I could see a reason to encrypt the data so that "even a DBA can not see
it". Our company has formulas and mixtures that are kept extremely
confidential. Very few people need to know, very few people do know. In
addition, those "in the know" have determined that we need a central
repository for this information, such as a database. Once the info is
loaded and encrypted "so that even a DBA can not see it", the data should be
safe from interior eyes (employees) and exterior eyes (hackers). This may
not be the best method to secure the information, but it is one that we have
considered. And I do feel that they trust me here with their data even if I
could not view it. If they didn't, I'm sure I would be looking for another
job.
Mark Willett
Corporate Database Administrator
Sunnen Products Company
E-mail: [EMAIL PROTECTED]
----------------------------------------------------------------------------
----------------
The statements and opinions expressed herein are my own and do not
necessarily reflect those of Sunnen Products Company.
----------------------------------------------------------------------------
---------------
-----Original Message-----
Sent: Thursday, May 17, 2001 1:07 PM
To: Multiple recipients of list ORACLE-L
Yes you can encrypt the data, or you could invest in Trusted Oracle. But
the
question really becomes one of what are you trying to do. If the problem is
that you question the integrity of the DBA that becomes a management
problem.
On the other hand, if you don't question his/her integrity then what's the
problem? Most DBA's that I know of, myself included, don't have the time
and/or
inclination to browse through application data no matter how sensitive it
may
be. And on top of all that, the data in your database is not your personal
property, but the property of your employer and the DBA is one of his
employees.
He/she just happens to have GOD privileges and is intrusted with the
security
and integrity of all of the data. That's why he/she has those privileges.
Dick Goulet
____________________Reply Separator____________________
Author: Paul Drake <[EMAIL PROTECTED]>
Date: 5/16/2001 9:55 PM
"A. Bardeen" wrote:
>
> You can encrypt using only a 56-bit key (the key
> length limitation is a requirement of US regulations
> governing the export of cryptographic products).
>
> HTH,
>
> -- Anita
Hi Anita.
Ahmadsyah,
I believe that you also have to pad the string to a length that is a
multiple of 8 characters.
Your key string was 10 characters.
here's the obligatory link to the fine manual: (that includes a code
example)
http://technet.oracle.com/doc/oracle8i_816/server.816/a76936/dbms_obf.htm#65
18
Paul
>
> --- Ahmadsyah Algozhi Nugroho <[EMAIL PROTECTED]>
> wrote:
> > I'm using Oracle 8.1.7.
> > there was an error
> > ERROR at line 1:
> > ORA-28232: invalid input length for obfuscation
> > toolkit
> > ORA-06512: at "SYS.DBMS_OBFUSCATION_TOOLKIT_FFI",
> > line 0
> > ORA-06512: at "SYS.DBMS_OBFUSCATION_TOOLKIT", line
> > 33
> > ORA-06512: at "SCOTT.IAO_PROTECT", line 15
> > ORA-06512: at line 1
> >
> > I check thath my key and my input string is
> > varchar12(10).
> > Key = 0123456789
> > input string = 'testtestte'
> >
> > dbms_obfuscation_toolkit.desencrypt (
> > input_string => 'testtestte'
> > , key_string => '1234567890'
> > , encrypted_string => vEncrypted
> > );
> > Am I forget something?
> >
> > TIA,
> >
> >
> > Ahmadsyah Alghozi Nugroho
> > Database Engineering Specialist
> > PT Infoglobal AutOptima
> > Jl. Baruk Tengah I/49
> > Surabaya - Jawa Timur
> > phone : +62 (31) 8708456 ext.113
> > > From: Srinagesh Battula
> > [mailto:[EMAIL PROTECTED]]
> > > Sent: Thursday, May 17, 2001 7:26 AM
> > > To: Multiple recipients of list ORACLE-L
> > > Subject: RE: How to make DBA cannot 'see' User's
> > Tables?
> > >
> > >
> > >
> > > You can encrypt & Decrypt data using the
> > > DBMS_OBFUSCATION_TOOLKIT package
> > > (comes with 8.1.6)
> > >
> > > Srinagesh "What do I know any way" Battula
> > >
> > > > -----Original Message-----
> > > > From: Khedr, Waleed
> > [mailto:[EMAIL PROTECTED]]
> > > > Sent: Wednesday, May 16, 2001 4:21 PM
> > > > To: Multiple recipients of list ORACLE-L
> > > > Subject: RE: How to make DBA cannot 'see' User's
> > Tables?
> > > >
> > > >
> > > > Data Encryption?
> > > >
> > > > -----Original Message-----
> > > > Sent: Wednesday, May 16, 2001 7:01 PM
> > > > To: Multiple recipients of list ORACLE-L
> > > >
> > > >
> > > >
> > > > Dear gurus,
> > > > How to make DBA cannot 'see' user's datas?
> > > > I build an application which very important and
> > top secret
> > > > even DBA cannot
> > > > 'see' this data. But DBA can backup this
> > data.What is the
> > > > solution for this
> > > > problem?
> > > >
> > > > TIA,
> > > >
> > > >
> > > > Ahmadsyah Alghozi Nugroho
> > > > Database Engineering Specialist
> > > > PT Infoglobal AutOptima
> > > > Jl. Baruk Tengah I/49
> > > > Surabaya - Jawa Timur
> > > > phone : +62 (31) 8708456 ext.113
> > > >
> > > > --
> > > > Please see the official ORACLE-L FAQ:
> > http://www.orafaq.com
> > > > --
> > > > Author: Khedr, Waleed
> > > > INET: [EMAIL PROTECTED]
> > > >
> > > > Fat City Network Services -- (858) 538-5051
> > FAX: (858) 538-5051
> > > > San Diego, California -- Public Internet
> > access /
> > > Mailing Lists
> > > >
> >
> --------------------------------------------------------------------
> > > > To REMOVE yourself from this mailing list, send
> > an E-Mail message
> > > > to: [EMAIL PROTECTED] (note EXACT spelling of
> > 'ListGuru') and in
> > > > the message BODY, include a line containing:
> > UNSUB ORACLE-L
> > > > (or the name of mailing list you want to be
> > removed from). You may
> > > > also send the HELP command for other information
> > (like subscribing).
> > > >
> > > --
> > > Please see the official ORACLE-L FAQ:
> > http://www.orafaq.com
> > > --
> > > Author: Srinagesh Battula
> > > INET: [EMAIL PROTECTED]
> > >
> > > Fat City Network Services -- (858) 538-5051
> > FAX: (858) 538-5051
> > > San Diego, California -- Public Internet
> > access / Mailing Lists
> > >
> >
> --------------------------------------------------------------------
> > > To REMOVE yourself from this mailing list, send an
> > E-Mail message
> > > to: [EMAIL PROTECTED] (note EXACT spelling of
> > 'ListGuru') and in
> > > the message BODY, include a line containing: UNSUB
> > ORACLE-L
> > > (or the name of mailing list you want to be
> > removed from). You may
> > > also send the HELP command for other information
> > (like subscribing).
> > >
> >
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Auctions - buy the things you want at great prices
> http://auctions.yahoo.com/
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> --
> Author: A. Bardeen
> INET: [EMAIL PROTECTED]
>
> Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
> San Diego, California -- Public Internet access / Mailing Lists
> --------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Paul Drake
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author:
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Willett, Mark
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
