Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> Question re Security and TDE

Question re Security and TDE

From: William Wagman <>
Date: Thu, 3 May 2007 13:46:31 -0700
Message-ID: <>


The managers here have made a decision to implement TDE in order to encrypt data to be in compliance with campus cyber safety policies. As I understand TDE there are still a lot of security holes and that all it really gains one is that data is encrypted but if someone knows what they are doing it is still fairly easy to get at it. I am listing my concerns here and would be interested in knowing whether or not there is something I have missed.

  1. Granted, data is encrypted in data files and in the backups but anyone who has access to the database and encrypted data via SQLPLUS can still see the data unencrypted. Sure, security within the database could be enforced using other techniques but shouldn't this be done anyway?
  2. If someone were to get hold of data files or backups they would need the wallet in order to decrypt the data. It is a simple matter to go to the sqlnet.ora file as the location of the wallet must be specified there and that will point them to the location of the wallet. I think the wallet could be stored on another machine so two machines would have to be hacked but even so.
  3. If the wallet is to be opened upon restart of the database instance there are two choices. One, set the wallet open with auto login but then if someone finds and steals the wallet they can decrypt the data without need for the password. I think one almost *has* to do this in a RAC environment since one node can decide at any time that it is going to restart itself and one would want the wallet to open on instance restart. The second technique is to put the sql statement alter system set wallet open identified by password; in a startup script but then the wallet password is in plain text in a startup script. Which is worse of these two alternatives. I must admit, I don't know where one would put this statement in a set of RAC startup scripts which I why I set the wallet to auto open.

 I guess to me TDE is sort of like locking the front door of your house, hiding the key under the mat (or maybe at a neighbor's house) and then leaving a sign somewhere telling someone where the key is. Granted that is a simplification.

So, I would be interested in anyone's feedback or knowing if there is something about TDE that I have missed.


Bill Wagman
Univ. of California at Davis
IET Campus Data Center
(530) 754-6208

Received on Thu May 03 2007 - 15:46:31 CDT

Original text of this message