This is not a bad approach. If you want better assurances that the data is
unrecoverable, you may want to repeat this exercise several times (maybe up
to 16?) using different values each time. This improves the chances that a
disk removed from the system will stand up to laboratory analysis without
yielding (much) useful data.
Sadly, the method probably won't guarantee that you will scrub every byte
in every block. Results ought to be better, though, if you take a few
extra steps like setting PCTFREE to 0, and so on. If you go about it
carefully, you should have a pretty high assurance that there will be
little or no recoverable data left behind.
If you want to be absolutely certain, though, *replace the disks and
physically destroy the old ones*. Depending on the security standard you
are trying to satisfy, this might even be necessary. ASM can make this an
online operation, but if you are running close to your physical storage
capacity, you might find yourself spending a lot of time rebalancing to
achieve this.
Disks are generally pretty cheap -- particularly in comparison to software
licenses for TDE. Removing your old disks and destroying them may be more
cost-effective than you would at first imagine it to be.
On Thu, Jul 9, 2015 at 12:36 PM, Powell, Mark <mark.powell2@xxxxxx> wrote:
Not that I have ever heard of.
For a purely Oracle approach to solving this issue If this is a critical
function then after creating a new TDE encrypted tablespace and moving the
data to the new tablespace allocate a new single varchar2 column table in
the old tablespace. Populate the dummy table with a constant value till
the table has filled the tablespace. Now you should be able to drop the
tablespace including contents and know that no business information can be
gleamed directly from the file contents.
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]
On Behalf Of Rob Lockard
Sent: Thursday, July 09, 2015 11:19 AM
To: oracle-l
Subject: Re: ASM Secure Delete
Is there an ASM utility to secure delete data files in ASM, such as the
shred utility in linux? When moving data to encrypted tablespaces there is
a need to make sure there are no ghost copies of the data. Thanks, -Rob
--
================================
"You can't hardware yourself out of a problem you softwared yourself into."
Cary Millsap
Robert P. Lockard
www.oraclewizard.com
(c) 571.276.4790
--
//www.freelists.org/webpage/oracle-l
