Hiding/Encrpting Data from DBA/Developers
DBAsupport.com Forums - Powered by vBulletin
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Hiding/Encrpting Data from DBA/Developers

  1. #1
    Join Date
    Mar 2001
    Location
    New York , New York
    Posts
    577

    Hiding/Encrpting Data from DBA/Developers

    Hi,

    We have been asked to implement the company wide annual review system and are faced with a situation where the data needs to be hidden from the DBA as well as the developers.

    Any ideas or pointers to the right direction would be of immense help.

    Thanks
    Ron
    Ronnie
    ronnie_yours@yahoo.com

    You can if you think you can.

  2. #2
    Join Date
    Sep 2002
    Location
    England
    Posts
    7,333
    you cant hide data from dba's - you can only encrypt it

  3. #3
    Join Date
    Mar 2001
    Location
    New York , New York
    Posts
    577
    Quote Originally Posted by davey23uk
    you cant hide data from dba's - you can only encrypt it

    If the DBA is encrypting the data he can see it if he wants to as he would be knowing how to decrypt it. Please correct me if I am wrong as I never had to implement encryption n the past.

    -Ron
    Ronnie
    ronnie_yours@yahoo.com

    You can if you think you can.

  4. #4
    Join Date
    Mar 2004
    Location
    DC,USA
    Posts
    650
    Quote Originally Posted by ronnie
    If the DBA is encrypting the data he can see it if he wants to as he would be knowing how to decrypt it. Please correct me if I am wrong as I never had to implement encryption n the past.

    -Ron
    We can also put it this way:
    One who insert's the data can encrypt the data which may not be seen even by the DBA's. Needs Oracle advanced security incorporating Kerberos and other security protocols(if i am right).

    Once a banking client came to me asking to decrypt the invisible data which was encrypted by the security manager(who quit!!)
    "What is past is PROLOGUE"

  5. #5
    Join Date
    Oct 2000
    Location
    Saskatoon, SK, Canada
    Posts
    3,925
    Remember when you encrypt data with oracle, you have a way to preserve the encryption key. If you lose your key you lose your access.

    Big Bucks !!!

    Sam
    Thanx
    Sam



    Life is a journey, not a destination!


  6. #6
    Join Date
    Jul 2002
    Location
    Northampton, England
    Posts
    612
    Hire a trustworthy DBA?
    Assistance is Futile...

  7. #7
    Join Date
    May 2000
    Location
    ATLANTA, GA, USA
    Posts
    3,135
    Quote Originally Posted by ronnie
    Hi,

    We have been asked to implement the company wide annual review system and are faced with a situation where the data needs to be hidden from the DBA as well as the developers.

    Any ideas or pointers to the right direction would be of immense help.

    Thanks
    Ron
    How do you encrypt paper doc?

    Tamil

  8. #8
    Join Date
    Dec 2000
    Location
    Ljubljana, Slovenia
    Posts
    4,439
    Quote Originally Posted by tamilselvan
    How do you encrypt paper doc?
    l
    They probably don't. But it is trivial to deny access to the confidential paper docs to anyone who is not authorized to see them, no?

    They can't deny access to the confidential data in the database from DBAs, so the only option is to make those confidential data "readable" for the authorized database users only. And data encription is the way to go in such situation. Only the authorized users will have the access to the encription keys, regardless of wether they are DBAs or not.
    Jurij Modic
    ASCII a stupid question, get a stupid ANSI
    24 hours in a day .... 24 beer in a case .... coincidence?

  9. #9
    Join Date
    Mar 2001
    Location
    New York , New York
    Posts
    577
    Pardon me from being silly here bit isnt it the DBA who will encrypt the data in the first place and would also know how to decrypt it.



    Quote Originally Posted by jmodic
    They probably don't. But it is trivial to deny access to the confidential paper docs to anyone who is not authorized to see them, no?

    They can't deny access to the confidential data in the database from DBAs, so the only option is to make those confidential data "readable" for the authorized database users only. And data encription is the way to go in such situation. Only the authorized users will have the access to the encription keys, regardless of wether they are DBAs or not.
    Ronnie
    ronnie_yours@yahoo.com

    You can if you think you can.

  10. #10
    Join Date
    Sep 2002
    Location
    England
    Posts
    7,333
    doesnt have to - can be the application

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width