Re: Encryption in Oracle Database - Help!!

Pete Sharman <psharman_at_us.oracle.com> writes:

> [1 <text/plain; us-ascii (7bit)>]
> Angana
>
> You can encrypt the data in the database, but you need to provide the encryption and
> decryption routines. What you need to do is write a PL/SQL function that you can call
> on insert (then you can do an insert .... encrypt(column1), column2 etc.) and when
> you do the select to retrieve it you can do a select decrypt(column1), column2 etc.
> You will also need to use the encryption and decryption on any other operation that
> fetches or changes data.
>
> Of course, the encryption and decryption routines add overhead to the insert and
> select statements so there is a performance hit. How much of a performance hit it
> will be is dependent on the work performed by the encryption / decryption routines.
> HTH.
While this would satisfy your company policy it wouldn't be a very good solution. It would mean the data would be decrypted on the server and then reencrypted before being sent to the user. Anyone who gained access to the server could just decrypt the data, so the encryption wouldn't really be buying you any security.

The right solution is to encrypt all data at the client end before even submitting to the server. Then decrypt at the client end. in this situation the server never sees the sensitive data at all. To do this might require a java applet or browser plugin though, I'm not aware of any features of the browsers that allow this type of functionality, though it's a shame, it would actually be useful.

greg Received on Tue Jul 13 1999 - 15:04:42 CDT