-
Protect data from DBA at database level??
Is it possible to protect sensitive data from a DBA at a database level using something besides FGAC, dbms_obfuscation and auditing??
I have a potential client who was telling me that all major financial customers that operate under HIPPA security use some tool to do this. The guy wasn't able to give me the name of the tool..but that's another matter!
I've never maintained databases for major financial institutions. Can someone shed some light? Are there some 3rd party tools available to do this stuff?
-
possibly you can encrypt the confidential fields. Check for Oracle 9i New Features, u may find some solutions.
Dilip Patel
OCP 8i
Catch me online at Yahoo: ddpatel256
-
Originally posted by Dilippatel
possibly you can encrypt the confidential fields. Check for Oracle 9i New Features, u may find some solutions.
Just wondering.. Can this encrypted data be hacked through logminer ??
Sanjay G.
Oracle Certified Professional 8i, 9i.
"The degree of normality in a database is inversely proportional to that of its DBA"
-
Just about everything in the database is supposedly sensitive. Encrypting fields is not feasible.
Anyone out there managing databases for major financial institutions (banks, mutual funds, etc)? What's the norm?
-
Revoke DBA privileges from the DBA
I wonder how feasible is it to store all data in encrypted format?
Just a vague/stupid idea, how about granting all the privileges in the DBA role, then revoking (SELECT, DELETE, UPDATE, INSERT ) ANY TABLE privileges. This will enable the dba to any operation but not see data. Of course you will need a SUPER dba who will do this, again she/he can see data, so no point.
Last edited by patnams; 07-22-2004 at 03:26 PM.
Sridhar R Patnam
-
Originally posted by patnams
Just a vague/stupid idea, how about granting all the privileges in the DBA role, then revoking (SELECT, DELETE, UPDATE, INSERT ) ANY TABLE privileges. This will enable the dba to any operation but not see data. Of course you will need a SUPER dba who will do this, again she/he can see data, so no point.
You think a DBA can't re-grant them to himself ???
Sanjay G.
Oracle Certified Professional 8i, 9i.
"The degree of normality in a database is inversely proportional to that of its DBA"
-
You cannot avoid a DBA from seeing any schema's data, if you can do so then he is not a DBA
funky...
"I Dont Want To Follow A Path, I would Rather Go Where There Is No Path And Leave A Trail."
"Ego is the worst thing many have, try to overcome it & you will be the best, if not good, person on this earth"
-
Originally posted by Axr2
Anyone out there managing databases for major financial institutions (banks, mutual funds, etc)? What's the norm?
Wouldn't know about the norm, the answer seems to be: have a DBA you can trust - not one you just hire "off the street"
http://www.dilbert.com/comics/dilber...2296040720.gif
http://www.dilbert.com/comics/dilber...3486440721.gif
-
Oracle provides a package to encrypt table data, I can't remember it's name at the moment...
Try searching in the Oracle 9i ref.
I highly doubt it can be hacked, just as you can't hack the package body encryption... (many have tried).
-
its dbms_obfuscation, but the OP said he didnt want / cant use that
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|