Re: Are there inherent or 3rd-party tools for encrypting data in Oracle?
Date: Fri, 23 Feb 2001 06:50:17 +0100
Message-ID: <4qtb9tokhpd64hrl66g4lvrifpkfdasqpl_at_4ax.com>
[Quoted] Comments embedded
On Thu, 22 Feb 2001 21:09:06 -0700, "John Peterson" <johnp_at_azstarnet.com> wrote:
>Hello, all!
>
>Please forgive my extensive cross-posting, but I wasn't certain what forum
>to post my question. This is my first visit to these groups, but I hope to
>become a "regular" (and better determine where to place my posts in the
>future ;-).
IMO the distinction is: anything that comes with the server software
in .server, so the server itself, sqlnet, tools like export and import
and sqlloader.
In .tools: Oracle Designer and Developer
In .misc: Third party products (including drivers)
So your question belongs to .server
>
>My background in databases has been largely limited to Microsoft SQL Server,
>but I have started a new job with a company that uses Oracle 8i on Red Hat
>Linux 6.2. As such, I'm trying to learn as much as I can about Oracle using
>my knowledge of SQL Server as sort of a starting point. ;-)
Forget about your sqlserver knowledge as soon as possible, Oracle is a completely different beast. Many Oracle applications suffer from developers porting their nasty sqlserver habits to Oracle.
>
>I have been tasked to investigate the feasibility of encrypting data in
>Oracle. Are there any tools (off-the-shelf or internal to Oracle) that
>might help to accomplish this? We use JDBC as our data access mechanism, so
>we would prefer to NOT have to change the application, but to arrange for
>the data to be encrypted between the Client Library (JDBC in our
>application) and the Oracle server (we want the data across the wire to be
>encrypted AND the data on the disk to be encrypted).
The Enterprise Edition of Oracle comes with the Advanced Networking Option allowing you to use DES, RS40, and quite a few other algorithms Encrypting network traffic should be relatively easy. Of course you will have to pay $$ for the Enterprise Edition, and their choice of Linux probably betrays they're not prepared to do this.
>
>Also, I would appreciate any thoughts as to the pros/cons of this approach.
>My natural inclination is to NOT encrypt the data in the database, but
>rather to rely on the security safeguards that are in place with the
>operating system and the database server. It seems to me that it would be
>difficult to perform OLAP tasks or determine data patterns on data that's
>encrypted (even partially), not to mention the performance ramifications of
>said. However, our "hands may be tied", as this is a client imperative.
>But, I'm hopeful that with some compelling evidence (one way or another),
>they might change their stance accordingly.
If they want to encrypt *all* the data on the disk, you must query
their sanity. Oracle has quite enough security mechanisms to keep
unauthorized people out without encryption. It also has enough
mechanisms to authenticate the user.
[Quoted] The real problem is usually people are too lazy to find out what is
really necessary and they grant DBA access to about just everything.
[Quoted] Also Oracle comes with row level security and a feature called Virtual
Private Database, which allows you to limit access on record basis.
[Quoted] I have the strange feeling they just want a cheap all purpose product,
instead of getting the Enterprise Edition and using all it's features.
Evidently, you're going to kill a mouse with an elephant.
>
>Thank you in advance for your time! :-)
>
>John Peterson
>
Hth
Sybrand Bakker, Oracle DBA Received on Fri Feb 23 2001 - 06:50:17 CET