| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: security question
Ban Spam <ban-spam_at_operamail.com> writes:
> Richard Piasecki <ogo_at_mailcity.com> wrote in
> news:s912stccue9c0433akf3rnab9p9tg2piu6_at_4ax.com:
>
> > Greetings.
> >
> > I'm currently working for a company that has recently become concerned
> > about protecting its intellectual property from its customers. The
> > software product the company produces uses an Oracle database, and the
> > company now wishes to hide the database schema from customers that
> > buy the product.
> >
> > I've informed my company that I think this request is impossible to
> > implement. Since the "system" user can view all the objects in the
> > database, preventing access to the account that owns the schema is
> > not enough. Access to the "system" user must also be prevented. That
> > would mean that my company would need to provide full database
> > administration services to the customer and prevent the customer
> > from accessing the database (or the computer system on which the
> > database runs) in any way.
> >
> > Before I stick to my guns on this subject, I want to go to all the
> > Oracle experts out there and find out if my assertions are correct.
> > So, is there any way to prevent the "system" user from viewing the
> > schema of another user?
> >
> > I have no experience with Trusted Oracle, but I do have a background
> > in computer security. If Trusted Oracle is certifiable at the B2
> > level, then it can probably do this. Does anyone know that this is
> > true?
> >
> >
> > --- Rich
> >
> >
> >
>
> I'm willing to bet you, that ANYTHING you configure on MY system,
> where I have root/administrator privs, I can compromise.
>
> Want to bet? I'll even give you odds if you are willing
> to bet enough to make it worth my while.
Hiding data is possible using encryption. However, hiding a schema is
impossible.
Trusted Oracle (now obsolete, BTW, replaced by Oracle Label Security) is rated at B1, not B2. In any event, it uses the same basic mechanisms as regular Oracle, so hiding a schema is not possible there, either.
Rick
--
Rick Wessman
Security Assurance Group
Oracle Corporation
Rick.Wessman_at_oracle.com
The opinions expressed above are mine and do not necessarily reflect
those of Oracle Corporation.
Received on Wed Oct 10 2001 - 02:44:51 CDT
 |
 |