* Kevin W. Wall: > Oracle TDE is being looked at as oneoption because it is thought to be > more or less transparent to application itself and its JDBC code.
If it's transparent, it's unlikely to help against relevant attacks, such as dumping the database over JDBC after the application server has been compromised. Non-cryptographic approaches, such database-level access controls, seem better suited for this task (assuming that the database has been set up in a suitable fashion and is itself robust enough to withstand attacks over the client interface). _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
