Re: Protecting database encryption key
Right; if they have the key, they can read your data easily. You need to make sure they *can't* get that key.
If they have access to the host on which the key is stored, assume they can get the key. Don't let unauthorized people have access to that host, except through carefully controlled -- and tested -- access via your applications.
I'm no expert in software security, I only know a little bit.
I'd suggest reading some good books on data security, if you're responsible for implementing a secure system. Here are some examples:
"Building Secure Software: How to Avoid Security Problems the Right Way" by John Viega
"Software Security : Building Security In" by Gary McGraw
"19 Deadly Sins of Software Security" by Michael Howard
Regards,
Bill K.
Subject
Views
Written By
Posted
10498
June 28, 2006 01:12PM
Re: Protecting database encryption key
4921
June 28, 2006 03:26PM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.