||Oracle Tips by Burleson
Chapter 6 Oracle Encryption
the source table to be encrypted. That table,
named claim_line_keys could be defined as
There are two ways to handle the encryption in
the table claim_line.
Either method is easy to
accomplish and may prove better or worse depending on your specific
- The table could be
renamed to claim_line_clear and a view named claim_line be
created. The PROCEDURE_CODE column of the view could display the
data in encrypted manner. No one should have access to the
original table. All the applications, the users, etc. should
refer to the view.
When the applications need to insert data
into the table, there could be an INSTEAD OF trigger defined on
the view that decrypts the data and stores the original value in
the CLEAR table, which contains the data in the unencrypted
- When the data is
entered into the claim_line table, or the field PROCEDURE_CODE
is updated, the changed data could be encrypted before putting
it into the table, so that the field PROCEDURE_CODE contains
encrypted values. In this manner the query to the table will
always return an encrypted value. The user must decrypt this to
get the actual value.
The inserts and updates can be handled in a
slightly simpler manner, using triggers to update the value
before the database value is written.
The above text is
an excerpt from:
Oracle Privacy Security Auditing
Final Word on Oracle Security
This is the only authoritative
book on Oracle Security, Oracle Privacy, and Oracle Auditing written
by two of the world’s leading Oracle Security experts.
This indispensable book is only
and has an
immediate download of working security scripts: