Professional Documents
Culture Documents
/ransparent data encryption is a $ey0based access control system that enforces authori1ation by encrypting data with a $ey that is $ept secret. /here can be only one $ey for each database table that contains encrypted columns regardless of the number of encrypted columns in a gi"en table. 2ach table(s column encryption $ey is% in turn% encrypted with the database ser"er(s master $ey. No $eys are stored in the database. ,nstead% they are stored in an )racle wallet% which is part of the external security module. /he down side here is that if we lose the master password% then then the data is lost. 3e will ha"e to create a new database all o"er again.
#. Authentication Methods
Authentication by the Operating System )nce authenticated by the operating system% users can connect to )racle more con"eniently% without specifying a user name or password. 3ith control o"er user authentication centrali1ed in the operating system% )racle need not store or manage user passwords% though it still maintains user names in the database. Authentication by the $et%or& )racle supports the following methods of authentication by the networ$. /hird Party04ased Authentication /echnologies 5such as 6C2% 7erberos% or *2*A829 Public07ey0,nfrastructure04ased Authentication :emote Authentication 5:A6,'*9 Authentication o' Database Administrators ;ou can choose between operating system authentication or password files to authenticate database administrators.
(. )ine*+rained Auditing
&ine0grained auditing allows the monitoring of data access based on content. ,t pro"ides granular auditing of ueries% as well asINSERT%UPDATE% and DELETEoperations.