| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.misc -> Re: [Q] Security Paranoia....
"Donovan J. Edye" <donovan_at_namsys.com.au> wrote in message
news:3b8c8a05.687194223_at_can-news.tpg.com.au...
> G'Day,
>
> I am the database owner of a database called MyDB but not the database
> adminisitrator for the oracle server. The information that is
> contained in MyDB is sensitive needs to be secured from prying eyes.
> The only access to the database would be via a set of stored
> procedures.
>
> So is it possible to:
>
> - Encrypt the data in the database
> - Still write SQL such as SELECT * FROM MyTable WHERE AField = 'blah'
> within the stored procedures
> - Encrypt the stored procedures
>
> In short I don't want the dba or any other super user to be able to
> interact or see the data in the db in any way (tables, stored procs
> etc) and only want external users to access the data from a stored
> procedure interface. Users would be granted access to the stored
> procedure interface via a specified user name and password. The only
> things they would be able to see would be the stored procedures and
> execute them, but not the content of the stored procedures. If this is
> achievable then are there any other additional considerations should
> this database participate in replication?
>
> TIA
>
> -- Donovan
> donovan_at_namsys.com.au
If you don't want the dba to see or interact with the data you should fire
him, or become a dba yourself.
The nature of the dba function is that he/she needs to see all data (and can
not be, by design, get shut out from that).
But then again, you could ask why your company should trust you, and why you
place so much distrust in others.
The stored procedure mechanism works, and stored procedures can be 'wrapped', which stores them as basically p-code in the database instead as of the plain source text.
I believe that most people being paranoia about data forget about the most
simple security measures: like not using easy to guess passwords, not using
one single password for all users with administrative privileges, not using
hardcoded passwords in scripts
(BTW if you are running NT/Win2k, you *will* have the hardcoded internal
password in the database startup script, but then of course your server is
so perfectly guarded no one can access it), and above all change those
passwords frequently.
There used to be a product called SecureOracle, which is basically Oracle
with extra security added, so you can apply a thing called 'MLSLABEL' to
when necessary individual records. I don't know whether Oracle still sells
it, it might be worth looking into it.
However, to repeat, if you think you can't trust your dba, better move that
database to your own laptop, and assume responsibility yourself.
DBAs are hired to deal with sensitive data.
Regards,
Sybrand Bakker, Senior Oracle DBA Received on Wed Aug 29 2001 - 02:24:44 CDT
 |
 |