Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Encrypting data witth TDE Oracle 10g

Re: Encrypting data witth TDE Oracle 10g

From: EdStevens <quetico_man_at_yahoo.com>
Date: 23 Aug 2006 10:34:34 -0700
Message-ID: <1156354473.991531.168520@p79g2000cwp.googlegroups.com>

Fred wrote:
> Thanks a lot for theses explanations .
>
> Ok, for TDE, i don't see interest because any user can see data.
>
> So i can take DBMS_CRYPTO to encrypt data, but i want also that anybody
>
> could see data , is it possible ? (DBA also).
> Just one user can see his own data. do you see what i mean ? each user
> will see their data in clear text, but the whole database will be
> encrypt.
>
> I don't know if it's possible with 10g.
>
> Thanks
>
>
>
> frank.van.bortel_at_gmail.com wrote:
> > Fred schreef:
> >
> > > Hi,
> > >
> > > You're right, just a different key by lines and not an algorithm.
> > >
> > > Is it possible and how to implement it ?
> > >
> > > In fact we want to encrypt an big entire database. advice for that ?
> > >
> > > Also, I don't see the difference between TDE and DBMS_CRYPTO.
> > > In one hand we crypt data into the database but user can see clear
> > > data.
> > > In the other hand how we can use DBMS_CRYPTO to encrypt data of all
> > > columns on one table ?
> >
> > Any idea what TDE does? I'll tell you a secret: it stands for
> > Transparant Data Encryption.
> > Transparant in a way, you can see the "clear data", but only when the
> > Wallet is activated.
> > Try to query your data with the Wallet disabled.
> > I have a write-up on TDE on
> > http://vanbortel.blogspot.com/2005_07_01_vanbortel_archive.html
> >
> > DBMS_CRYPTO needs to be called for every insert/query; you can call it
> > with a different key for eevry row - the problem I see is where to keep
> > your keys; you hardly want to store them in the same row (as I suspect
> > security is the issue here...)
> >
> > >From what I understand, DBMS_CRYPTO is the only way to go. It allows
> > the use of a different key eevry time it is called, and so enables you
> > to do what you propose.
> >
> > But encrypting a whole database?!? Why? Is *all* your data worth
> > encrypting?

If you want users to be able to see only their own data (and I'm assuming here that all users' data is in the same table) then perhaps your solution is Fine Grained Access rather than TDE. Received on Wed Aug 23 2006 - 12:34:34 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US