Re: data masking
Date: Mon, 4 Aug 2008 21:24:40 +0800
Message-ID: <5e3048620808040624r78fa82b2lf447b0ad287ca20a@mail.gmail.com>
>> We need ship an entire schema to another site. Some data is sensitive,
>> which we'd like to mask with substitution. Our requirements are:
>>
>> 1. Table-Table Data Synchronization
>>
>> A column is a join key to a column in one (or more) other tables. This
>> means data
>>
>> masked in one table must have synchronized data changes in a number of
>> others.
>>
>> For example, changes to the EMPLOYEE_NUMBER column in one table must
>> trigger identical changes in other tables.
>>
>> 2. Consistent Masking
>>
>> We have to ensure that the output is consistent across multiple runs. In
>> practice this means that if the name of employee Joe Smith gets changed to
>> Bill Jones then the next time the database is cloned and sanitized Joe Smith
>> should again appear as Bill Jones.
>>
>>
>>
>> I wonder if there some existing scripts that I can download to do this.
>> If not, could someone recommend a good tool?
>>
>>
>>
>> Dave
>>
You're always up against the sensitivity versus usefulness issue. For example, if you insist on your requirement (2), then your masker is 1-to-1 which means it would be relatively straightforward using frequency analysis to unmask your data.
We "rolled our own" masker, using randomised character translations, made repeatable by using dbms_random.seed. Its not too difficult to do with a little bit of plsql.
-- Connor McDonald =========================== email: connor_mcdonald_at_yahoo.com web: http://www.oracledba.co.uk "Semper in excremento, sole profundum qui variat" -- http://www.freelists.org/webpage/oracle-lReceived on Mon Aug 04 2008 - 08:24:40 CDT