Re: Security Question - how do you deal with sensitive information hardcoded in SQL statements

Jared, sorry about the link. It looks like they have since moved the Oracle
By Example series into an Apex site that uses Single Sign On. Go to
www.oracle.com/technetwork/tutorials/index.html, then click on the link at
the bottom to access the "learning library". Once you have logged in, you
can search for "Using Transparent Data Encryption for Database 10g Release 2
".

As far as the patch, it was a one-off for my previous employer. And it took
lots of support calls, involving VP level and above, finally involving some
backline engineers to fix the problem. I am not sure what they would do if
you asked for the same patch, since its not publicly searchable. It never
hurts to ask about it though, since its truly a security issue for everyone,
that is not easily worked around.


On Wed, May 4, 2011 at 2:48 PM, Jared Still <jkstill@xxxxxxxxx> wrote:

> On Tue, May 3, 2011 at 11:42 AM, Michael Wehrle <michaelw436@xxxxxxxxx>wrote:
>
>> Jared, I had this issue (possibly similar) a few years back on a 10.2.0
>> database, and Oracle actually provided a patch for it. See my writeup about
>> it here
>> iamsys.wordpress.com/2010/03/16/how-to-protect-sensitive-bind-data-in-redo-logs/,
>> and if you have anymore questions, I will be glad to TRY to remember them,
>> as it was a few years ago.
>>
>>
> Thanks Michael.
>
> The test case referenced in your blog is no longer a valid URL.
> Do you know where to find it now.
>
> Also, the patch number referenced is not even found in MOS, leading
> me to believe it was a one off patch for you or your customer.
>
> Do you have any more info on where to find this in MOS?
>
>
> Jared Still
> Certifiable Oracle DBA and Part Time Perl Evangelist
> Oracle Blog: http://jkstill.blogspot.com
> Home Page: http://jaredstill.com
>
>
>

Other related posts: