Go to previous messageGo to next message
Michel Cadot
Messages: 68722
Registered: March 2007
Location: Saint-Maur, France, https...
Senior Member
Account Moderator
You repeat the same sentence, I repeat mine:
Which sensitive information? If the data are encrypted then no one has access to sensitive information just to encrypted data which can't be considered as sensitive unless you have a poor encryption algorithm.

By the way, DBA does not need access to a user to get data in any of his tables.

Regards
Michel
Re: Prevent DBA to change password of owner of encrypted data [message #261453 is a reply to message #261170] Wed, 22 August 2007 11:41 Go to previous messageGo to next message
DreamzZ
Messages: 1666
Registered: May 2007
Location: Dreamzland
Senior Member
I'm lost the OP talking about the DBA or he want to restrict user? Idea
Re: Prevent DBA to change password of owner of encrypted data [message #261467 is a reply to message #261453] Wed, 22 August 2007 12:16 Go to previous message
Michel Cadot
Messages: 68722
Registered: March 2007
Location: Saint-Maur, France, https...
Senior Member
Account Moderator
So am I and ask many times for precisions but got none.

Regards
Michel
Previous Topic: ORA-01031: insufficient privileges
Next Topic: Protecting sensitive info from client to Oracle Server location
Goto Forum:
  


Current Time: Fri Dec 13 00:03:04 CST 2024