Search Postgresql Archives

Re: Regd. the Implementation of Wallet (in Oracle) config equivalent in postgreSQL whilst the database migration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am 22.12.2022 um 00:57 schrieb Benedict Holland <benedict.m.holland@xxxxxxxxx>:

Like, does oracle give you something more? Probably. It's also a ton of money and I mean a geuine ton. At that point, you also need security audits, security protocols, requirements, backup and retention policies, and redundancy key locations. If someone has root, I don't know how they also don't have your encryption keys. 

They are not on the same box. They are in a HSM. A dedicated piece of tamper-proof hardware that stores secrets (keys).
The Oracle-server needs to talk to the HSM to get the keys. 

This is not a low-budget setup (well, it’s Oracle…) - rather, it’s for when the data is really very valuable so that the cost for redundant HSMs, Oracle, Data Guard etc.pp. is still lower than the value of the data. 

OP works for an outfit that typically does outsourcing for these kinds of clients.

It’s all about having more degrees of separation between different functions, so you don’t have to trust the single, Dennis-Nedry-type of admin to not sell the information in the database to the highest bidder.



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux