The emphasis is on the
word transparent??”authorized users do not have to specify passwords or keys when accessing
encrypted columns in a table or in an encrypted tablespace.
Although transparent data encryption has been significantly enhanced in Oracle Database
11g, there are still a few restrictions on its use; for example, you cannot encrypt columns
using foreign key constraints, since every table has a unique column encryption key. This
should typically not be an issue, since keys used in foreign key constraints should be
system-generated, unique, and unintelligent. Business keys and other business attributes of
a table are more likely candidates for encryption and usually do not participate in foreign
key relationships with other tables. Other database features and types are also not eligible
for transparent data encryption:
Index types other than B-tree
Range-scan searching of indexes
BFILEs (external objects)
Materialized view logs
Synchronous Change Data Capture
?–
?–
?–
?–
?–
?–
Chapter 9: Database Security and Auditing 343
Transportable tablespaces
Original import/export utilties (Oracle9i and earlier)
Alternatively, you can use DBMS_CRYPTO to manually encrypt these types and features.
NOTE
As of Oracle Database 11g, internal large objects such as BLOB and
CLOB types can now be encrypted.
Creating an Oracle Wallet
You can create a wallet for Transparent Data Encryption using Oracle Enterprise Manager.
Pages:
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561