Link to home
Start Free TrialLog in
Avatar of tamirmilo
tamirmiloFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Encrypting Oracle tablespace

Hello,

I have written an application using Perl and Oracle 11g,
I would like to hide the internal database of the application from my clients.
What is the best way to achieve that?
Can it be possible even if they have sys/system access to the DB?

Many thanks
Tamir
Avatar of johnsone
johnsone
Flag of United States of America image

The only way that I am aware of to keep users with elevated privileges from accessing data is with the Database Vault product.

http://www.oracle.com/technetwork/database/options/database-vault/index-085211.html
Avatar of slightwv (䄆 Netminder)
slightwv (䄆 Netminder)

My Oracle Vault knowledge is limited so I could be way off.  Just going from memory on something I think I read a while back.

Even using Vault you might not be able to do it unless you want called every time the database is started.

The way I understand this to work is a Wallet Manager, separate person from the DBA, needs to open the wallet for the database to open.
ASKER CERTIFIED SOLUTION
Avatar of johnsone
johnsone
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of tamirmilo

ASKER

Hi,
So VAULT is not really an option for me...
I will useDBMS_CRYPTO...
Can the users able to decrypt it?
Many thanks,
Tamir
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Yes, vault is expensive.  Encrypting hides it to a certain extent from the admins, but they still have access to it and most likely could decrypt it if they really wanted to take the time.

If you absolutely want them out of the data, vault is the only way I know to keep them out.

If you want to make it difficult for them to view the real data, then encrypting it should be sufficient.
Thank you very much. All the best