Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Does the Oracle wrap utility actually "encrypt" the existing oracle schema structure?

Posted on 2008-06-12
2
Medium Priority
?
1,311 Views
Last Modified: 2013-12-19
Hi,

      I need to secure our Oracle db from unauthorized changes to the schema. The db is not in a development\production environment. It is strickly holding non-sensitive data, however, one of our security requirements is to have the Oracle Database Source Code Object Encryption - encrypted. Is the wrap utility used for this purpose? What does obfuscation offer? We simply do not want the existing Oracle schema to be tampered with and become unusable. Could someone clarify if the wrap utility or obfuscation utility is only used for a development environment or could it be used to protect the existing Oracle db schema?

Thanks, MissyMadi
0
Comment
Question by:missymadi
  • 2
2 Comments
 
LVL 23

Expert Comment

by:David
ID: 21770016
No, it masks the code, but may be readily hacked.  You might google further for specifics.  Wrap is used for PL/SQL objects, to protect the modules from casual viewing.  As far as having the schema objects tampered with, you have other security measures to work with such as roles and fine-grained auditing.
0
 
LVL 23

Accepted Solution

by:
David earned 500 total points
ID: 21770046
1. Obfuscation  Obfuscation is not technically encryption.  Obfuscation simply obscures and makes your data apparently useless.  Advanced decryption techniques can break obfuscation, yet obfuscation makes casual data theft\ unlikely among threats inside or outside your organization unless sophisticated and time- consuming techniques are employed to break the obfuscation keys.

2. DES Encryption  DES Encryption is the certified encryption standard provided by the Oracle Corporation through their package DBMS_Obfuscation_Toolkit.  The Encryption Wizard utilizes a 64 bit key to protect your data.

3. Triple DES Encryption  Triple DES Encryption (3DES) is a response to advanced techniques used to break standard DES encrypted data.  With Triple DES, a data value is encrypted recursively using three 64-bit keys to insure an almost infinite number of key combinations. Currently the Encryption Wizard uses the Triple DES scheme:

C=Ek3(Dk2(Ek1(P)))

4. AES 128-bit Encryption - AES (Advanced Encryption Standard) encryption is available to  Oracle 10g users through the new DBMS_Crypto toolkit.  AES encryption is more secure than DES Encryption and we have tested it as 20% faster on small and medium-sized tables.

5. AES 256-bit  Encryption - 256-bit AES encryption uses large 32 byte encryption keys. This encryption  type also is called through Oracle's certified DBMS_Crypto toolkit and is only available to Oracle 10g  users.

Source: http://www.relationalwizards.com/html/ora_encyrption.html
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cursors in Oracle: A cursor is used to process individual rows returned by database system for a query. In oracle every SQL statement executed by the oracle server has a private area. This area contains information about the SQL statement and the…
Checking the Alert Log in AWS RDS Oracle can be a pain through their user interface.  I made a script to download the Alert Log, look for errors, and email me the trace files.  In this article I'll describe what I did and share my script.
This video shows information on the Oracle Data Dictionary, starting with the Oracle documentation, explaining the different types of Data Dictionary views available by group and permissions as well as giving examples on how to retrieve data from th…
This video shows how to configure and send email from and Oracle database using both UTL_SMTP and UTL_MAIL, as well as comparing UTL_SMTP to a manual SMTP conversation with a mail server.

879 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question