TDE for data previously unencrypted

From: Kevin Lidh <kevin.lidh_at_gmail.com>
Date: Thu, 7 Mar 2013 11:07:03 -0700
Message-ID: <229801ce1b5e$954c6290$bfe527b0$_at_gmail.com>

I was researching TDE and set up a test in a small Oracle 11.2.0.3 database on RHEL. I created a table with two rows of "sensitive" unencrypted information. I opened up my datafile in a hex editor and found my data. I then created an encrypted tablespace and "alter table move" the table to the new tablespace and when I open that datafile, I can't find my data. But when I open the original datafile, I can still see sensitive information. I verified there were no extents remaining from that table. I understand how it happened but I'm wondering if there's another way to either move the data out which clears it or if there's a way to clear it after the fact. I did a coalesce for fun and now my two sensitive pieces are right next to each other in the unencrypted datafile.

In our real world environment, the only method that comes to mind is to move all the remaining and unencrypted data to yet another tablespace and drop the original but that wouldn't be practical for some of our databases.

Any ideas are surely welcome.

Kevin

--
http://www.freelists.org/webpage/oracle-l

Received on Thu Mar 07 2013 - 19:07:03 CET

This message: [ Message body ]
Next message: Hemant K Chitale: "Re: TDE for data previously unencrypted"
Previous message: Kevin Jernigan: "Re: Advanced Compression features on non-Engineered systems/storage"
Next in thread: Hemant K Chitale: "Re: TDE for data previously unencrypted"
Reply: Hemant K Chitale: "Re: TDE for data previously unencrypted"
Maybe reply: rajendra.pande_at_ubs.com: "RE: TDE for data previously unencrypted"
Maybe reply: rajendra.pande_at_ubs.com: "RE: TDE for data previously unencrypted"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message