-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 25 February 2003 2:34 AM
To: Multiple recipients of list ORACLE-L
Subject: encryption - peoplesoft 8 - oracle ??Has anyone used data encryption/decryption with peoplesoft8 HR application with oracle backend? Any hints will be appreciated..Thanks
Mohammed Ahsanuddin
Oracle DBA
-----Original Message-----
From: Nick Wagner [mailto:[EMAIL PROTECTED]
Sent: Friday, February 21, 2003 4:28 PM
To: Multiple recipients of list ORACLE-L
Subject: RE: storing credit card numbers in a databaseit would be safer to encrypt the credit card number at the application level, and insert that string into the database, because anyone with a decent sniffer would be able to pick it out of the SQL*Net code. Whether or not they even have access to the database.-----Original Message-----
From: Richard Ji [mailto:[EMAIL PROTECTED]
Sent: Friday, February 21, 2003 12:40 PM
To: Multiple recipients of list ORACLE-L
Subject: RE: storing credit card numbers in a databaseBesides the DBMS_OBFUSCATION_TOOLKIT, Application Security Inc also has a product to encrypt data in the database. Check out their web site www.appsecinc.com.-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, February 21, 2003 3:25 PM
To: Multiple recipients of list ORACLE-L
Subject: RE: storing credit card numbers in a databaseWe have been looking at a similar requirement..so far it seems if you want to use oracle's encryption (DBMS_OBFUSCATION_TOOLKIT) tool kit encryption has to be done in code and passed to the database and vice versa.There is a product called secure.data for oracle database from protegrity which claims to be application transparent..I have not worked with that but it is an option.Thanks
Mohammed Ahsanuddin
Oracle DBA
-----Original Message-----
From: Chris Stephens [mailto:[EMAIL PROTECTED]
Sent: Friday, February 21, 2003 2:06 PM
To: Multiple recipients of list ORACLE-L
Subject: storing credit card numbers in a database
I've been asked to find out a way to encrypt credit card numbers and store that encrypted string in the database. ...any oracle functions or functionality to do this? ....or would we have to encrypt the numbers in the application and then pass that string to the database?
We don't want anyone to be able to get to the numbers even if they have access to the table in which it is stored.
Thanks for any input
chris
Title: storing credit card numbers in a database
How
will you protect the encryption key?
There
is one thing that most people seem to miss about the DBMS_OBFUSCATION_TOOLKIT
and that is, it DOES NOT provide key management.
Having
access to the encryption and decryption routines is only half the story.
What use is encrypting credit card numbers when you cannot securely store the
key used in the encryption.
Off
the top of my head any key management solution should have at a
minimum:
- no
one person should know the complete key - key needs to be separated into
components
- the
key should not exist in the clear outside of a HSM (Hardware Security
Module)
Cheers,
Craig.
- encryption - peoplesoft 8 - oracle ?? Mohammed . Ahsanuddin
- Craig Munday
