Security is enhanced because the wallet password can be unknown to the database administrator, requiring the security administrator to provide the password. Using an external security module (wallet/HSM) separates ordinary program functions from encryption operations, making it possible to divide duties between database administrators and security administrators. Storing the master encryption key in this way prevents its unauthorized use. For this external security module, Oracle uses an Oracle wallet or Hardware Security Module (HSM), as described in this chapter. This section contains the following topics:īenefits of Using Transparent Data Encryptionįigure 8-1 TDE Column Encryption Overviewĭescription of ''Figure 8-1 TDE Column Encryption Overview''Īs shown in Figure 8-1, the master encryption key is stored in an external security module that is outside the database and accessible only to the security administrator. You can also use TDE to encrypt entire tablespaces.
Use TDE to protect confidential data, such as credit card and social security numbers, stored in table columns. An application that processes sensitive data can use TDE to provide strong data encryption with little or no change to the application. To prevent unauthorized decryption, TDE stores the encryption keys in a security module external to the database.ĭatabase users and applications do not need to manage key storage or create auxiliary tables, views, and triggers. TDE encrypts sensitive data stored in data files. To protect these data files, Oracle Database provides Transparent Data Encryption (TDE).
Oracle Database uses authentication, authorization, and auditing mechanisms to secure data in the database, but not in the operating system data files where data is stored.
0 kommentar(er)
