Posted by z@hid on 10/09/06 09:19

Try DBMS_OBFUSCATION package for encryption and decryption.

You may see this link to know more about security.

VPD and there is another thing called OLS.

Both are explained well
http://free-advisory.com/forums/oracle/YaBB.pl?num=1159027877

Regards,


Mladen Gogala wrote:
> On Sat, 07 Oct 2006 17:14:58 -0400, OFM wrote:
>
> > I am running an oracle database with the application written in PHP.
> >
> > I would like to be able to have the option to encrypt data residing in
> > certain columns in certain tables i.e. encrypt the SSNO column but not
> > the Fname column. I would like to keep it in its encrypted form in the
> > database but I would like to be able to show it to certain privileged
> > people based on a password.
> >
> > Can public key encryption be incorporated here in the php application
> > such that if I can encrypt the data based on a key that in it self can
> > be encrypted in a way that you can revoke certain passwords if the
> > employee leaves - much that same way you have revocation lists
> > management in PGP.
> >
> > Are there any suggestions on how to go about incorporating FLEXIBLE
> > encryption of data with PHP and Oracle?
> >
> > Any help appreciated.
>
> Oracle has something called "Advanced Security Option" which is a
> commercial product and allows encryption of the entire database or parts
> of it. There is also something called "VPD" (Virtual Private Database)
> which allows users to see only the parts of the database they're entitled
> to see. It takes a bit to set up, but it works really well. As for
> revoking employee authorization once the employment is terminated, it
> should be a standard practice. HR should have an application that would
> disable VPN logins and logins to web visible applications and high
> priority tickets to immediately revoke all access privileges should be
> assigned to both system administration group and DBA group. Security is
> not a part of an application, security is a philosophy that the company
> must adhere to in everything it does.
>
> --
> http://www.mladen-gogala.com

• Next in forum: Re: opening a page with the sole purpose of running an sql statement
• Prev in forum: Re: php condition in a tabel with html and php
• Thread view: Re: Oracle and Encryption

[Reply to this message]