Re: Oracle TDE Question

From: Hans Forbrich <>
Date: Thu, 25 Feb 2016 10:45:05 -0700
Message-ID: <>

Many applications have significant numbers of code/value lookup tables.

Many applications, especially 3-tier applications, do validation using those lookup tables.

In many cases those code tables are not sensitive.

Unless appropriate caching is used (keep cache), bashing against encrypted storage introduce unnecessary overhead.

I totally agree when you talk about 'business-generated' data. But the list of countries, states, cities ...?


On 25/02/2016 10:13 AM, Powell, Mark wrote:
> I am of the opinion that if you buy TDE you should use probably use it
> on all tablespaces. When you really consider it most business data is
> sensitive. Most of the data may not need access within the company
> restricted, but you would not want your competition or a hacker to
> have access so encrypting the disk version makes business sense.
> Make sure management and developers understand use of TDE in no way
> excuses lack of control of the object level privileges.
> *From:*
> [] *On Behalf Of *MJ Mody
> *Sent:* Thursday, February 25, 2016 9:58 AM
> *To:*
> *Cc:*
> *Subject:* Re: Oracle TDE Question
> A valid question here is if your organization has previously gone
> through the exercise of identifying PII. Should this be the case than
> it is known which objects should utilize the encrypted tablespaces.
> In interest of time, is it prudent to enable TDE on all tablespaces?
> That said overall overhead Oracle says is 6%-8% with TDE.
> On Feb 25, 2016, at 7:54 AM, Chris Taylor
> <
> <>> wrote:
> I think I know the answer to this question, but want to confirm
> for completeness.
> When you use Oracle TDE (with the appropriate licenses of course),
> is it supported to have both non-encrypted tablespaces and
> encrypted tablespaces in the same database, correct?
> If it's not I'd be surprised but wanted to confirm.
> Thanks!
> Chris Taylor

Received on Thu Feb 25 2016 - 18:45:05 CET

Original text of this message