Re: data masking
- From: "Connor McDonald" <mcdonald.connor@xxxxxxxxx>
- To: oracle-l <oracle-l@xxxxxxxxxxxxx>
- Date: Mon, 4 Aug 2008 21:24:40 +0800
>> We need ship an entire schema to another site. Some data is sensitive,
>> which we'd like to mask with substitution. Our requirements are:
>>
>> 1. Table-Table Data Synchronization
>>
>> A column is a join key to a column in one (or more) other tables. This
>> means data
>>
>> masked in one table must have synchronized data changes in a number of
>> others.
>>
>> For example, changes to the EMPLOYEE_NUMBER column in one table must
>> trigger identical changes in other tables.
>>
>> 2. Consistent Masking
>>
>> We have to ensure that the output is consistent across multiple runs. In
>> practice this means that if the name of employee Joe Smith gets changed to
>> Bill Jones then the next time the database is cloned and sanitized Joe Smith
>> should again appear as Bill Jones.
>>
>>
>>
>> I wonder if there some existing scripts that I can download to do this.
>> If not, could someone recommend a good tool?
>>
>>
>>
>> Dave
>>
You're always up against the sensitivity versus usefulness issue. For
example, if you insist on your requirement (2), then your masker is
1-to-1 which means it would be relatively straightforward using
frequency analysis to unmask your data.
We "rolled our own" masker, using randomised character translations,
made repeatable by using dbms_random.seed. Its not too difficult to
do with a little bit of plsql.
--
Connor McDonald
===========================
email: connor_mcdonald@xxxxxxxxx
web: http://www.oracledba.co.uk
"Semper in excremento, sole profundum qui variat"
--
//www.freelists.org/webpage/oracle-l
Other related posts:
