Hiding/Encrpting Data from DBA/Developers

**ronnie** · 01-09-2006 04:24 PM

Hi,

We have been asked to implement the company wide annual review system and are faced with a situation where the data needs to be hidden from the DBA as well as the developers.

Any ideas or pointers to the right direction would be of immense help.

Thanks
Ron

**davey23uk** · 01-09-2006 04:28 PM

you cant hide data from dba's - you can only encrypt it

**ronnie** · 01-09-2006 04:42 PM

Originally Posted by davey23uk

you cant hide data from dba's - you can only encrypt it

If the DBA is encrypting the data he can see it if he wants to as he would be knowing how to decrypt it. Please correct me if I am wrong as I never had to implement encryption n the past.

-Ron

**dbasan** · 01-09-2006 04:53 PM

Originally Posted by ronnie

If the DBA is encrypting the data he can see it if he wants to as he would be knowing how to decrypt it. Please correct me if I am wrong as I never had to implement encryption n the past.

-Ron

We can also put it this way:
One who insert's the data can encrypt the data which may not be seen even by the DBA's. Needs Oracle advanced security incorporating Kerberos and other security protocols(if i am right).

Once a banking client came to me asking to decrypt the invisible data which was encrypted by the security manager(who quit!!)

**sambavan** · 01-09-2006 07:14 PM

Remember when you encrypt data with oracle, you have a way to preserve the encryption key. If you lose your key you lose your access.

Big Bucks !!!

Sam

**waitecj** · 01-10-2006 08:11 AM

Hire a trustworthy DBA?

**tamilselvan** · 01-10-2006 10:19 AM

Originally Posted by ronnie

Hi,

We have been asked to implement the company wide annual review system and are faced with a situation where the data needs to be hidden from the DBA as well as the developers.

Any ideas or pointers to the right direction would be of immense help.

Thanks
Ron

How do you encrypt paper doc?

Tamil

**jmodic** · 01-10-2006 10:29 AM

Originally Posted by tamilselvan

How do you encrypt paper doc?
l

They probably don't. But it is trivial to deny access to the confidential paper docs to anyone who is not authorized to see them, no?

They can't deny access to the confidential data in the database from DBAs, so the only option is to make those confidential data "readable" for the authorized database users only. And data encription is the way to go in such situation. Only the authorized users will have the access to the encription keys, regardless of wether they are DBAs or not.

**ronnie** · 01-11-2006 04:51 PM

Pardon me from being silly here bit isnt it the DBA who will encrypt the data in the first place and would also know how to decrypt it.

Originally Posted by jmodic

They probably don't. But it is trivial to deny access to the confidential paper docs to anyone who is not authorized to see them, no?

They can't deny access to the confidential data in the database from DBAs, so the only option is to make those confidential data "readable" for the authorized database users only. And data encription is the way to go in such situation. Only the authorized users will have the access to the encription keys, regardless of wether they are DBAs or not.

**davey23uk** · 01-11-2006 04:55 PM

doesnt have to - can be the application

Thread: Hiding/Encrpting Data from DBA/Developers

Thread Tools

Display

Hiding/Encrpting Data from DBA/Developers

Bookmarks

Bookmarks

Posting Permissions