On Sat, 07 Oct 2006 17:14:58 -0400, OFM wrote:
I am running an oracle database with the application written in PHP.
I would like to be able to have the option to encrypt data residing in
certain columns in certain tables i.e. encrypt the SSNO column but not
the Fname column. I would like to keep it in its encrypted form in the
database but I would like to be able to show it to certain privileged
people based on a password.
Can public key encryption be incorporated here in the php application
such that if I can encrypt the data based on a key that in it self can
be encrypted in a way that you can revoke certain passwords if the
employee leaves - much that same way you have revocation lists
management in PGP.
Are there any suggestions on how to go about incorporating FLEXIBLE
encryption of data with PHP and Oracle?
Any help appreciated.
Oracle has something called "Advanced Security Option" which is a
commercial product and allows encryption of the entire database or parts
of it. There is also something called "VPD" (Virtual Private Database)
which allows users to see only the parts of the database they're entitled
to see. It takes a bit to set up, but it works really well. As for
revoking employee authorization once the employment is terminated, it
should be a standard practice. HR should have an application that would
disable VPN logins and logins to web visible applications and high
priority tickets to immediately revoke all access privileges should be
assigned to both system administration group and DBA group. Security is
not a part of an application, security is a philosophy that the company
must adhere to in everything it does.
--
http://www.mladen-gogala.com