Re: TDE
Date: Mon, 22 Dec 2008 05:34:47 +0100
Message-ID: <6r8jn8F74lU1@mid.individual.net>
On 19.12.2008 23:08, Chuck wrote:
> Chuck wrote:
>> I just read an oracle white paper on transparent data encryption in
>> 10gR2. It states that decryption occurs at the SQL layer. Doesn't that
>> mean that the data will be decrypted *before* it's transmitted over the
>> network to a client? I would think that defeats part of the goal of
>> encryption if it's not done at the client. Am I misunderstanding something?
>>
>> Quoted from the white paper...
>>
>> "TDE encrypts data before it's written to disk and decrypts data before
>> it is returned to the application. The encryption and decryption process
>> is performed at the SQL layer, completely transparent to applications
>> and users."
> > Thanks all who replied. I guess if I want to encrypt the data in transit > I'll either need to pay for the advanced networking option,
Depends on the license you have: under certain conditions it's included already:
http://download.oracle.com/docs/cd/B19306_01/license.102/b14199/options.htm#CIHFDJDG
Then you do
SQLNET.ENCRYPTION_CLIENT=required
on the server and select the highest possible encryption to make all connections safe.
http://download.oracle.com/docs/cd/B19306_01/network.102/b14213/sqlnet.htm#sthref462
(and link to Morgan's Lib posted before)
> or use
> something like stunnel or ssh port forwarding.
I am not sure about the details and I do not know your paranoia level but it may be that these tools are unsafe in case someone has access to one of the systems.
Kind regards
robert Received on Sun Dec 21 2008 - 22:34:47 CST