| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Securing the Database Structure
Hi
It isn't possible to hide the structure of the database successfully, as your customers DBA will access the database and can query its structure - tables, indexes, constraints etc from the dictionary and work out how quite a lot of your tables interact. That said if you want to make it difficult then obfuscate all the table names, index names etc, i.e. don't use a table called EMPLOYEE_SALARIES use a table called say HH1. Do not name columns where there is a join with the same name in two different tables. ensure you wrap any PL/SQL and make sure your applications source cannot be read. To make it harder to infer joins between tables don't implement constraints in the database do it in the application (bad).
Anyone with some little effort should be able to construct an entity diagram either manually or using a tool. You cannot wrap views so joins can be extrapolated from those, also setting trace in the database or SQL*Net trace for a period of time and use of your application would extract enough SQL to give someone a good idea of how your entity relationships work..
I think you are wasting your time to try and hide the database structure!
hth
kind regards
Pete
-- Pete Finnigan email:pete_at_petefinnigan.com Web site: http://www.petefinnigan.com - Oracle security audit specialists Book:Oracle security step-by-step Guide - see http://store.sans.org for details.Received on Wed Jul 23 2003 - 10:58:57 CDT
 |
 |