Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: using obfuscation

Re: using obfuscation

From: Don Jerman <djerman_at_dot.state.nc.us>
Date: Wed, 11 Sep 2002 12:42:12 -0400
Message-Id: <22541.293573@fatcity.com> 





This is a multi-part message in MIME format.

--------------F4AE2B7123F577491018BDD7
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit





Sorry, I munged the create view with the query.. I was reminded of a meeting
while typing the note :)



create view my_data as select de_encrypt(sensitive_data) as
clear_sensitive_data, sensitive_data from my_table;



create index  on my_table(sensitive data);



select clear_sensitive_data from my_data where
sensitive_data = encrypt('CLEAR TEXT')



Upon review, it does provide a cyphertext/cleartext attack, doesn't it?  Just
goes to show you -- security is hard.




"Steiner, Randy" wrote:



> Don,

>

> It seems like a real good idea, but what am I putting inside my call to the

> encrypt function in my Create View statement?

>

> Randy

>

>  -----Original Message-----

> Sent:   Tuesday, September 10, 2002 10:13 AM

> To:     Multiple recipients of list ORACLE-L

> Subject:        Re: using obfuscation

>

>  << File: Card for Don Jerman >> What about...

>

> create view my_data as select de_encrypt(sensitive_data) as

> clear_sensitive_data where

> sensitive_data = encrypt('CLEAR TEXT') ?

>

> This lets you create an index on the sensitive data without decrypting it,

> and

> the function need only be called once on the clear text.

>

> Caveat: no idea if this should work :)

>

> "Steiner, Randy" wrote:

>

> > Hi all,

> >

> > I have downloaded the Metalink Notes on implementing dbms_obfuscation. I

> am

> > using multiple front ends on the database, so the way I plan to implement

> > the de-encryption is with a de-encrypt function in a view.

> >

> > Create View my_data

> > AS

> > Select de_encrypt(sensitive_data)  AS sensitive_data

> > ,other_data

> > FROM original_table

> > ;

> >

> > If I select from the view with a where clause on other_data, the response

> > time is fine. If I select from the view with a where clause on

> > sensitive_data, I do a full table scan and which takes about 15 minutes.

> > The de-encrypt function is copied from a Metalink note, nothing fancy.

> >

> > Since I have various front ends, I can not de-encrypt the data in the

> front

> > end.  The only way I can think of is with the function in a view, but the

> > response time is unacceptable.  Does anyone have any thoughts on this?

> >

> > Thanks

> > Randy

> > --

> > Please see the official ORACLE-L FAQ: http://www.orafaq.com

> > --

> > Author: Steiner, Randy

> >   INET: RASTEIN_at_NYCT.com

> >

> > Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051

> > San Diego, California        -- Public Internet access / Mailing Lists

> > --------------------------------------------------------------------

> > To REMOVE yourself from this mailing list, send an E-Mail message

> > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in

> > the message BODY, include a line containing: UNSUB ORACLE-L

> > (or the name of mailing list you want to be removed from).  You may

> > also send the HELP command for other information (like subscribing).

> --

> Please see the official ORACLE-L FAQ: http://www.orafaq.com

> --

> Author: Steiner, Randy

>   INET: RASTEIN_at_NYCT.com

>

> Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051

> San Diego, California        -- Public Internet access / Mailing Lists

> --------------------------------------------------------------------

> To REMOVE yourself from this mailing list, send an E-Mail message

> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in

> the message BODY, include a line containing: UNSUB ORACLE-L

> (or the name of mailing list you want to be removed from).  You may

> also send the HELP command for other information (like subscribing).




--------------F4AE2B7123F577491018BDD7



Content-Type: text/x-vcard; charset=us-ascii;
 name="djerman.vcf"

Content-Transfer-Encoding: 7bit
Content-Description: Card for Don Jerman
Content-Disposition: attachment;




 filename="djerman.vcf"



begin:vcard 


n:Jerman;Don


tel;work:919.508.1886


x-mozilla-html:TRUE


org:Database Management Service,Information Technology
version:2.1


email;internet:djerman_at_dot.state.nc.us


title:Database Administrator


adr;quoted-printable:;;Database Management Service,Information Technology=0D=0A104 Fayetteville Street Mall;Raleigh;NC;27699-1521;USA
Received on Wed Sep 11 2002 - 11:42:12 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US