From: DA Morgan <>
Date: Thu, 25 Dec 2008 21:10:02 -0800
Message-ID: <>

Christian wrote:
> Oracle TDE encrypts the data in the database so the data is secure on
> the disk and on backups. If you want network security as well, Oracle
> offers a different technology that's licensed in the same Oracle
> Advanced Security pack. I agree that encrypting content to the
> application wouldn't be practical because you'd have to change all of
> your applications and add encryption capabilitites there.
> You should also think about where you store the encryption keys.
> Storing them in the ewallet is a little bit like leaving the key in
> the lock. I would recommend that you use an HSM to protect the keys
> (that way they won't end up on the same backup tape either). HSMs also
> include features to separate the duties between database and security
> administration. It's not that you should distrust database
> administrators - in heavily regulated environments most of us work in,
> you need to show that you have internal controls in place to ensure
> that no one person has the power to the entire system.

If anyone wants to actually see TDE at work use it with an external table. I have a demo here:

Daniel A. Morgan
Oracle Ace Director & Instructor
University of Washington (replace x with u to respond)
Puget Sound Oracle Users Group
Received on Thu Dec 25 2008 - 23:10:02 CST

Original text of this message