From: Palooka <>
Date: Fri, 19 Dec 2008 20:37:39 +0000
Message-ID: <nCT2l.10637$cx7.6623@newsfe21.ams2>

Chuck wrote:
> I just read an oracle white paper on transparent data encryption in
> 10gR2. It states that decryption occurs at the SQL layer. Doesn't that
> mean that the data will be decrypted *before* it's transmitted over the
> network to a client? I would think that defeats part of the goal of
> encryption if it's not done at the client. Am I misunderstanding something?
> Quoted from the white paper...
> "TDE encrypts data before it's written to disk and decrypts data before
> it is returned to the application. The encryption and decryption process
> is performed at the SQL layer, completely transparent to applications
> and users."

The purpose of TDE is to protect the files on disk. Trying to decrypt at the client would be a disaster,

To protect your network, you need to address network level issues, not Oracle level.

Palooka Received on Fri Dec 19 2008 - 14:37:39 CST

Original text of this message