Oracle lives in an alternate universe
Dec. 9th, 2008 08:55 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
dsrtao(That would be Oracle the giant database company.)
Oracle decided that I was a good target for their Oracle Advanced Security product, which is an expensive add-on for their expensive database. (Suddenly I'm reminded of my last post -- because the marginal cost of software is zero, features which are invented as extra-cost additions become integrated for free in the next version.)
Advanced Security boasts these exciting features:
Network encryption protects your data as it flows through open, unsecured networks, from database to client server. In my universe, we don't allow database connections from machines that aren't on the same, trusted network as the server.
In my universe, we already encrypt our backups, using PGP or GPG.
Encryption key management is only useful if you are allowing semi-trusted machines to access your database. In my universe, we don't allow semi-trusted machines to connect to our database. Only trusted application servers connect directly. Users connect to the application servers, and hopefully the application is well-enough written to not offer any direct access to the database.
Oracle decided that I was a good target for their Oracle Advanced Security product, which is an expensive add-on for their expensive database. (Suddenly I'm reminded of my last post -- because the marginal cost of software is zero, features which are invented as extra-cost additions become integrated for free in the next version.)
Advanced Security boasts these exciting features:
- network encryption
- encrypted backups and exports
- built-in encryption key management with support for hardware security modules
Network encryption protects your data as it flows through open, unsecured networks, from database to client server. In my universe, we don't allow database connections from machines that aren't on the same, trusted network as the server.
In my universe, we already encrypt our backups, using PGP or GPG.
Encryption key management is only useful if you are allowing semi-trusted machines to access your database. In my universe, we don't allow semi-trusted machines to connect to our database. Only trusted application servers connect directly. Users connect to the application servers, and hopefully the application is well-enough written to not offer any direct access to the database.
