Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Protecting the encryption key from the DBA

Re: Protecting the encryption key from the DBA

From: DA Morgan <damorgan_at_psoug.org>
Date: Mon, 18 Jul 2005 12:26:00 -0700
Message-ID: <1121714764.299926@yasure>


Sybrand Bakker wrote:
> On 18 Jul 2005 10:15:31 -0700, "Pratap" <pratap_fin_at_rediffmail.com>
> wrote:
>
>

>>How can we protect the encryption key from the DBA

>
>
> If you don't trust the DBA, fire him.
> No database can be and should be protected from a DBA.
> If you want be sure of protection, swap Oracle for a toy like
> sqlserver, put the system in a server room, make sure the password of
> sa is sa, and throw away the key of that server room.
>
>
> --
> Sybrand Bakker, Senior Oracle DBA

If it is in the US it has nothing to do with trust. It has to do with Federal Law. We are now having to do things we never had to do before. Among them auditing root and sys. Things are changing over here in ways that may have no parallel in Europe.

Take a look at the new 10g feature Transparent Data Encryption. I've little doubt the driving force behind it was changes in the laws.

-- 
Daniel A. Morgan
http://www.psoug.org
damorgan_at_x.washington.edu
(replace x with u to respond)
Received on Mon Jul 18 2005 - 14:26:00 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US