Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Tough question for oracle DBAs/Solaris Admins. Log shipping.

Re: Tough question for oracle DBAs/Solaris Admins. Log shipping.

From: DA Morgan <damorgan_at_psoug.org>
Date: Fri, 01 Sep 2006 22:12:12 -0700
Message-ID: <1157173930.566367@bubbleator.drizzle.com> 





Frank Cusack wrote:


> On Sat, 02 Sep 2006 00:35:13 GMT Ningi <ningi_at_EGGSANDSPAMblueyonder.co.uk> wrote:


>> Frank Cusack wrote:
>> <snip>
>>
>> m UNTRUSTED employees, not eliminating trust from the system.
>>> No auditor will balk at not having immutable files as long as only
>>> trusted
>>> employees are in the position to undetectably alter data.
>> Yes they will.  You stand no chance of meeting SEC 17a-4 if ANYBODY
>> can alter the data.




> 

> Then it's an insoluble problem.

> 

> -frank




Au contraire. It is a challenging problem but not insoluble.


Rule 1: Store everything inside the database.
Rule 2: Encrypt the audit trail using DBMS_CRYPTO.ENCRYPT
Rule 3: Autogenerate the key using DBMS_CRYPTO.RANDOMBYTES
Rule 4: Autogenerate inside a PL/SQL procedure or function created using 


DBMS_DDL.CREATE_WRAPPED so no unwrapped source ever exists.



If you've got a Cray and few weeks or months to kill you might figure
out enough to alter the audit trail. But if you are that good I would
expect you'd have better things to do with your time.

-- 
Daniel A. Morgan
Puget Sound Oracle Users Group


Received on Sat Sep 02 2006 - 00:12:12 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US