PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Database Encryption

From: mmcgrew1 at mail.csuchico.edu (Michael McGrew)
Date: Thu, 27 May 2010 12:54:30 -0700
Yes, that's possible. At my work we use Oracles TDE on specific columns,
(for example, user login in the users table) and we are able to compare it
in the application to what the user types in when they login. I'm not sure
about specifics in setting it up (i'm not the DBA) but we use the Oracle
wallet manager for the keys and to set up encryption for a column you just
need to ALTER TABLE talbe_here MODIFY (column_here ENCRYPT USING 'AES256');
when creating the table, it's very easy.

About the application encrypt/decrypt; your application does not need to
worry about it. It's transparent to the application, the application does
not know the difference between a column that has TDE and one that does not.
Retrieve it from the database and use it as you would any other record.

On Thu, May 27, 2010 at 7:57 AM, John Hoyt <john.h.hoyt at gmail.com> wrote:


Thanks everyone for their input so far.

The requirement is being defined, but I think that the need would be to
encrypt specific fields/columns within the rows/records.  Not specific
records.

For example, encrypt the SSN field, but not the first name or last name.

The kicker is that the application needs to be able to decrypt those fields
and do comparisons and then encrypt them again on the fly.

According to what I've heard from Oracle so far on this they can do it.

We have not tested that theory yet though.

John

On Thu, May 27, 2010 at 2:43 AM, Robert Wahl <netlacky at gmail.com> wrote:


There are a couple of interesting players in the place... Safenet,
voltage, etc..

I've had some experience doing transparent data encryption (not Oracle
TDE) of columns... but you are looking to encrypt specific records?

Message: 2
Date: Tue, 25 May 2010 10:22:09 -0400
From: John Hoyt <john.h.hoyt at gmail.com>
Subject: [Pauldotcom] Database Encryption
To: PaulDotCom Security Weekly Mailing List
       <pauldotcom at mail.pauldotcom.com>
Message-ID:
       <AANLkTil7EvEdrwckxwMzeK3j2oPpRxsJVPr6pVq-Rk8x at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"


Does anyone have experience with database (row/record) encryption?  I'm
looking at Oracle TDE and other competitor solutions.

Some of the main points I'm interested in are:


  - Performance
  - Key management
  - Backups
  - Comparison against full-disk encryption


Thanks for any help,
John

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com







_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100527/9bc1c4c2/attachment.htm
Previous By Date Next
Previous By Thread Next

Current thread: