From: Christian <>
Date: Tue, 23 Dec 2008 12:46:07 -0800 (PST)
Message-ID: <>

Oracle TDE encrypts the data in the database so the data is secure on the disk and on backups. If you want network security as well, Oracle offers a different technology that's licensed in the same Oracle Advanced Security pack. I agree that encrypting content to the application wouldn't be practical because you'd have to change all of your applications and add encryption capabilitites there.

You should also think about where you store the encryption keys. Storing them in the ewallet is a little bit like leaving the key in the lock. I would recommend that you use an HSM to protect the keys (that way they won't end up on the same backup tape either). HSMs also include features to separate the duties between database and security administration. It's not that you should distrust database administrators - in heavily regulated environments most of us work in, you need to show that you have internal controls in place to ensure that no one person has the power to the entire system. Received on Tue Dec 23 2008 - 14:46:07 CST

Original text of this message