Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Advanced Security

Re: Advanced Security

From: DA Morgan <damorgan_at_psoug.org>
Date: Tue, 12 Sep 2006 09:51:53 -0700
Message-ID: <1158079911.319677@bubbleator.drizzle.com> 





Evan wrote:


> Brian Peasland wrote:


>>> Can you (I) make a case to install it on all machines?
>>
>>
>> Might I make a suggestion? Instead of taking a look at ASO, start with 
>> your business requirements. Do you have a need to encrypt sensitive 
>> data? Do you have a need to limit access to certain rows of data in a 
>> table? Do you have a need to generate an audit trail when individuals 
>> access certain rows or columns of data? Take a look at your business 
>> requirements and *then* pick the Oracle solution that implements those 
>> requirements. You already have a start documenting some of your 
>> requirements:
>>
>> 1. Hundreds of users will access the database from Windows clients
>> 2. There are five app servers that will access the database
>> 3. There is sensitive data in the database
>>
>> But there is lots more than you need to figure out. My questions above 
>> are only a start. But I let my requirements dictate my solution set, 
>> not the other way around.
>>
>>
>> Cheers,
>> Brian
>>
>>




> 

> The applications (from vendors) don't allow for field encryption.

> Row restriction is not needed.

> I feel that auditing allows us to look in the barn and see who took the 

> horse. I want to keep anyone from looking in the barn. This is data 

> which MUST be protected. It is enough to allow identity theft.

> 

> Web pages using HTTPS protect the contents between clients and webpages. 

> ASO protects the content between the database and the web server.

> 

> The issue is connection from

> 1) application fat clients,

> 2) ODBC clients,

> 3) and SQLPlus clients.

> 

> We have the DB server configured to use ASO with "request" and the web 

> servers set to "required". They are ok.

> 

> I have been told that ASO is not needed since to sniff the packets, you 

> would need to tap into a box which receives the packets. Is this 

> nonsense or is there another reason to use it?




Given what you have ... ODBC and SQL*Plus ... I would be getting a quote
from Oracle on Advanced Security today.



Well that and looking for a replacement vendor.

-- 
Daniel Morgan
University of Washington
Puget Sound Oracle Users Group


Received on Tue Sep 12 2006 - 11:51:53 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US