Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Encryption - Question about the key

RE: Encryption - Question about the key

From: <Jared.Still_at_radisys.com>
Date: Tue, 18 Dec 2001 15:33:38 -0800
Message-ID: <F001.003DF60E.20011218145023@fatcity.com> 






> Can someone see any drawbacks?




What if a satellite falls out of the


sky and hits you on the head?



Or your significant other can't stand


your face for one more day and whacks


you with a frying pan?


( narcissists need not worry )



The point being of course, who will know
how to access the data if you don't show
up for work?



At our site the SA's have a master password
database for that kind of stuff.



Many folks put this kind of thing on a


piece of paper and seal it in an envelope,
and hand it to damagement for safe keeping.



Jared





                                                                                       
                                  
                    "Jamadagni,                                                        
                                  
                    Rajendra"                 To:     Multiple recipients of list 
ORACLE-L <ORACLE-L_at_fatcity.com>        
                    <Rajendra.Jamadagni       cc:                                      
                                  
                    @espn.com>                Subject:     RE: Encryption - Question 
about the key                       
                    Sent by:                                                           
                                  
                    root_at_fatcity.com                                                   
                                  
                                                                                       
                                  
                                                                                       
                                  
                    12/18/01 01:55 PM                                                  
                                  
                    Please respond to                                                  
                                  
                    ORACLE-L                                                           
                                  
                                                                                       
                                  
                                                                                       
                                  








Believe it or not Jared, one of your script gave me following idea (the
wrapper sql for decrypt/encrypt on your site).



    
  
  1.   I have a system users table, I can add a column to store user's key in a
column that only that user has access to.
  
  2.   Create a DBA owned package to handle encryption/decryption.
  
  3.   The key will be picked up in this package and used (maybe I'll use user
key is used to derive the actual key).
  
  4.   The package will be deployed as 'wrapped' in production, so by looking
at
dba_source you won't find much.






I'll have to test this though but I think this will make it a bit more
secure.



The question is "Can I trust myself?" The answer is 'Yes".



Can someone see any drawbacks?



Raj



Rajendra Jamadagni                  MIS, ESPN Inc.


Rajendra dot Jamadagni at ESPN dot com


Any opinion expressed here is personal and doesn't reflect that of ESPN
Inc.



QOTD: Any clod can have facts, but having an opinion is an art!
(See attached file: ESPN_Disclaimer.txt)






ESPN_Disclaimer.txt


Description: Binary data





Received on Tue Dec 18 2001 - 17:33:38 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US