Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Encryption
Hello,
I am working with a team to implement a third party application. The data
that will be contained in these tables and indexes are considered very
sensitive. I have been asked to encrypt the sensitive data.
I have read several places in the 9i manuals (yes the database is 9i on
HP-UX 64 bit). I have read several white papers available on Metalink. I
have saved the
examples of procedures to encrypt and decrypt.
Here are my questions: I could not find a white paper or entry in any of
the 9i manuals that tells how the procedures are invoked. I presume that a
trigger
would have to be used. Is this correct? If it is, where might I look to
find an example of such a trigger? We do not have a license for the
Advanced Security option. This is why I am looking to use the obfuscation
package.
I also found an example of encrypting numeric data on Metalink. To encrypt
numeric data it has to be treated as a character string. This could be
interesting
when it comes to manipulation of the data.
The application owner expects all sensitive data to be encrypted. Can
anyone
suggest how to communicate (in a language he will understand) that it may
not be desirable to encrypt some data? If sensitive data exists in an index
then the index is not usable. Another potential problem is performance
degradation. Given this is a purchased application, the vendor is not very
likely to modify the code so it can be easily encrypted/decrypted.
Does documentation exist that provides suggestions for tuning when encryption is used?
Any help is greatly appreciated.
If possible, please reply to my email address.
Jim Russell
Oracle DBA
jamesrussell_at_charter.net Received on Sat Jun 07 2003 - 13:00:38 CDT