Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Where to keep encryption key , DB?
"NetComrade" <andreyNSPAM_at_bookexchange.net> wrote in message
news:3bc7405b.2778536704_at_news.globix.com...
> We are planning to store credit card #'s in our database..
>
> We are looking into different options to encrypt CC #'s, one is to use
> oracle's built in dbms_obfuscation_toolkit.
>
> The question is, where do we store the encryption key?
>
> I thought of creating a separate account in the db just to hold that
> function, and just grant execute on it to a user that needs to execute
> it, but not see the code of the function.. The thing is, if you grant
> execute to userB, userB's all_source can see the source of the
> function..
>
> How woud you do it? (or did you already)
>
> If we are to store the key in let's say some C code, that we'd have to
> redploy our application each time we are changing the key..
>
> BTW, what are the general industry standards to change the key (how
> often, etc, etc)
>
> Any help is greatly appreciated.
> .......
> We use Oracle 8.1.6-8.1.7 on Solaris 2.6, 2.7 boxes
> Andrey Dmitriev eFax: (978) 383-5892 Daytime: (917) 750-3630
> AOL: NetComrade ICQ: 11340726 remove NSPAM to email
Oracle has a wrap utility which allows you to store the code compiled and
encrypted instead of plain ascii text. Most of Oracle's own code is supplied
this way.
Concern dismissed.
Regards,
Sybrand Bakker
Senior Oracle DBA
Received on Fri Oct 12 2001 - 15:59:34 CDT