Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Question re Security and TDE

Re: Question re Security and TDE

From: Ghassan Salem <>
Date: Fri, 4 May 2007 10:55:00 +0200
Message-ID: <>

comments in line

On 5/3/07, William Wagman <> wrote:
> Greetings,
> The managers here have made a decision to implement TDE in order to
> encrypt data to be in compliance with campus cyber safety policies. As I
> understand TDE there are still a lot of security holes and that all it
> really gains one is that data is encrypted but if someone knows what
> they are doing it is still fairly easy to get at it. I am listing my
> concerns here and would be interested in knowing whether or not there is
> something I have missed.

  1. Granted, data is encrypted in data files and in the backups but
    > anyone who has access to the database and encrypted data via SQLPLUS can
    > still see the data unencrypted. Sure, security within the database could
    > be enforced using other techniques but shouldn't this be done anyway?

if you give someone the access rights (to use sqlplus, and have the grants on your tables) then yes they could see the plain data, there is no use to encrypt the data if anybody can see it.

2) If someone were to get hold of data files or backups they would need
> the wallet in order to decrypt the data. It is a simple matter to go to
> the sqlnet.ora file as the location of the wallet must be specified
> there and that will point them to the location of the wallet. I think
> the wallet could be stored on another machine so two machines would have
> to be hacked but even so.

if you get the wallet, you still need the password to open it, so there is still some protection, but if this password is easily recoverable (e.g. it is somewhere in a script), then yes your data can be hacked

3) If the wallet is to be opened upon restart of the database instance
> there are two choices. One, set the wallet open with auto login but then
> if someone finds and steals the wallet they can decrypt the data without
> need for the password. I think one almost *has* to do this in a RAC
> environment since one node can decide at any time that it is going to
> restart itself and one would want the wallet to open on instance
> restart. The second technique is to put the sql statement alter system
> set wallet open identified by password; in a startup script but then the
> wallet password is in plain text in a startup script. Which is worse of
> these two alternatives. I must admit, I don't know where one would put
> this statement in a set of RAC startup scripts which I why I set the
> wallet to auto open.

maybe you could put the open statement in a procedure (and use execute immediate), and wrap the procedure, after making sure that the password put in there in such a way as to be hard to recover from the wraped code. you then execute this procedure upon startup

I guess to me TDE is sort of like locking the front door of your house,
> hiding the key under the mat (or maybe at a neighbor's house) and then
> leaving a sign somewhere telling someone where the key is. Granted that
> is a simplification.
> So, I would be interested in anyone's feedback or knowing if there is
> something about TDE that I have missed.
> Thanks.
> Bill Wagman
> Univ. of California at Davis
> IET Campus Data Center
> (530) 754-6208
> --

Received on Fri May 04 2007 - 03:55:00 CDT

Original text of this message