Re: Security Question - how do you deal with sensitive information hardcoded in SQL statements
- From: Jared Still <jkstill@xxxxxxxxx>
- To: Michael Wehrle <michaelw436@xxxxxxxxx>
- Date: Thu, 5 May 2011 08:06:28 -0700
On Wed, May 4, 2011 at 6:28 PM, Michael Wehrle <michaelw436@xxxxxxxxx>wrote:
> Jared, sorry about the link. It looks like they have since moved the Oracle
> By Example series into an Apex site that uses Single Sign On. Go to
> www.oracle.com/technetwork/tutorials/index.html, then click on the link at
> the bottom to access the "learning library". Once you have logged in, you
> can search for "Using Transparent Data Encryption for Database 10g Release
> 2".
>
>
Thanks, I will look for that.
> As far as the patch, it was a one-off for my previous employer. And it took
> lots of support calls, involving VP level and above, finally involving some
> backline engineers to fix the problem. I am not sure what they would do if
> you asked for the same patch, since its not publicly searchable. It never
> hurts to ask about it though, since its truly a security issue for everyone,
> that is not easily worked around.
>
>
Have you tried this in 11g?
It seems to me that failure to encrypt the data in AWR is a bug.
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist
Oracle Blog: http://jkstill.blogspot.com
Home Page: http://jaredstill.com
Other related posts:
