Re: Encryption

You are trying to use inadequate tools. You absolutely need advanced security for things like that. You also need physical security and you must control access at all cost. This means that there shouldn't be any internet connection and that network connection should be switched on, data that can be replicated gets replicated and the network connection is shut down. Using the obfuscation toolkit from a trigger would only compromise security because it would give you a false sense of security. Encryption key would be written in the trigger and anyone able to get hold of the trigger source would be able to crack your little scheme open. There are cheap security solutions. Your business has to answer the question of how much would they lose if the data was stolen. The answer to that question would drive the investment into security. So, do the following:

1. Lock the box with the database well. (cameras, alarms, guards, bio-access)
2. Remove all unnecessary users from the box. Remove the box from the internet.
3. Keep the number of database users to the minimum. Enforce strong passwords. Everybody wants to be like Mike, but "Mike" is not a good password.
4. Put all the client systems in the same room. Lock the BIOS, disable booting from CD, remove floppy drives. Secure the PC's properly.
5. Control the physical access to the client computers. Make sure that nobody walks in the room with a laptop.

Physical security is a paramount. If your system is physically secure and you can control who accesses it, you have done 90% of your work. Probability that a hacker will get in after killing all the guards in a spectacular karate fights, then type in the last name of your mother in law and see "Access Granted" blinking in green font size 72 over the whole screen is infinitesimal.

On Sat, 07 Jun 2003 14:00:38 -0400, Jim Russell wrote:

> Hello,
> I am working with a team to implement a third party application. The data
> that will be contained in these tables and indexes are considered very
> sensitive. I have been asked to encrypt the sensitive data.
>
> I have read several places in the 9i manuals (yes the database is 9i on
> HP-UX 64 bit). I have read several white papers available on Metalink. I
> have saved the
> examples of procedures to encrypt and decrypt.
>
> Here are my questions: I could not find a white paper or entry in any of
> the 9i manuals that tells how the procedures are invoked. I presume that a
> trigger
> would have to be used. Is this correct? If it is, where might I look to
> find an example of such a trigger? We do not have a license for the
> Advanced Security option. This is why I am looking to use the obfuscation
> package.
>
> I also found an example of encrypting numeric data on Metalink. To encrypt
> numeric data it has to be treated as a character string. This could be
> interesting
> when it comes to manipulation of the data.
>
> The application owner expects all sensitive data to be encrypted. Can
> anyone
> suggest how to communicate (in a language he will understand) that it may
> not be desirable to encrypt some data? If sensitive data exists in an index
> then the index is not usable. Another potential problem is performance
> degradation. Given this is a purchased application, the vendor is not very
> likely to modify the code so it can be easily encrypted/decrypted.
>
> Does documentation exist that provides suggestions for tuning when
> encryption is used?
>
> Any help is greatly appreciated.
>
> If possible, please reply to my email address.
>
> Jim Russell
> Oracle DBA
>
> jamesrussell_at_charter.net

-- 
Mladen Gogala
Software is like sex, it is better when it is free.
Linus Torvalds