Date: Thu, 25 Dec 2008 21:10:02 -0800
> Oracle TDE encrypts the data in the database so the data is secure on
> the disk and on backups. If you want network security as well, Oracle
> offers a different technology that's licensed in the same Oracle
> Advanced Security pack. I agree that encrypting content to the
> application wouldn't be practical because you'd have to change all of
> your applications and add encryption capabilitites there.
> You should also think about where you store the encryption keys.
> Storing them in the ewallet is a little bit like leaving the key in
> the lock. I would recommend that you use an HSM to protect the keys
> (that way they won't end up on the same backup tape either). HSMs also
> include features to separate the duties between database and security
> administration. It's not that you should distrust database
> administrators - in heavily regulated environments most of us work in,
> you need to show that you have internal controls in place to ensure
> that no one person has the power to the entire system.
If anyone wants to actually see TDE at work use it with an external
table. I have a demo here:
-- Daniel A. Morgan Oracle Ace Director & Instructor University of Washington damorgan_at_x.washington.edu (replace x with u to respond) Puget Sound Oracle Users Group www.psoug.orgReceived on Thu Dec 25 2008 - 23:10:02 CST