Re: Security Question - how do you deal with sensitive information hardcoded in SQL statements
Date: Thu, 5 May 2011 08:06:28 -0700
Message-ID: <BANLkTiktZo32VBeTg+G8yJU+gpjDeiFB7w_at_mail.gmail.com>
On Wed, May 4, 2011 at 6:28 PM, Michael Wehrle <michaelw436_at_gmail.com>wrote:
> Jared, sorry about the link. It looks like they have since moved the Oracle
> By Example series into an Apex site that uses Single Sign On. Go to
> www.oracle.com/technetwork/tutorials/index.html, then click on the link at
> the bottom to access the "learning library". Once you have logged in, you
> can search for "Using Transparent Data Encryption for Database 10g Release
> 2".
>
>
Thanks, I will look for that.
> As far as the patch, it was a one-off for my previous employer. And it took
> lots of support calls, involving VP level and above, finally involving some
> backline engineers to fix the problem. I am not sure what they would do if
> you asked for the same patch, since its not publicly searchable. It never
> hurts to ask about it though, since its truly a security issue for everyone,
> that is not easily worked around.
>
>
Have you tried this in 11g?
It seems to me that failure to encrypt the data in AWR is a bug.
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist
Oracle Blog: http://jkstill.blogspot.com
Home Page: http://jaredstill.com
-- http://www.freelists.org/webpage/oracle-lReceived on Thu May 05 2011 - 10:06:28 CDT