Oracle TDE 能否保护 DBA 的数据?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/591112/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Can Oracle TDE protect data from the DBA?
提问by user12632
oracle experts.
甲骨文专家。
My client of mine wants to deploy an application that has to hold credit card numbers in a database. The client is obviously concerned with security.
我的客户想要部署一个应用程序,该应用程序必须在数据库中保存信用卡号码。客户显然关心安全性。
We are particularly concerend with one painful issue. How can we make sure that only authorized users with a 'business need to know' are allowed to access the data? How can we protect the data from the DBA?
我们特别关心一个痛苦的问题。我们如何确保只有具有“业务需要知道”的授权用户才能访问数据?我们如何保护 DBA 的数据?
One obvious solution is to encrypt at the application level. We don't want to do that.
一种明显的解决方案是在应用程序级别进行加密。我们不想那样做。
An oracle product that came up as a possible solution is Orace TDE (Transparent Data Encryption). It seems to cover the on-disk encryption case well. However, there have been disputing claims if it can be used to hide data from someone with DBA privileges.
作为一种可能的解决方案出现的 Oracle 产品是 Orace TDE(透明数据加密)。它似乎很好地涵盖了磁盘加密案例。但是,对于它是否可用于向具有 DBA 权限的人隐藏数据,存在争议。
I want to be very specific about the use case we're dealing with. We have an up and running application, 24/7/365, that is doing data access constantly. That means that the Oracle wallet is open and data is being decrypted by the database. AT THE SAME TIME a DBA should still be unable to access the data.
我想对我们正在处理的用例非常具体。我们有一个启动并运行的应用程序,24/7/365,它不断地进行数据访问。这意味着 Oracle 钱包是打开的,数据正在被数据库解密。同时,DBA 应该仍然无法访问数据。
I know that Oracle is marketing Oracle Database Vault for this very issue. Given that all I want to do is block DBA access from just one particular table, do I really need the Vault or can I use TDE?
我知道 Oracle 正在针对这个问题营销 Oracle Database Vault。鉴于我想要做的只是阻止 DBA 访问一个特定的表,我真的需要 Vault 还是可以使用 TDE?
Assistance would be much appreciated,
将不胜感激,
Or
或者
回答by tuinstoel
My guess is that you need Oracle Vault. TDE makes it impossible to read the datafiles but a simple select will still retrieve the data unencrypted.
我的猜测是您需要 Oracle Vault。TDE 使得无法读取数据文件,但简单的选择仍将检索未加密的数据。
But ask the dudes or dudettes who made the claim that TDE is sufficient, to explain how to do it without Oracle Vault.
但是请询问声称 TDE 就足够的人,以解释如何在没有 Oracle Vault 的情况下做到这一点。
Edit: Two threads on this issue:
编辑:关于这个问题的两个线程:
http://forums.oracle.com/forums/thread.jspa?messageID=3249532�
http://forums.oracle.com/forums/thread.jspa?messageID=3249532镼
http://forums.oracle.com/forums/thread.jspa?messageID=3261345�
http://forums.oracle.com/forums/thread.jspa?messageID=3261345쎡
回答by Gary Myers
"there have been disputing claims if it can be used to hide data from someone with DBA privileges." Probably because there can be conflicting ideas about what constitutes DBA privileges. There is a DBA database role, a SYSDBA privilege and someone who can login as oracle (or Administrator) to the server at the operating system level, each with higher privileges Privileges can be revoked from the DBA role, so that is even more vague.
“对于它是否可以用来向具有 DBA 权限的人隐藏数据,一直存在争议。” 可能是因为对于 DBA 特权的构成可能存在相互矛盾的想法。有一个DBA数据库角色,一个SYSDBA权限和一个可以在操作系统级别以oracle(或管理员)身份登录服务器的人,每个具有更高权限的权限都可以从DBA角色中撤销,这样就更加模糊了。
VPD can ensure that, for example, the credit-card column is only visible to users logged in from a specific IP (eg the application server), as a certain user or with a certain role. While a user with DBA role would be able to change the VPD privileges, or grant themselves the appropriate role or impersonate the relevant user, this would show up in the audit log.
例如,VPD 可以确保信用卡列仅对从特定 IP(例如应用服务器)登录的用户、作为特定用户或具有特定角色的用户可见。虽然具有 DBA 角色的用户能够更改 VPD 权限,或授予自己适当的角色或模拟相关用户,但这会显示在审计日志中。
回答by user12632
i came across a similiar problem with one of our customers. During the evaluation process i have found a possible solution from a german security company. It seems they have developed a system that should prevent the DBA to access any sensitive data. Take a look at their website. It didn′t take a deeper look yet, so i cannot give you further information about this solution.
我与我们的一位客户遇到了类似的问题。在评估过程中,我从一家德国安全公司找到了一个可能的解决方案。似乎他们已经开发了一个系统,可以防止 DBA 访问任何敏感数据。看看他们的网站。它还没有深入研究,因此我无法为您提供有关此解决方案的更多信息。
回答by NA AE
There are certain alternative companies with DB encryption and access control solutions that implement a strict separation of duties between DBA and Security Admin.
某些具有 DB 加密和访问控制解决方案的替代公司在 DBA 和安全管理员之间实现了严格的职责分离。
You may want to take a look into D'Amofrom a Korean company, Penta Security Systems.
您可能想看看来自一家韩国公司 Penta Security Systems 的D'Amo。
Disclaimer: I have worked as a DB consultant and deployed the solution to many of my customers.
免责声明:我曾担任数据库顾问,并为我的许多客户部署了该解决方案。
