Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Newbie Database Encryption Question

Re: Newbie Database Encryption Question

From: Jim Kennedy <Jim_Kennedy_at_MedicaLogic.com>
Date: Wed, 17 Feb 1999 04:38:56 -0800
Message-ID: <fMyy2.34872$202.16596075@news1.teleport.com> 





The advanced Networking option will encrypt the bytes traveling across the
wire.  I believe Oracle Security Server fits into this arena.  As for
encrypt the actual bytes on the drive, not sure you need to.  Sure if
someone steals the hard drive out of the machine it is possible to get
Oracle up and running and reading that information.  Yes, you could crack
the security (because you would be the administrator of the machine) and
access the data.  But you should have the machine secured.  Users do not
need to access the physical machine nor do they need access via a network to
the hard drives to access the data.  So if you have a reasonable potential
of the machine being stolen then that is something that should be addressed
first.



Jim


Bill Buchan wrote in message <7ae5jo$gjg$1_at_phys-ma.sol.co.uk>...


>Hi,


>


>I have some questions about the concepts of encryption in Oracle.  Sorry if


>they are a bit basic:  I'm new to encryption - didn't used to care who


could


>get at the data before! I'd really appreciate any advise people could give


>me with the following:


>


>1. I believe that there is no way to simply "switch on" encryption of the


>entire database although you can get 3rd party tools which will


>encrypt/decrypt data going into/out of the database.  Is this correct?


>


>2. Given the ability to encrypt the database, what security advantage does


>this have over simply having long, hard to crack password security?  For


>example, if somebody physically steals the hard-drives containing the


>database files - but does not know the passwords, how easy would it be for


>them to get at the data with/without encryption.  Is encrypting the


database


>worth the effort and processing overhead?


>


>3. Where does Oracle Security Server fit into this picture?  My


>understanding of this is that it provides certification that servers and


>clients are who they say they are (to protect against spoofing).  However


it


>does not provide any encryption of data either in the database on the


>network (the advanced networking option provides encryption for Net8 I


>believe).


>


>Many thanks for any advice,


>


>- Bill Buchan


>


>PS. My env: Oracle 8 / Win NT


>


>




Received on Wed Feb 17 1999 - 06:38:56 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US