RE: data exchange between oracle and sqlserver

From: Goulet, Richard <>
Date: Thu, 2 Feb 2012 15:51:40 +0000
Message-ID: <>

From my reading of this it appears that the PII is needed by the third parties for their business purposes. That being the case an encryption/masking option doesn't work very well when pulling the data unless you can undo it on the other side. At the same time I agree with the developer that it should not be laying around on a server or laptop where it is vulnerable to unauthorized exploitation. And I assume that those files have to be somewhere where the outside third party can access them. That gives you basically three options; 1) encrypt the files immediately after creation using a key that you can share with the third party, 2) placing the files on a secured share and then transfer them via https again using a cypher key, 3) creating the files then allowing the third party to sftp the files to their site using a cypher key. We've used approach 2 and 3 over here depending on the third parties choices and they work very well. Course you should probably have some Uni  x based system experts who can lock down the server in the DMZ as we have.

Richard Goulet
Senior Oracle DBA/Na Team Leader

-----Original Message-----

From: [] On Behalf Of Eren Bayazitoglu Sent: Wednesday, February 01, 2012 3:32 PM To:; oracle_l
Subject: RE: data exchange between oracle and sqlserver

Hello Joan,

We've come across with these type of sensitive information projects and have helped many clients through our data masking technologies.

The way it works is that, the data is scanned to automatically discover and categorize as sensitive (as per PCI, HIPAA, etc.) and mask (aka anonymize, de-identify, etc.) so it's no longer sensitive, but realistic enough to run accurate testing and QA.

Referential integrity is preserved throughout this process and it can be configured so that each individual data is always masked to the same masked data, over time and across multiple data bases, including Oracle and SQL.

Please feel free to download the Best Practices White Paper on or let me know if you have any questions.


Eren Bayaz
Data Security Consultant

Camouflage Software Inc.
T: 709.722.1200 x214   F: 709.576.6775
Toll Free: 1.866.345.8888
66 Kenmount Road . St. John's . NL . Canada . A1B 3V7

Notice - This message and any attached files may contain information that is confidential and/or subject of legal privilege intended only for use by the intended recipient.  If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, be advised that you have received this message in error and that any dissemination, copying or use of this message or attachment is strictly forbidden, as is the disclosure of the information therein.  If you have received this communication in error, please notify the sender immediately and delete this communication from your mail box.

-----Original Message-----

From: [] On Behalf Of Hsieh, Joan Sent: Wednesday, February 01, 2012 3:05 PM To: oracle_l
Subject: data exchange between oracle and sqlserver

Hi list,

The following is the question from our developer who is looking for a solution for the new system and business requirement. He proposed ODBC gateway, ETL tools. I would greatly appreciated if you can provide any other ideas.



We are looking into integrating PeopleSoft Campus Solutions (aka PSCS and new SIS) with various third parties. Some of these will be done using XML messages over HTTP. Unfortunately we still have vendors who rely on files or table load mechanisms only.

One of the critical integrations is between Financial Aid's PowerFAIDS (SQL Server db) and PSCS. This software works only through inserting data into an interface table or through file loads (which then load the same interface table). All outbound interfaces are through queries which generate file exports. We are trying to avoid the file exports.

We are trying to eliminate file base integration as it is insecure and requires the use of shared drives. These files will contain legally protected Personal Identifiable Information which should not be lying around on servers or people's computers.

Business requirements require the exchange of information twice per business day for some interfaces, or once per day for others (which is why I think the ETL method would work adequately).



-- Received on Thu Feb 02 2012 - 09:51:40 CST

Original text of this message