PaulDotCom mailing list archives
Database Encryption
From: mmcgrew1 at mail.csuchico.edu (Michael McGrew)
Date: Thu, 27 May 2010 12:54:30 -0700
Yes, that's possible. At my work we use Oracles TDE on specific columns, (for example, user login in the users table) and we are able to compare it in the application to what the user types in when they login. I'm not sure about specifics in setting it up (i'm not the DBA) but we use the Oracle wallet manager for the keys and to set up encryption for a column you just need to ALTER TABLE talbe_here MODIFY (column_here ENCRYPT USING 'AES256'); when creating the table, it's very easy. About the application encrypt/decrypt; your application does not need to worry about it. It's transparent to the application, the application does not know the difference between a column that has TDE and one that does not. Retrieve it from the database and use it as you would any other record. On Thu, May 27, 2010 at 7:57 AM, John Hoyt <john.h.hoyt at gmail.com> wrote:
Thanks everyone for their input so far. The requirement is being defined, but I think that the need would be to encrypt specific fields/columns within the rows/records. Not specific records. For example, encrypt the SSN field, but not the first name or last name. The kicker is that the application needs to be able to decrypt those fields and do comparisons and then encrypt them again on the fly. According to what I've heard from Oracle so far on this they can do it. We have not tested that theory yet though. John On Thu, May 27, 2010 at 2:43 AM, Robert Wahl <netlacky at gmail.com> wrote:There are a couple of interesting players in the place... Safenet, voltage, etc.. I've had some experience doing transparent data encryption (not Oracle TDE) of columns... but you are looking to encrypt specific records? Message: 2 Date: Tue, 25 May 2010 10:22:09 -0400 From: John Hoyt <john.h.hoyt at gmail.com> Subject: [Pauldotcom] Database Encryption To: PaulDotCom Security Weekly Mailing List <pauldotcom at mail.pauldotcom.com> Message-ID: <AANLkTil7EvEdrwckxwMzeK3j2oPpRxsJVPr6pVq-Rk8x at mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" Does anyone have experience with database (row/record) encryption? I'm looking at Oracle TDE and other competitor solutions. Some of the main points I'm interested in are: - Performance - Key management - Backups - Comparison against full-disk encryption Thanks for any help, John _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100527/9bc1c4c2/attachment.htm
Current thread:
- Database Encryption John Hoyt (May 25)
- Database Encryption Raffi Jamgotchian (May 25)
- Database Encryption Ben Greenfield (May 26)
- Database Encryption Jim Halfpenny (May 26)
- Database Encryption Ralph Durkee (May 26)
- <Possible follow-ups>
- Database Encryption Robert Wahl (May 26)
- Database Encryption John Hoyt (May 27)
- Database Encryption Michael McGrew (May 27)
- Database Encryption John Hoyt (May 27)
- Database Encryption Raffi Jamgotchian (May 25)