Re: Column encryption use-case

From: Priit Piipuu <priit.piipuu_at_gmail.com>
Date: Thu, 21 Sep 2023 13:35:33 +0200
Message-ID: <CAJYY02gO63M+KXmaj2QQMEnOv1WawhUU-XHKfsuwP1xGvawsBQ_at_mail.gmail.com>

On Tue, 19 Sept 2023 at 23:03, Lok P <loknath.73_at_gmail.com> wrote:

> But I understand the column encryption/decryption comes with its own
> performance overhead. So it seems, dbms_encrypt is the only solution we can
> go with and then perhaps we have to move the only sensitive field out of
> the JSON string so that we would be able to avoid the burden of
> encrypting/decrypting the whole clob column.
>

Please note: if the legal requirement is that sensitive data must be encrypted, then it must be encrypted no matter what the overhead is. For example, in certain jurisdictions tipping off the money launderer is a jailable offence, so you will have a tradeoff between encrypting the AML-related data and a few years in jail.

Oh, and if sensitive data must be encrypted, then it must be encrypted everywhere, including networks and applications. For example, if the app processes sensitive data unencrypted, then core dumps will become sensitive data as well, etc.

--
http://www.freelists.org/webpage/oracle-l

Received on Thu Sep 21 2023 - 13:35:33 CEST

This message: [ Message body ]
Next message: Mark W. Farnham: "RE: Column encryption use-case"
Previous message: Tim Gorman: "Re: Column encryption use-case"
In reply to: Lok P: "Re: Column encryption use-case"
In reply to Lok P: "Re: Column encryption use-case"
Next in thread: Mark W. Farnham: "RE: Column encryption use-case"
Reply: Mark W. Farnham: "RE: Column encryption use-case"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message