Encryption means that the data is scrambled when you look at it but it can be "unscrambled". There are two points of scrambling:

  • During transmission across the network (especially the Internet)
  • Within the data itself

Encrypted Transmission#

We can encrypt the data transmission using the HTTP Secure Socket Layer (HTTPS) protocol. Follow the directions in Configuring SSL for your application server. IN addition, as part of the Oracle Advanced Security Option, Network Encryption is also available (Enterprise Edition needed).

Transparent Data Encryption (TDE)#

An ORACLE magazine article describes this facility, as of the Oracle 10G data base. Note that TDE is part of the Oracle Advanced Security Option of the Oracle Enterprise Edition.

We can encrypt as many fields as is desired without modification of the application, by using Oracle's built-in "Transparent Data Encryption" with the user's choice of 4 different algorithms... Advanced Encryption Standard (AES) with 128 bit, 192 bit (default), 256 bit encryption or 168 bit triple Data Encryption Standard (3DES) This article from Oracle describes how to do it.

http://www.oracle.com/technology/oramag/oracle/05-sep/o55security.html

For example:

  1. CREATE directory WALLET under $ORACLE_HOME\admin\sid (where udump, bdump, etc)
  2. CONNECT as SYSDBA in SQL
  3. alter system set encryption key authenticated by "<encryptkey>";
  4. alter table p2k.p2k_hr_identities modify(government_code encrypt);
This facility has not been tested with Personality. No application restrictions are in place that would obviously prevent its successful use.


Notes #

Click to create a new notes page