database 在 Oracle 中加密的推荐方法是什么?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7722778/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
What is the recommended way to encrypt in Oracle?
提问by Please click here
I need some help from Oracle/Security experts.
我需要 Oracle/安全专家的帮助。
I'm going to make functions for encryption/decryption in our Oracle DB. I intend to use dbms_cryptowith AES256. I understand that I should store the key file in the O/S and read it using utl_file.
我将在我们的 Oracle DB 中创建用于加密/解密的函数。我打算dbms_crypto与AES256. 我知道我应该将密钥文件存储在 O/S 中并使用utl_file.
Is this a good idea? Are there any problems with this approach? E.g. Can utl_file have problems if the key file is read concurrently by 10 callers of the function? Is anything else recommended instead?
这是一个好主意吗?这种方法有什么问题吗?例如,如果 10 个函数调用者同时读取密钥文件,utl_file 会出现问题吗?有什么别的推荐吗?
I'm sure that this is a very common thing. Does anyone know where I can find a good sample that does this?
我敢肯定,这是一件非常普遍的事情。有谁知道我在哪里可以找到这样做的好样本?
Since this is security-related, I would prefer to follow some standard that others are following.
由于这与安全相关,我更愿意遵循其他人遵循的一些标准。
采纳答案by Aitor
If you have Oracle Advanced Security in your Oracle Database Enterprise Edition, you already have transparent data encryption (TDE) of data stored in the database.Take a look:
如果您的 Oracle 数据库企业版中有 Oracle Advanced Security,则您已经对存储在数据库中的数据进行了透明数据加密 (TDE)。看看:
http://download.oracle.com/docs/cd/B19306_01/network.102/b14268/asotrans.htm
http://download.oracle.com/docs/cd/B19306_01/network.102/b14268/asotrans.htm
You can check out also this link:
您也可以查看此链接:
http://www.oracle-base.com/articles/10g/TransparentDataEncryption_10gR2.php
http://www.oracle-base.com/articles/10g/TransparentDataEncryption_10gR2.php
Summarizing the last page:
总结最后一页:
Setup: Creating a database file and user.
CONN sys/password AS SYSDBA
CREATE TABLESPACE tde_test DATAFILE '/u01/oradata/DB10G/tde_test.dbf' SIZE 128K AUTOEXTEND ON NEXT 64K;
CREATE USER test IDENTIFIED BY test DEFAULT TABLESPACE tde_test; ALTER USER test QUOTA UNLIMITED ON tde_test; GRANT CONNECT TO test; GRANT CREATE TABLE TO test;
Encrypted Data: How to create a encrypted Column.You must create a wallet to hold the encryption key.Add the following entry into the sqlnet.ora file on the server and make sure the specified directory has been created.
ENCRYPTION_WALLET_LOCATION= (SOURCE=(METHOD=FILE)(METHOD_DATA= (DIRECTORY=/u01/app/oracle/admin/DB10G/encryption_wallet/)))
设置:创建数据库文件和用户。
CONN 系统/密码 AS SYSDBA
CREATE TABLESPACE tde_test DATAFILE '/u01/oradata/DB10G/tde_test.dbf' SIZE 128K AUTOEXTEND ON NEXT 64K;
CREATE USER test IDENTIFIED BY test DEFAULT TABLESPACE tde_test; 在 tde_test 上更改用户测试配额无限制;授予连接测试;授予创建表进行测试;
加密数据:如何创建加密列。您必须创建一个钱包来保存加密密钥。将以下条目添加到服务器上的sqlnet.ora 文件中,并确保已创建指定目录。
ENCRYPTION_WALLET_LOCATION= (SOURCE=(METHOD=FILE)(METHOD_DATA= (DIRECTORY=/u01/app/oracle/admin/DB10G/encryption_wallet/)))
You must create and opne the wallet:
您必须创建并打开钱包:
CONN sys/password AS SYSDBA
ALTER SYSTEM SET ENCRYPTION KEY AUTHENTICATED BY "myPassword";
Then you can create your tables with the desired columns encrypted or not:
然后,您可以使用加密或未加密的所需列创建表:
CREATE TABLE tde_test (
id NUMBER(10),
data VARCHAR2(50) ENCRYPT
)
TABLESPACE tde_test;
I hope this help you.
我希望这对你有帮助。
