Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: 11g Tablespace Encryption

Re: 11g Tablespace Encryption

From: Tim Gorman <tim_at_evdbt.com>
Date: Fri, 14 Sep 2007 09:40:44 -0600
Message-ID: <46EAAB7C.1020804@evdbt.com> 




  


I can't even spell "Oracle11g" yet, but chances are good that
decryption takes place when a block is read into the Buffer Cache, and
encrypted when written to disk by LGWR, DBWR, or a direct-path load.



Sorts and hashes are performed in "private" process memory and flushed
to disk in a "direct path write" operation, so presumably encryption
happens then.  When sort/hash information read back into private
process memory during a "direct path read", presumably decryption
occurs.  This is important because otherwise encryption would affect
both sorting and hash results.



Ditto for I/O to/from undo and "permanent" objects -- flushes by DBWn
processes perform encryption, reads back up into Buffer Cache perform
decryption.  Ditto for LGWR -- flushes to online redo logfiles perform
encryption, and ARCn processes don't know anything about encryption --
not their job.



This is all speculation, but it would be my operating hypothesis going
forward until disproven...


Tim Gorman
consultant - Evergreen Database Technologies, Inc.
P.O. Box 1802, Evergreen CO  80437-1802
website = http://www.evdbt.com
email   = tim@evdbt.com
mobile  = +1-303-885-4526
fax     = +1-303-484-3608






Andrew Kerber wrote:

I wonder how that affects a database clone or restore to
another location?

  

  
On 9/14/07, Ted Coyle <oracle-l@webthere.com
  > wrote:
  
I
attended a Tom Kyte Oracle presentation yesterday where he discussed
11g
    

Tablespace encryption among other features. A  question came up in one
of

the technical sessions concerning when the decryption took place and
does

any of the encrypted data ever wind up unencrypted in any of
Undo/Redo/Temp
    

control structures.  The presenter didn't have an answer and Tom had
zoomed

out of there after the keynote so no chance to "Ask Tom Live" so to
speak.

    

Here's what I found in the 11g docs:

"Transparent encryption/decryption takes place during disk input/output

(I/O) and not for every logical access to the data. This leads to
improved

performance."

-------

"The encrypted data is protected during operations like JOIN and SORT.
This
    

means that the data is safe when it is moved to temporary tablespaces.
Data

in undo and redo logs is also protected."

    

I'm interested in more info on this, so any links or comments are

appreciated.
    

    

Also, has anyone tested this feature for performance?  Tom noted
possible

performance issues during the presentation.

    

-Ted

    

--

    http://www.freelists.org/webpage/oracle-l
    

    

    

  

  

  

  

  

-- 

Andrew W. Kerber

  

'If at first you dont succeed, dont take up skydiving.'




--
http://www.freelists.org/webpage/oracle-l
Received on Fri Sep 14 2007 - 10:40:44 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US