Re: hiding Tables

From: DA Morgan <damorgan_at_psoug.org>
Date: Sat, 13 Sep 2008 23:15:22 -0700
Message-ID: <1221372923.131366@bubbleator.drizzle.com>

Mass wrote:

> On Sep 12, 4:25 pm, Mark D Powell <Mark.Pow..._at_eds.com> wrote:

>> On Sep 12, 9:14 am, "fitzjarr..._at_cox.net" <orat..._at_msn.com> wrote:
>>
>>> On Sep 12, 3:30 am, Mass <mass..._at_gmail.com> wrote:
>>>> Dear All,
>>>> I have a data base on oracle 10g i want to hiding some tables but i
>>>> didn't know the steps to do that and How i will show it later?
>>>> Thanks a lot
>>> What, exactly, do you mean by 'hiding some tables'? There are ways to
>>> restrict access to certain data to certain users, but that's not
>>> called 'hiding tables'.
>>> David Fitzjarrell
>> Mass, by default if you create a table the only users who can see that
>> table are you and users with the select any table privilege such as
>> DBA's. You have to issue object level privileges: select, insert,
>> update, delete to allow other users to access your table.
>>
>> As David asked, what do you mean by, "hiding some tables". Perhaps
>> you want to look into encryption, views, Virtual Private Database
>> (VPD) also called Fine Grained Access Control (FGAC).
>>
>> encryption - require encoding and decoding of raw data so it can
>> be seen in clear form only via an authorized application
>>
>> view - restricts columns and rows returned via a predefined query
>>
>> VPD - Prior to 10g applies a policy rule to filter rows returned
>> based on how rule applies to querying user. With 10g+ can also be
>> used to nullify column value returned.
>>
>> HTH -- Mark D Powell --

> 
> 
> let me explain , i have table called ( user) it containt  username and
> password this table in  same my data base (there are many users can
> login in this data base and can access to (user ) ),so i need to hid
> this table from my data base  to avoid any access to this table
> 
> Thanks
> Mass

Based on what you are describing FGAC will work but there is a far better solution if you don't mind writing a bit of code.

First create a table with one VARCHAR2(1000) column.

Then load it using DBMS_CRYPTO.RANDOMBYTES. http://www.psoug.org/reference/dbms_crypto.html

Then use ORA_HASH to create a hash on the fly based on some unique bit of information for each user as they log in. http://www.psoug.org/reference/ora_hash.html

Now just write a function that uses the hash to find some unique part of the table. For example:

SQL> select ora_hash('morgan') from dual;

ORA_HASH('MORGAN')

1843898362

So I substring out the first 5 characters, Go to row 184 and read the first 10 characters beginning at position 38.

Use the WRAP utility to obfuscate your code and I doubt anyone will break it without a Cray.

The best place to hide a secret is in plain sight.

-- 
Daniel A. Morgan
Oracle Ace Director & Instructor
University of Washington
damorgan_at_x.washington.edu (replace x with u to respond)
Puget Sound Oracle Users Group
www.psoug.org

Received on Sun Sep 14 2008 - 01:15:22 CDT

This message: [ Message body ]
Next message: exec_at_chicagorsvp.com: "Query Question"
Previous message: Mass: "Re: hiding Tables"
In reply to: Mass: "Re: hiding Tables"
Next in thread: hpuxrac: "Re: hiding Tables"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message