Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: searching for encrypted fields in data columns

Re: searching for encrypted fields in data columns

From: David Portas <REMOVE_BEFORE_REPLYING_dportas_at_acm.org>
Date: Mon, 1 Mar 2004 21:48:11 -0000
Message-ID: <pa2dnTSUtI9qM97dRVn-ig@giganews.com>


> Firstly, to keep the data contents safe should your system ever be
> hacked. There have been cases where data fell into the wrong hands. If
> that data is in the wrong hands, should it be easily used? Those of us
> who work in some federal govt sites now have a requirement to encrypt
> personal information. Should a hacker gain access to credit cards,
> social security numbers, etc., there are no problems if the data is
> encrypted, unless you left the decryption keys out in the open too. No
> matter how secure your database is, there will always be holes and
> exploits that can be used to gain unwanted access. Encryption is the
> next line of defense after good security policies.

All that is valid if you have some form of access control to your encryption keys which is more secure than the username/password security typically available in the OS and database. Maybe my experience is limited but some (many?) database encryption systems rely only on password-based encryption with password policies no better than those offered by Windows. I realize that better options are available but I wanted to understand whether the OP had some particular requirement in mind or just made an assumption that an encrypted database was inherently more secure than a non-encrypted one.

-- 
David Portas
SQL Server MVP
--
Received on Mon Mar 01 2004 - 15:48:11 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US