Pete Finnigan's Oracle Security Forum (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
Oracle Security >> Oracle Security >> Making a colum gibberish/TDE
(Message started by: Pete Finnigan on Aug 14th, 2010, 8:55pm)

Title: Making a colum gibberish/TDE
Post by Pete Finnigan on Aug 14th, 2010, 8:55pm
Trying to set a table column with TDE using the instructions detailed at :



Title:

How could this technology be leveraged so that encrypted column, when rendered by a
statement  in sql plus-

>>select SENSITIVE_DATA from tde;

produce a result set of this sort :

SENSITIVE_DATA(Password)
------------------------------
/*^@@_%^$&%^&^%

Essentially, would like the column to be rendered unreadable when requested.


Regards,
John

Post by NS on

Title: Re: Making a colum gibberish/TDE
Post by Pete Finnigan on Aug 16th, 2010, 10:54am
I've experimented with TDE myself and that isn't how TDE works.

The thing about TDE is that it encrypts data on datafile level and backup level so that when your disks or backup tapes fall in the wrong hands, they can't retrieve data by examining the datafiles.

But when you normally log in you'll find that the data selected is as readable as it ever were.

To encrypt data in columns in such a way that you need a key to decrypt it, you'll need to change your application (if at all possible). You'll need the package dbms_crypto (10g and up) (http://psoug.org/reference/dbms_crypto.html) to encrypt/decrypt data written by the application. Without that the data is unreadable.

Or maybe all you need is to make data unreadable for all in, for example, a test database. That's called data masking. Oracle has a tool for that (the Oracle Data Masking Pack (http://www.oracle.com/technology/products/oem/pdf/ds_datamasking.pdf)) which works from Enterprise Manager, but I have no experiences with that. I believe there are other commercial data masking tools as well.



Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright © 2000-2004 Yet another Bulletin Board