TDE for data previously unencrypted
- From: "Kevin Lidh" <kevin.lidh@xxxxxxxxx>
- To: <oracle-l@xxxxxxxxxxxxx>
- Date: Thu, 7 Mar 2013 11:07:03 -0700
I was researching TDE and set up a test in a small Oracle 11.2.0.3 database
on RHEL. I created a table with two rows of "sensitive" unencrypted
information. I opened up my datafile in a hex editor and found my data. I
then created an encrypted tablespace and "alter table move" the table to the
new tablespace and when I open that datafile, I can't find my data. But
when I open the original datafile, I can still see sensitive information. I
verified there were no extents remaining from that table. I understand how
it happened but I'm wondering if there's another way to either move the data
out which clears it or if there's a way to clear it after the fact. I did a
coalesce for fun and now my two sensitive pieces are right next to each
other in the unencrypted datafile.
In our real world environment, the only method that comes to mind is to move
all the remaining and unencrypted data to yet another tablespace and drop
the original but that wouldn't be practical for some of our databases.
Any ideas are surely welcome.
Kevin
--
//www.freelists.org/webpage/oracle-l
Other related posts:
