Re: Dropping tables/Partitions with Purge... is data really gone?
Date: Mon, 8 Apr 2013 16:50:19 -0300
Message-ID: <CAJ2dSGRpAHyyr8GQZfK_ecz_4E=QJ=Oo4i6ZObBDUpXCAMsajg_at_mail.gmail.com>
The data is not really gone. The only thing purge does is bypass the recyclebin, but you have the same problem you do when deleting an OS file. The way to access the data is gone, but the actual blocks where the data was stored are not really changed. You may want to zero out the data before dropping the partitions, but that doesn't really guarantee the data will be gone either (see row migration). If you are using TDE the data is encrypted and not really recoverable with OS tools. You may want to shrink the datafiles after the drop and then use an OS cleanup tool on the free space. I haven't seen this as a requirement even in PCI databases, but there may be things that are even more sensitive.
Alan.-
On Mon, Apr 8, 2013 at 3:58 PM, Dba DBA <oracledbaquestions_at_gmail.com>wrote:
> 2 versions: Oracle 10.2, Oracle 11.2 (different DBs).
> OS: Redhat, Solaris, HP, IBM AIX (not sure on versions, but could be on any
> of these OSs).
> If we drop a partition with the purge option, is the data gone? When you do
> a delete from the OS (particularly in windows) it is possibly to recover
> the data.
> I have sensitive data that needs to be permanently gone. We are encrypting
> the data using transparent data encryption. However, some security guys
> will probably run some tools to look at the hard drives to make sure the
> data cannot be recovered.
>
> When oracle drops a table or a partition with purge it does a DDL, so I
> know it updates the data dictionary tables, but what does it do to make
> sure the data is really gone from the datafiles? To pass a security check I
> need to make sure the data is really gone.
>
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>
-- http://www.freelists.org/webpage/oracle-lReceived on Mon Apr 08 2013 - 21:50:19 CEST