Re: Hiding of sensitive information
- From: Michael Wehrle <michaelw436@xxxxxxxxx>
- To: JBECKSTROM@xxxxxxxxx
- Date: Thu, 25 Mar 2010 21:52:49 -0400
Jeffrey, I suppose you are calling hiding information and protecting
information two different things. VPD and security policies will work well
to hide data. If you are speaking of sensitive data of the nature that
compliance needs to be a consideration, then that is a different question
altogether. If protecting this data is indeed part of your dilemma, then an
encryption option is likely necessary. I use custom encryption using
DBMS_CRYPTO through custom encrypt and decrypt functions at my current
workplace. Sharon mentioned Oracle's Database Vault for encryption, which
seems to be transparent to the user. Either way, be careful how you access
the data if you need it to stay protected. I have identified a way that
protected data can be captured by the AWR through bind variables. Take a
look at my blog post on that if you are more interested:
http://iamsys.wordpress.com/2010/03/16/how-to-protect-sensitive-bind-data-in-redo-logs/
<http://iamsys.wordpress.com/2010/03/16/how-to-protect-sensitive-bind-data-in-redo-logs/>
Thanks,
Michael Wehrle
Oracle Certified DBA
On Thu, Mar 25, 2010 at 8:35 AM, Jeffrey Beckstrom <JBECKSTROM@xxxxxxxxx>wrote:
> My question is how are people hiding sensitive information in a
> Production database. For example, we are running Oracle Applications 11i
> and would like to protect some fields so that only a few people can see the
> column. In such an instance, would you setup a virtual private database
> with column level security or what? Since this is a packaged application,
> there is no access to the code.
>
>
> Jeffrey Beckstrom
> Database Administrator
> Greater Cleveland Regional Transit Authority
> 1240 W. 6th Street
> Cleveland, Ohio 44113
>
Other related posts:
