TAILIEUCHUNG - Applied Oracle Security: Developing Secure Database and Middleware Environments- P6

Applied Oracle Security: Developing Secure Database and Middleware Environments- P6:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 24 Part I Oracle Database Security New Features A plethora of books are available on the market discussing cryptography my personal favorite is Bruce Schneier s Applied Cryptography Protocols Algorithms and Source Code in C John Wiley Sons . The mathematics involved and the issues and nuances of cryptography are staggering in number and complexity and well beyond the scope of this book. Fortunately you don t need to understand all aspects of encryption. This chapter defines only what you need to know to make the critical decisions about how and when to use encryption within the database. Encryption Choices Although data can be encrypted in many ways there are fewer ways to do it effectively. Many people are inclined to write their own encryption just as Julius Caesar did. However unless they are geniuses or very lucky chances are their encryption will be poor. Today effective encryption implies the use of standard and proven encryption algorithms. The proven part is important because it ensures that the encryption doesn t have some fatal flaw that would allow an unauthorized person to determine the contents of the sensitive data. Since you want to use standard encryption algorithms you have quite a few from which to choose. Before you start picking algorithms to use in the database you need to understand a little more about how encryption works. The Algorithm and the Key To encrypt data two things are required an encryption algorithm and an encryption key. The high-level description of encrypting data is quite simple plaintext data is fed into the encryption algorithm. An encryption key is also provided. The algorithm uses the key and very sophisticated logic to encrypt the data. The process of decryption is analogous. It also requires a key and an algorithm. Figure 2-1 illustrates how basic symmetric key encryption works. A plaintext message Applied Oracle Security is encrypted using an algorithm and a key. To recover the original message the same key and .