Re: oracle-l Digest V20 #204

From: Howard Latham <"Howard>
Date: Sun, 17 Sep 2023 21:23:19 +0000
Message-ID: <LO0P302MB03083C4C1EE8D3A1E64081E4D2F4A_at_LO0P302MB0308.GBRP302.PROD.OUTLOOK.COM>

⁰

Sent from Outlook for Android<https://aka.ms/AAb9ysg>

From: FreeLists Mailing List Manager <ecartis_at_freelists.org> Sent: Sunday, September 17, 2023 2:06:40 AM To: oracle-l digest users <oracle-l_at_freelists.org> Subject: oracle-l Digest V20 #204

oracle-l Digest Sat, 16 Sep 2023 Volume: 20 Issue: 204

In This Issue:

                Column encryption use-case



----------------------------------------------------------------------

From: Lok P <loknath.73_at_gmail.com>
Date: Sat, 16 Sep 2023 07:29:34 +0530
Subject: Column encryption use-case

Hello Friends, It's Oracle version 19C. We are using tablespace TDE for "data at rest" encryption. We have got a security requirement , as part of which TDE is not sufficient as , although it's encrypted in storage , the data is visible to clear text to all whoever selects from that table. The sensitive column(e.g. account_number) should not be visible to others in clear text and should be stored as encrypted only. And should also be decrypted as and when required by the application logic from the app account but not from the individual user account. And currently the application is required to query/fetch/join that column as and when required and we have indexes that exist on the column in few cases. Also there are cases, the column/attribute which we want to encrypt is part of a clob column which stores Json format strings. Would it be okay to encrypt a full clob or should we extract the sensitive column out from the clob and store it as a different column and then encrypt that?

While searching over the internet , I found dbms_crypto. But I have never used it in the past. So I wanted to know from experts here , if this above use case should be catered by the dbms_crypto package and then how the key management happens here? or any other possible easy/more performant methods are available in latest Oracle versions? Because having indexes created on the encrypted column may have performance overhead while decrypting , so I want to be cautious.

And this activity we need to do on the existing data and the newly coming data to the table. There are 100's of million rows inserted/queried per day to/from the table along with that column.

Appreciate your guidance.

Regards
Lok

End of oracle-l Digest V20 #204

--

http://www.freelists.org/webpage/oracle-l Received on Sun Sep 17 2023 - 23:23:19 CEST

This message: [ Message body ]
Next message: Lucas Pimentel Lellis: "Re: Column encryption use-case"
Previous message: richard goulet: "Column encryption use-case"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message