| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: using obfuscation
I do have an index on the unencrypted SENSITIVE_DATA.
>> Does it look something like
>> select *
>> from original_table
>> where decrypt(sensitive_data) = 'CLEAR TEXT'
Yes but the call to decrypt(sensitive_data) is embedded in the view.
An index on the function means the unencrypted sensitive data is still in the index.
-----Original Message-----
From: Jared.Still_at_radisys.com [mailto:Jared.Still_at_radisys.com] Sent: Monday, September 09, 2002 6:04 PM To: Multiple recipients of list ORACLE-L Subject: Re: using obfuscation
Randy,
Do you have an index on SENSITIVE_DATA?
Also, you didn't include the long running query.
Does it look something like
select *
from original_table
where decrypt(sensitive_data) = 'CLEAR TEXT'
?
That requires a full table scan, unless you build a functional index with the clear text of the sensitive_data.
But if you do that, your data won't really be secure, as the clear text will now be in an index.
Jared
"Steiner, Randy" <RASTEIN_at_NYCT.com>
Sent by: root_at_fatcity.com
09/09/2002 02:43 PM
Please respond to ORACLE-L
To: Multiple recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>
cc:
Subject: using obfuscation
Hi all,
I have downloaded the Metalink Notes on implementing dbms_obfuscation. I
am
using multiple front ends on the database, so the way I plan to implement
the de-encryption is with a de-encrypt function in a view.
Create View my_data
AS
Select de_encrypt(sensitive_data) AS sensitive_data
,other_data
FROM original_table
;
If I select from the view with a where clause on other_data, the response time is fine. If I select from the view with a where clause on sensitive_data, I do a full table scan and which takes about 15 minutes. The de-encrypt function is copied from a Metalink note, nothing fancy.
Since I have various front ends, I can not de-encrypt the data in the
front
end. The only way I can think of is with the function in a view, but the
response time is unacceptable. Does anyone have any thoughts on this?
Thanks
Randy
-- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Steiner, Randy INET: RASTEIN_at_NYCT.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: Jared.Still_at_radisys.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You mayReceived on Tue Sep 10 2002 - 07:27:16 CDT
 |
 |