Re: Encryption (Oracle8i) ????

Thomas Kyte wrote:
>
> In article <3B4721EC.C2F908C0_at_home.com>, Paul says...
> >
> >Thomas Kyte wrote:
> >
> >> In article <3B44D6C0.4BF29E3B_at_attws.com>, "Daniel says...
> >> >
> >> >jcg wrote:
> >> >
> >> >> I'm very interest by the DBMS_OBFUSCATION_TOOLKIT package.
> >> >> Is anybody knows where I can find it ?
> >> >> Jean christophe
> >> >
> >> >Oracle 8i Enterprise Edition.
> >> >
> >> >Daniel A. Morgan
> >> >
> >>
> >>And SE and PE -- dbms_obfuscation_toolkit is in all -- maybe you are thinking of
> >> the Advanced Security Option for network encryption.
> >>
> >> To install dbms_obfuscation_toolkit, simply execute catobtk.sql
> >> found in $ORACLE_HOME/rdbms/admin using SVRMGRL when connected
> >> as SYS or INTERNAL using SVRMGRL in 8i.
> >
> >Tom,
> >
> >Just kidding around here, but you can execute catobtk.sql just fine in sqlplus.
> >(I've been weaning myself from svrmgrl for some time now).
> >
>
> For oracle8i release 3 and below -- all scripts in $ORACLE_HOME/rdbms/admin
> should be executed using svrmgrl. Many (most) run fine in sqlplus -- some do
> not. My blanket recommendation is to use svrmgrl for all since I know that they
> ALL work with svrmgrl.
>
> In 9i of course, sqlplus is the only tool to use on them since svrmgrl doesn't
> even exist.
>
> >Thanks for the examples of dbms_obfuscation_toolkit on your site.
> >(used the example yesterday for excrypting accounting info).
> >and I see that your book "Expert one on one Oracle" is now shipping .
> >I was fortunate enough to pick up a preview copy at IOUG in Orlando - and was
> >very
> >impressed by the 3 chapters.
> >
> >One follow-up question concerning the use of obfuscation - key management.
> >Do you store the key in the package body, compile the package such that the code
> >in
> >the body is not human readable? What if someone wants to store various keys
> >within
> >the database, but the canned app is using the 'SELECT ANY TABLE' sys priv?
> >
>
> Well, I actually go over this a bit in the book. Key management is totally up
> to you -- it is the thing you must tackle. I go over the obvious approaches
>
> o have the client app manage and store the key (you need to use ASO with this
> to encrypt the keys on the network)
>
> o store the keys in the same database
>
> o store the keys in the file system with the database
>
> All of them can be subverted by someone smart enough or with enough time on
> their hands. They are just like keys to a car -- get them and you got the car.
> If you cannot trust the people guarding the keys -- you have big problems.
>
>
>
> >Or should I just have posted this at http://asktom.oracle.com/ ?
> >
> >thanks in advance,
> >
> >Paul
> >
> >
> >
> >
>
> --
> Thomas Kyte (tkyte@us.oracle.com) http://asktom.oracle.com/
> Expert one on one Oracle, programming techniques and solutions for Oracle.
> http://www.amazon.com/exec/obidos/ASIN/1861004826/
> Opinions are mine and do not necessarily reflect those of Oracle Corp

or at least in sqlplus issue

set define off

first... Some of the comments in the scripts have a "&"

hth
connor

-- 
==============================
Connor McDonald

http://www.oracledba.co.uk

"Some days you're the pigeon, some days you're the statue..."