RE: Encryption - Question about the key

From: Jamadagni, Rajendra <Rajendra.Jamadagni_at_espn.com>
Date: Tue, 18 Dec 2001 14:41:55 -0800
Message-ID: <F001.003DF55B.20011218135520@fatcity.com>

Believe it or not Jared, one of your script gave me following idea (the wrapper sql for decrypt/encrypt on your site).

1. I have a system users table, I can add a column to store user's key in a column that only that user has access to.
2. Create a DBA owned package to handle encryption/decryption.
3. The key will be picked up in this package and used (maybe I'll use user key is used to derive the actual key).
4. The package will be deployed as 'wrapped' in production, so by looking at dba_source you won't find much.

I'll have to test this though but I think this will make it a bit more secure.

The question is "Can I trust myself?" The answer is 'Yes".

Can someone see any drawbacks?

Raj

---

Rajendra Jamadagni MIS, ESPN Inc. Rajendra dot Jamadagni at ESPN dot com
Any opinion expressed here is personal and doesn't reflect that of ESPN Inc.

QOTD: Any clod can have facts, but having an opinion is an art!

*********************************************************************2

This e-mail message is confidential, intended only for the named recipient(s) above and may contain information that is privileged, attorney work product or exempt from disclosure under applicable law. If you have received this message in error, or are not the named recipient(s), please immediately notify corporate MIS at (860) 766-2000 and delete this e-mail message from your computer, Thank you.

*********************************************************************2
Received on Tue Dec 18 2001 - 16:41:55 CST