| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: expdp question
sybrandb_at_hccnet.nl wrote:
> On Thu, 16 Aug 2007 12:47:51 -0700, DA Morgan <damorgan_at_psoug.org>
> wrote:
>
>> Assuming your employer is legally licensed the upgrade is free. There >> is a huge amount of value in 11g. Of course if you don't want to best >> technology there is always Ingres or Pick.
I'd be happy to do so. <g>
We have found a new driver here to "encourage" companies to upgrade to 10g: PCI. Are you familiar with it?
PCI stands for "Payment Card Industry Data Security Standard" and, at
least in the US, it is the rules for anyone taking credit cards.
https://www.pcisecuritystandards.org/
Here's a brief review of the relevant sections of the rules:
Requirement 2.2.4 - Remove all unnecessary functionality
Requirement 2.3 - Encrypt all non-console administrative access
Requirement 4 - Encrypt transmission of cardholder data across open,
public networks
Requirement 6 - Develop and maintain secure systems and applications
Requirement 6.5.1 - Unvalidated Input Requirement 6.5.2 - Broken Access Control Requirement 6.5.3 - Broken Authentication and Session Management Requirement 6.5.4 - Cross Site Scripting (XSS) Flaws Requirement 6.5.5 - Buffer Overflows Requirement 6.5.6 - Injection Flaws Requirement 6.5.7 - Improper Error Handling Requirement 6.5.8 - Insecure Storage Requirement 6.5.9 - Denial of Service Requirement 6.5.10 - Insecure Configuration Management
Note requirement 6.5.8 ... looks like Transparent Data Encryption to me. Along with Data Vault, Audit Vault, and a few other new features.
Most organizations given a choice between not accepting credit cards and upgrading their software ... upgrade. <g>
-- Daniel A. Morgan University of Washington damorgan_at_x.washington.edu (replace x with u to respond) Puget Sound Oracle Users Group www.psoug.orgReceived on Mon Aug 20 2007 - 11:21:02 CDT
 |
 |