Re: Security Question - how do you deal with sensitive information hardcoded in SQL statements

  • From: Jared Still <jkstill@xxxxxxxxx>
  • To: Michael Wehrle <michaelw436@xxxxxxxxx>
  • Date: Thu, 5 May 2011 08:06:28 -0700

On Wed, May 4, 2011 at 6:28 PM, Michael Wehrle <michaelw436@xxxxxxxxx>wrote:

> Jared, sorry about the link. It looks like they have since moved the Oracle
> By Example series into an Apex site that uses Single Sign On. Go to
>, then click on the link at
> the bottom to access the "learning library". Once you have logged in, you
> can search for "Using Transparent Data Encryption for Database 10g Release
> 2".
Thanks, I will look for that.

> As far as the patch, it was a one-off for my previous employer. And it took
> lots of support calls, involving VP level and above, finally involving some
> backline engineers to fix the problem. I am not sure what they would do if
> you asked for the same patch, since its not publicly searchable. It never
> hurts to ask about it though, since its truly a security issue for everyone,
> that is not easily worked around.
Have you tried this in 11g?

It seems to me that failure to encrypt the data in AWR is a bug.

Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist
Oracle Blog:
Home Page:

Other related posts: