Re: Oracle Developer Questions

The latest release of Oracle; Oracle8i Release 2 provides a mechanism to encrypt data and hide it even from the DBA. Visit www.oracle.oracle and check out the
white paper on Oracle8i Release 2 new security features.

Remco Blaakmeer wrote in message <874ehg$esm$1_at_rd1936.quicknet.nl>...
>In article <s9bdftto5io174_at_corp.supernews.com>,
> <gradxv_at_excite.com> writes:
>> I am a software developer doing comparative research on DBMS systems. I
 am
>> interested in the following items:
>>
>> 1) Application Database Security: As a developer of a database
 application
>> (ISV) using Oracle 8 as a backend database, can I secure ALL parts of the
>> database from ALL users of the Oracle 8 server? This would include
>> administrators, etc. Only my application would have the password(s) to
>> access the database including database schema, stored procedures, etc. I
 am
>> interested in securing parts of the application database so that it can
 be
>> accessed via only my application GUI. Two reasons for doing this are: (a)
>> this information is very similar to source code (it is not the data
 entered
>> by the application user), and (b) for support-related issues, it helps
>> reduce the possibility that some rogue Oracle user will damage the
>> inner-workings of the application. Can Oracle 8 do this? If so, to what
>> extent?
>
>You can do this, but it will only protect your data against an ordinary
>user. A DBA will always be able to access the data. The only way to
>prevent anybody from reading the data is to use some form of strong
>encryption, but I have no experience in that area.
>
>Another way to pervent direct access to the database: instead of
>installing your application on every client, use an application server.
>That way, only the application server (and your DBA) needs to have
>access to the database and you can deny access based on IP address.
>
>Remco
>--
>rd1936: 5:40pm up 22 days, 22:20, 6 users, load average: 1.87, 1.47,
1.56 Received on Mon Jan 31 2000 - 00:00:00 CET