Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Encryption (Oracle8i) ????

Re: Encryption (Oracle8i) ????

From: Thomas Kyte <tkyte_at_us.oracle.com>
Date: Sat, 21 Jul 2001 21:31:55 GMT
Message-ID: <9i7bag071i@drn.newsguy.com> 






In article <3B4721EC.C2F908C0_at_home.com>, Paul says...


>

>Thomas Kyte wrote:

>

>> In article <3B44D6C0.4BF29E3B_at_attws.com>, "Daniel says...

>> >

>> >jcg wrote:

>> >

>> >> I'm very interest by the DBMS_OBFUSCATION_TOOLKIT package.

>> >> Is anybody knows where I can find it ?

>> >> Jean christophe

>> >

>> >Oracle 8i Enterprise Edition.

>> >

>> >Daniel A. Morgan

>> >

>>

>>And SE and PE -- dbms_obfuscation_toolkit is in all -- maybe you are thinking of

>> the Advanced Security Option for network encryption.

>>

>> To install dbms_obfuscation_toolkit, simply execute catobtk.sql

>> found in $ORACLE_HOME/rdbms/admin using SVRMGRL when connected

>> as SYS or INTERNAL using SVRMGRL in 8i.

>

>Tom,

>

>Just kidding around here, but you can execute catobtk.sql just fine in sqlplus.

>(I've been weaning myself from svrmgrl for some time now).

>




For oracle8i release 3 and below -- all scripts in $ORACLE_HOME/rdbms/admin
should be executed using svrmgrl.  Many (most) run fine in sqlplus -- some do
not.  My blanket recommendation is to use svrmgrl for all since I know that they
ALL work with svrmgrl.



In 9i of course, sqlplus is the only tool to use on them since svrmgrl doesn't
even exist.



>Thanks for the examples of dbms_obfuscation_toolkit on your site.

>(used the example yesterday for excrypting accounting info).

>and I see that your book "Expert one on one Oracle" is now shipping .

>I was fortunate enough to pick up a preview copy at IOUG in Orlando - and was

>very

>impressed by the 3 chapters.

>

>One follow-up question concerning the use of obfuscation - key management.

>Do you store the key in the package body, compile the package such that the code

>in

>the body is not human readable? What if someone wants to store various keys

>within

>the database, but the canned app is using the 'SELECT ANY TABLE' sys priv?

>




Well, I actually go over this a bit in the book.  Key management is totally up
to you -- it is the thing you must tackle.  I go over the obvious approaches



o have the client app manage  and store the key (you need to use ASO with this
to encrypt the keys on the network)



o store the keys in the same database



o store the keys in the file system with the database



All of them can be subverted by someone smart enough or with enough time on
their hands.  They are just like keys to a car -- get them and you got the car. 
If you cannot trust the people guarding the keys -- you have big problems.





 



>Or should I just have posted this at http://asktom.oracle.com/ ?

>

>thanks in advance,

>

>Paul

>

>

>

>



--
Thomas Kyte (tkyte@us.oracle.com)             http://asktom.oracle.com/ 
Expert one on one Oracle, programming techniques and solutions for Oracle.
http://www.amazon.com/exec/obidos/ASIN/1861004826/  
Opinions are mine and do not necessarily reflect those of Oracle Corp 


Received on Sat Jul 21 2001 - 16:31:55 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US