Re: How to remove data from disk

Bruce wrote:

> I have a table with some sensitive customer data in it. I am now
> keeping all the data in another table, and encrypting it. I want to
> get rid of the original unencrypted data and be sure that it is no
> longer anywhere on disk. Should I drop the table, or first delete the
> rows and then clear the redo logs? I'm not sure how to know if the
> data is actually physically deleted from disk, or if it's still there,
> but just in blocks that get marked as available. Any guidance would
> be greatly appreciated.
>
> Thanks,
> Bruce

Dropping or truncating a table does not log the individual rows in redo as a delete would, so that would be preferable. I'm pretty sure all three do not take any extra time to over-write the freed-up blocks.

You could create a new tablespace, move everything but the unwanted table from the old tablespace, then remove the old tablespace.

However, even in this case, perhaps one of those commercial data recovery services could still get at the data from the OS level.

Safest? Copy everything you want to keep onto a new disk, then destroy the old disk.

Hopefully you are putting as much thought into destroying all backups with the unencrypted data, protecting your encryption passphrase, and making sure you can vouch for every person who has or ever had access to the data, encrypted or not. This "dropped table" may not be your greatest risk.

--Mark Bole Received on Fri May 07 2004 - 15:52:51 CDT