Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: [Q] Security Paranoia....
Comments embedded.
"Donovan J. Edye" <donovan_at_namsys.com.au> wrote in message
news:3b8c8a05.687194223_at_can-news.tpg.com.au...
> So is it possible to:
>
> - Encrypt the data in the database
> - Still write SQL such as SELECT * FROM MyTable WHERE AField = 'blah'
> within the stored procedures
> - Encrypt the stored procedures
Yes. You can encrypt either using your own mechanism or using DBMS_OBFUSCATION_TOOLKIT supplied package. You can also wrap PL/SQL code.
> In short I don't want the dba or any other super user to be able to
> interact or see the data in the db in any way (tables, stored procs
> etc)
I would strongly suggest that this is an unreasonable request. The DBA is responsible for the integrity of your data and the performance and reliability of your database. If you deny them the access they need they will not be able to do their job properly. I note moreover that you are not posting from a military or other sensitive organisation but from a software supplier. I find it incredibly hard to believe that this is really a requirement for Namadgi Systems. In short Paranoia would appear to be the exact right term to describe this requirement. I would hope that your DBA would point blank refuse to support this suggestion and leave you to get on with it on your own. If you don't trust them why should they trust you to produce reliable scalable code? Incidentally SELECT * FROM MyTable WHERE AField = 'blah' isn't nearly as good as SELECT * FROM MyTable WHERE AField = :1 for example.
> and only want external users to access the data from a stored
> procedure interface. Users would be granted access to the stored
> procedure interface via a specified user name and password. The only
> things they would be able to see would be the stored procedures and
> execute them, but not the content of the stored procedures.
This is fair enough. Many web sites for example work in exactly this way.
I realise that this is a strongly worded post, it isn't intended as personal abuse and I hope it doesn't get taken that way.
-- Niall Litchfield Oracle DBA Audit Commission UKReceived on Wed Aug 29 2001 - 03:29:56 CDT