Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Where to keep encryption key , DB?

Where to keep encryption key , DB?

From: NetComrade <andreyNSPAM_at_bookexchange.net>
Date: Fri, 12 Oct 2001 19:29:42 GMT
Message-ID: <3bc7405b.2778536704@news.globix.com> 





We are planning to store credit card #'s in our database..



We are looking into different options to encrypt CC #'s, one is to use
oracle's built in  dbms_obfuscation_toolkit.



The question is, where do we store the encryption key?



I thought of creating a separate account in the db just to hold that
function, and just grant execute on it to a user that needs to execute
it, but not see the code of the function.. The thing is, if you grant
execute to userB, userB's all_source can see the source of the
function..



How woud you do it? (or did you already)



If we are to store the key in let's say some C code, that we'd have to
redploy our application each time we are changing the key..



BTW, what are the general industry standards to change the key (how
often, etc, etc)



Any help is greatly appreciated.


.......


We use Oracle 8.1.6-8.1.7 on Solaris 2.6, 2.7 boxes

Andrey Dmitriev	 eFax: (978) 383-5892  Daytime: (917) 750-3630
AOL: NetComrade	 ICQ: 11340726 remove NSPAM to email


Received on Fri Oct 12 2001 - 14:29:42 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US