Yes, that's possible. At my work we use Oracles TDE on specific columns, (for example, user login in the users table) and we are able to compare it in the application to what the user types in when they login. I'm not sure about specifics in setting it up (i'm not the DBA) but we use the Oracle wallet manager for the keys and to set up encryption for a column you just need to ALTER TABLE talbe_here MODIFY (column_here ENCRYPT USING 'AES256'); when creating the table, it's very easy.
About the application encrypt/decrypt; your application does not need to worry about it. It's transparent to the application, the application does not know the difference between a column that has TDE and one that does not. Retrieve it from the database and use it as you would any other record. On Thu, May 27, 2010 at 7:57 AM, John Hoyt <[email protected]> wrote: > Thanks everyone for their input so far. > > The requirement is being defined, but I think that the need would be to > encrypt specific fields/columns within the rows/records. Not specific > records. > > For example, encrypt the SSN field, but not the first name or last name. > > The kicker is that the application needs to be able to decrypt those fields > and do comparisons and then encrypt them again on the fly. > > According to what I've heard from Oracle so far on this they can do it. > > We have not tested that theory yet though. > > John > > On Thu, May 27, 2010 at 2:43 AM, Robert Wahl <[email protected]> wrote: > >> There are a couple of interesting players in the place... Safenet, >> voltage, etc.. >> >> I've had some experience doing transparent data encryption (not Oracle >> TDE) of columns... but you are looking to encrypt specific records? >> >> Message: 2 >> Date: Tue, 25 May 2010 10:22:09 -0400 >> From: John Hoyt <[email protected]> >> Subject: [Pauldotcom] Database Encryption >> To: PaulDotCom Security Weekly Mailing List >> <[email protected]> >> Message-ID: >> <[email protected]> >> Content-Type: text/plain; charset="iso-8859-1" >> >> >> Does anyone have experience with database (row/record) encryption? I'm >> looking at Oracle TDE and other competitor solutions. >> >> Some of the main points I'm interested in are: >> >> >> - Performance >> - Key management >> - Backups >> - Comparison against full-disk encryption >> >> >> Thanks for any help, >> John >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
