Hi,
I have some questions about the concepts of encryption in Oracle. Sorry if
they are a bit basic: I'm new to encryption - didn't used to care who could
get at the data before! I'd really appreciate any advise people could give
me with the following:
- I believe that there is no way to simply "switch on" encryption of the
entire database although you can get 3rd party tools which will
encrypt/decrypt data going into/out of the database. Is this correct?
- Given the ability to encrypt the database, what security advantage does
this have over simply having long, hard to crack password security? For
example, if somebody physically steals the hard-drives containing the
database files - but does not know the passwords, how easy would it be for
them to get at the data with/without encryption. Is encrypting the database
worth the effort and processing overhead?
- Where does Oracle Security Server fit into this picture? My
understanding of this is that it provides certification that servers and
clients are who they say they are (to protect against spoofing). However it
does not provide any encryption of data either in the database on the
network (the advanced networking option provides encryption for Net8 I
believe).
Many thanks for any advice,
PS. My env: Oracle 8 / Win NT
Received on Wed Feb 17 1999 - 04:31:04 CST
