| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: Re[2]: How to make DBA cannot 'see' User's Tables?
I could see a reason to encrypt the data so that "even a DBA can not see it". Our company has formulas and mixtures that are kept extremely confidential. Very few people need to know, very few people do know. In addition, those "in the know" have determined that we need a central repository for this information, such as a database. Once the info is loaded and encrypted "so that even a DBA can not see it", the data should be safe from interior eyes (employees) and exterior eyes (hackers). This may not be the best method to secure the information, but it is one that we have considered. And I do feel that they trust me here with their data even if I could not view it. If they didn't, I'm sure I would be looking for another job.
Mark Willett
Corporate Database Administrator
Sunnen Products Company
E-mail: mwillett_at_sunnen.com ---------------------------------------------------------------------------- ----------------
-----Original Message-----
Sent: Thursday, May 17, 2001 1:07 PM
To: Multiple recipients of list ORACLE-L
Yes you can encrypt the data, or you could invest in Trusted Oracle. But
the
question really becomes one of what are you trying to do. If the problem is
that you question the integrity of the DBA that becomes a management
problem.
On the other hand, if you don't question his/her integrity then what's the
problem? Most DBA's that I know of, myself included, don't have the time
and/or
inclination to browse through application data no matter how sensitive it
may
be. And on top of all that, the data in your database is not your personal
property, but the property of your employer and the DBA is one of his
employees.
He/she just happens to have GOD privileges and is intrusted with the
security
and integrity of all of the data. That's why he/she has those privileges.
Dick Goulet
____________________Reply Separator____________________ Author: Paul Drake <paled_at_home.com> Date: 5/16/2001 9:55 PM
"A. Bardeen" wrote:
>
> You can encrypt using only a 56-bit key (the key
> length limitation is a requirement of US regulations
> governing the export of cryptographic products).
>
> HTH,
>
> -- Anita
Hi Anita.
Ahmadsyah,
I believe that you also have to pad the string to a length that is a
multiple of 8 characters.
Your key string was 10 characters.
here's the obligatory link to the fine manual: (that includes a code
example)
http://technet.oracle.com/doc/oracle8i_816/server.816/a76936/dbms_obf.htm#65
18
Paul
>
> --- Ahmadsyah Algozhi Nugroho <aan_at_nwa.iao.co.id>
> wrote:
> > I'm using Oracle 8.1.7.
> > there was an error
> > ERROR at line 1:
> > ORA-28232: invalid input length for obfuscation
> > toolkit
> > ORA-06512: at "SYS.DBMS_OBFUSCATION_TOOLKIT_FFI",
> > line 0
> > ORA-06512: at "SYS.DBMS_OBFUSCATION_TOOLKIT", line
> > 33
> > ORA-06512: at "SCOTT.IAO_PROTECT", line 15
> > ORA-06512: at line 1
> >
> > I check thath my key and my input string is
> > varchar12(10).
> > Key = 0123456789
> > input string = 'testtestte'
> >
> > dbms_obfuscation_toolkit.desencrypt (
> > input_string => 'testtestte'
> > , key_string => '1234567890'
> > , encrypted_string => vEncrypted
> > );
> > Am I forget something?
> >
> > TIA,
> >
> >
> > Ahmadsyah Alghozi Nugroho
> > Database Engineering Specialist
> > PT Infoglobal AutOptima
> > Jl. Baruk Tengah I/49
> > Surabaya - Jawa Timur
> > phone : +62 (31) 8708456 ext.113
> > > From: Srinagesh Battula
> > [mailto:sbattula_at_vcommerce.com]
> > > Sent: Thursday, May 17, 2001 7:26 AM
> > > To: Multiple recipients of list ORACLE-L
> > > Subject: RE: How to make DBA cannot 'see' User's
> > Tables?
> > >
> > >
> > >
> > > You can encrypt & Decrypt data using the
> > > DBMS_OBFUSCATION_TOOLKIT package
> > > (comes with 8.1.6)
> > >
> > > Srinagesh "What do I know any way" Battula
> > >
> > > > -----Original Message-----
> > > > From: Khedr, Waleed
> > [mailto:Waleed.Khedr_at_FMR.COM]
> > > > Sent: Wednesday, May 16, 2001 4:21 PM
> > > > To: Multiple recipients of list ORACLE-L
> > > > Subject: RE: How to make DBA cannot 'see' User's
> > Tables?
> > > >
> > > >
> > > > Data Encryption?
> > > >
> > > > -----Original Message-----
> > > > Sent: Wednesday, May 16, 2001 7:01 PM
> > > > To: Multiple recipients of list ORACLE-L
> > > >
> > > >
> > > >
> > > > Dear gurus,
> > > > How to make DBA cannot 'see' user's datas?
> > > > I build an application which very important and
> > top secret
> > > > even DBA cannot
> > > > 'see' this data. But DBA can backup this
> > data.What is the
> > > > solution for this
> > > > problem?
> > > >
> > > > TIA,
> > > >
> > > >
> > > > Ahmadsyah Alghozi Nugroho
> > > > Database Engineering Specialist
> > > > PT Infoglobal AutOptima
> > > > Jl. Baruk Tengah I/49
> > > > Surabaya - Jawa Timur
> > > > phone : +62 (31) 8708456 ext.113
> > > >
> > > > --
> > > > Please see the official ORACLE-L FAQ:
> > http://www.orafaq.com
> > > > --
> > > > Author: Khedr, Waleed
> > > > INET: Waleed.Khedr_at_FMR.COM
> > > >
> > > > Fat City Network Services -- (858) 538-5051
> > FAX: (858) 538-5051
> > > > San Diego, California -- Public Internet
> > access /
> > > Mailing Lists
> > > >
> >
> --------------------------------------------------------------------
> > > > To REMOVE yourself from this mailing list, send
> > an E-Mail message
> > > > to: ListGuru_at_fatcity.com (note EXACT spelling of
> > 'ListGuru') and in
> > > > the message BODY, include a line containing:
> > UNSUB ORACLE-L
> > > > (or the name of mailing list you want to be
> > removed from). You may
> > > > also send the HELP command for other information
> > (like subscribing).
> > > >
> > > --
> > > Please see the official ORACLE-L FAQ:
> > http://www.orafaq.com
> > > --
> > > Author: Srinagesh Battula
> > > INET: sbattula_at_vcommerce.com
> > >
> > > Fat City Network Services -- (858) 538-5051
> > FAX: (858) 538-5051
> > > San Diego, California -- Public Internet
> > access / Mailing Lists
> > >
> >
> --------------------------------------------------------------------
> > > To REMOVE yourself from this mailing list, send an
> > E-Mail message
> > > to: ListGuru_at_fatcity.com (note EXACT spelling of
> > 'ListGuru') and in
> > > the message BODY, include a line containing: UNSUB
> > ORACLE-L
> > > (or the name of mailing list you want to be
> > removed from). You may
> > > also send the HELP command for other information
> > (like subscribing).
> > >
> >
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Auctions - buy the things you want at great prices
> http://auctions.yahoo.com/
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> --
> Author: A. Bardeen
> INET: abardeen1_at_yahoo.com
>
> Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
> San Diego, California -- Public Internet access / Mailing Lists
> --------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
-- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Paul Drake INET: paled_at_home.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: dgoulet_at_vicr.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Willett, Mark INET: mwillett_at_sunnen.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Thu May 17 2001 - 15:01:55 CDT
 |
 |