Can i get some documents on oracle RAC database encryption.?what are the pros and cons of encryption?Does this comes with oracle Database or something we need to buy from oracle sales persons?
View 2 RepliesWe have an application that fetches and writes data into oracle database through pro c. oracle datyabase is on another server.
We are storing some secure information into oracle database so we want to encrypt the data sent by our aplication into oracle database.We do not want to use SSL(i.e certificates) and also do not want to make use of Advance Security Option available in oracle and also do not want to make any changes in sqlnet.ora file on server side.
achieve encryption of traffic between our application and Oracle database?
Is it possible to migrate everything (tables, indexes) from a unencrypted to encrypted tablespaces online i.e. while the database is being used (DML)?
View 3 Replies View RelatedI created a test table with 4 columns(id, first_name,last_name, salary-number ) and then alter table to encrypted salary column . everything is OK.
I insert values into test table. However, I still can see salary value by select SQL.
What is wrong?
my db is oracle 11.2.01 in 2008 SP window
newdba
Our client is having requirements that data should be encrypted through-out the process (from transaction level to backup level).
Requirements are as below -
1) Data should be encrypted and can be access only through application (through front end).
2) Even if pl/sql, sql installed, developer user cannot able to fetch data from database.
3) Even DBA, should not have access to fetch the data from the database.
4) Only assigned DBA, should fetch details from database (provided he/she should have details of database as well as application's user / password).
5) It should be restricted by ip and user details (such as ip of application server with user/password of user).
6) Changes should be purely done from database level only.
We have got a new requirement wherein, The customer wanted the DBA Vendor (US) NOT to access the confidential information (ALL Columns) in the DB tables of PRODUCTION database. This is for few applications to comply with with export control rules. The thin support by Customer DBA will be allowed to access the Data, if required .
1) Web Based Interface ?.
2) DB Encryption (But if we encrypt ALL columns Serious performance issue expected, File level will not restrict DB level access)
3) Special setting on DB (DBA to do only backup and restoration related work only - But cannot access data)
4) Standard Tools / Utilities / Others ??.
Technologies are Oracle ,SQL
While searching for password encryption I came across these statements.
1.Password Encryption While Connecting. This protection is always in force, by default. Passwords are always automatically and transparently encrypted during network (client/server and server/server) connections, using a modified DES (Data Encryption Standard) or 3DES algorithm, before sending them across the network.
Confirm whether by default oracle encrypts the password before sending it to the database across the network even when the clear text password is used for connecting from a jdbc client.
Our Audit Company has given us a recommendation:"Old DB Link encrypted Passwords: The password of the Oracle databases links are encrypted using DES (password starts with 05). This encryption methord is known and users can decrypt the passwords using a simple SQL query. Please recreate the database links to use the new encryption method (password starts with 06)."What does it mean and how can we perform this recommendation?
View 2 Replies View RelatedRecently the Oracle10g database has been migrated to UTF8 character set and the following have failed.
1. The password applied is not getting encrypted and the password contains a spanish characters.
Getting the below error.
"10057:ERROR WHILE ENCRYPTING GIVEN STRING:String:Uñomasuño5.::ORA-28232: invalid input length for obfuscation toolkit:-28232:ORA-28232: invalid input length for obfuscation toolkit"
The algorithm used for encryption DES. I tried with DESENCRYPT , DES3ENCRPYT and MD5 and it failing.
I would like to encode values in a column using SHA-2 (256 bit encryption). Does 10g support SHA-2 and if so how can i implement this?
View 2 Replies View RelatedAny documentation supporting Oracle 11G and Advanced Security stating encryption at rest is FIPS 140-2 compliant?
View 3 Replies View RelatedWe are attempting to configure/use OEM (Oracle 10.2.0.4) on Solaris, and when logging in to OEM we are directed to the Database Down page, stating Enterprise Manager is unable to connect to the database instance, but showing all the components as up/open. After checking the log, I found the following error:
IO exception: Unknown Encryption or Data Integrity algorithm
I checked the settings in emoms.properties and compared the encryption parameters to those in our SQLNet file, and all match up. We are NOT using Grid Control, just db control connecting to 1 instance.
I am trying to setup encryption and have the following entry in my sqlnet.ora file (all on one line).
ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/oracle/10.2.0.1.0/network/admin/encryption_wallet/)))
When I login into my DB I get the following error:
sqlplus ' / as sysdba '
SQL*Plus: Release 10.2.0.1.0 - Production on Fri Sep 24 16:30:49 2010
Copyright © 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options
SQL> ALTER SYSTEM SET ENCRYPTION KEY AUTHENTICATED BY "XXX";
ALTER SYSTEM SET ENCRYPTION KEY AUTHENTICATED BY "XXX"
*
ERROR at line 1:
ORA-28368: cannot auto-create wallet
As you can see the directory is not created.
ls -ld /oracle/10.2.0.1.0/network/admin/encryption_wallet
ls: 0653-341 The file /oracle/10.2.0.1.0/network/admin/encryption_wallet does not exist.
The directory above where I want to create my wallet is owned by oracle, which is the user I am running sqlplus as (see below)
ls -ld /oracle/10.2.0.1.0/network/admin
drwxrwsr-x 4 oracle dba 512 Sep 24 15:45 /oracle/10.2.0.1.0/network/admin
/tmp who am i
oracle pts/1 Sep 24 13:25 (is122.hshhp.com)
how to mask data in oracle 11g database release 1
my environment is
Database: 11g release 1
os: AIX 6 (64 bit)
GC:10g release 1
i have a table that contains employee id, employee name , so if i gave the correct employee id in where clause of select statement it will show employee name, in case if i give the employee id that does not exist in the table it will show 'Employee name is not found'..
View 2 Replies View RelatedIn Sybase, my application was using system tables to perform application login security. Those tables obviously don't exist in Oracle. I am looking for ways to provide the following functionality in an Oracle world:
1. How to determine 'x' days of inactivity based on "last login date"?
2. How to determine when a new user logs in for the first time and force them to change their password?
3. If we need to reset a users password, how can we require the user to change their password?
4. Is there any other option other than storing a user-id/password in the application code for locking a user's account if their account needs to be locked due to inactivity?
5. In the USER_USERS view there is a status column. What the different status's can be?
I encrypted the column but when i check through strings command the data is still not encrypted,i created the wallet etc etc,set proper path in sqlnet.ora
View 3 Replies View RelatedI would like to know the reason why the database is on unencrypted format by default,there must be some reason behind this, i hear from someone that encrypted data degrade performance thats the reasons its on unencrypted format by default.
View 6 Replies View RelatedI am trying to have an encryption logic written in Pl/SQL that could decrypt the value which is encrypted in Dot Net, using AES128 algorithm. Everytime when i try to have the decryption done, i lands up in one or the other error message. Below is the code snippet which i use. create or replace
FUNCTION decryptAES (EncryptedText IN VARCHAR2,EncKey IN VARCHAR2) RETURN VARCHAR2 DETERMINISTIC IS key_bytes_raw RAW (2048); l_ decrypted_raw RAW (2048); encryption_type PLS_INTEGER := DBMS_CRYPTO.ENCRYPT_AES128; BEGIN key_bytes_ raw:= UTL_RAW. CAST_TO_ RAW (EncKey); l_decrypted_raw := dbms_crypto.decrypt (src =>utl_raw.cast_to_raw(EncryptedText), typ => encryption_type, key => key_bytes_raw ); RETURN (UTL_RAW.CAST_TO_VARCHAR2 (l_decrypted_raw)); END decryptAES.
I am trying to set-up network encryption.I have added following parameters to my server side sqlnet.ora file:
SQLNET.ENCRYPTION_SERVER = REQUIRED
SQLNET.ENCRYPTION_CLIENT = REQUIRED
SQLNET.ENCRYPTION_TYPES_SERVER =RC4_256
SQLNET.ENCRYPTION_TYPES_CLIENT =RC4_256
SQLNET.CRYPTO_CHECKSUM_SERVER = REQUIRED
SQLNET.CRYPTO_CHECKSUM_CLIENT = REQUIRED
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = (MD5)
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT = (MD5)
As per my understanding connections should start to fail from client side after addition of these parameter on server side sqlnet.ora (no changes to client side sqlnet.ora).I am still able to connect to this server without connections getting failed.
I already checked aso is installed on this database.Just to add it is a RAC database with 2 nodes.
what steps I am missing or provide a work-around?
1) cat sqlnet.ora
NAMES.DIRECTORY_PATH=(TNSNAMES)
WALLET_LOCATION =
(SOURCE =
[code]...
2) mkdir /u01/app/oracle/secure
ls -ld /u01/app/oracle/secure
drwxr-sr-x 2 oracle dba 512 Sep 28 17:04 /u01/app/oracle/secure
lsnrctl stop
lsnrctl start
3) sqlplus 'sys/sys as sysdba'
SQL*Plus: Release 11.2.0.1.0 Production on Tue Sep 28 17:07:53 2010
SQL> ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "DeciPher";
ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "DeciPher"
*
ERROR at line 1:
ORA-28374: typed master key not found in wallet
I'm doing online business of selling my manufacturing product to my customer through internet. It is so much easy way but with this there are some unwanted threads that might be disturb business working area. I want to keep my customer online data from hacker but have no strong software who minimize or protect them hackers.
View 1 Replies View RelatedMy boss make a requirement in exist database as some user can view salary column at employment table by SQL and some user can view salary column at employment table by SQL.
The boss do not like to make changes front SQL. Ooracle 11g vault or Oracle Label Security is best for this requirement?
my oS is 2008 32 bit window and DB is 11.2.0.1
How to configure Oracle EM with newly created Oracle Instance on Oracle 10g DB,which is Single Instance DB but not RAC ,when I start the Oracle EM it is starting the default DB which created during Oracle Server Installation.
View 0 Replies View RelatedI have created a wallet (11g R2 OEL 5.5) using the OWM.Tried opening the wallet (encryption_wallet_location set in sqlnet.ora). then while creating a table it said the master encryption key is not present. Have created the master key using the following command.
alter system set encryption key identified by "Password";
Here the strange thing i observed is that when we create a wallet using the OWM, it asks for the password and when i open the same wallet the master key is not created and it allows the master key to be generated with the same password that i have created the wallet in the first place with the OWM, with any other passwords it says that the wallet is not open.
After creating the wallet and creating the master key... I have the following questions, and its becoming quite hard to find the solutions as well.
1. Can we have multiple encryption keys... say i want to encrypt a table or column with one key and other with an another key.
2. How many keys can we have for objects in the table? or can we have only one key and many certificates.
3. wallet created, and encrypted tables present, the wallet is not in auto open mode, but somehow the database open after it is shutdown, here no encrypted tablespaces are present.
4. while creating an encrypted tablespace the default storage (encrypt ) has to be added to the add tablespace clause.
We've a requirement to hide particular data set for users, until it's reviewed & approved by admin. This needs to be implemented in our live environment (BO WebI 3.1 and Oracle 10G). We explored below options on the db side but obviously it will increase the maintenance efforts:
1. Implement data level security using Virtual Private Database (VPD) and some flag indicators.
2. Storing approved and unapproved data in different db partitions
I have the following requirement and we are on R12.1.3 with Oracle 11gR2 database on a Linux R5 machine.
1) Sensitive data such as SSN and credit card needs to masked in the oracle seeded table like per_all_people_f etc.
2) This original data should not be visible either from the database (apps user) or via the application. They should both provide the decrypted data to the users.
3) There are a set of users that need point # 2 overridden. That is, they should be able to see the decrypted data using sql on the tables or via the application (front end).
How to get the data access for a temp table ?
View 5 Replies View Relatedi have a column that contains 1 to 100 values but it has some missed data such as it does not has 50,45,34,23 etc..
so how could i find the missed data alone in a single query..
i have a field referring to a password and i need to hide the data input when entered for security purposes.
example if the user enters 1111 the form displays ****