Oracle Beefs Up Database Security

Oracle last week unveiled two security features for its 8i Release 2 database aimed at businesses that conduct e-commerce.

A new data encryption feature was designed to protect information across the enterprise, from desktops to the central database. And the virtual private database feature that debuted in 8i can now manage very large databases with tens of thousands of simultaneous users, the software company said.

Chip Self, a regional programmer at First American Title, uses the version of the virtual private database currently available in Release 8.15 of 8i and plans on upgrading to 8.16 as soon as it's available for the Windows NT platform next month, he said.

Self said he uses the security feature to allow 20 account-reporting locations to see one another's data but only alter their own information.

Harder to Hack

"In the past, you had to do that with [command-option] VIEWS, but this is extremely flexible," Self said. "And you can't hack around it. It goes all the way down to the basic levels of the Oracle database. The only way that you can override it is with SYSUSER [administrative authority]."

"I think application service providers will be excited," said Terilyn Palanca, an analyst at Giga Information Group. "They don't want to put up a version of the Oracle database for each client using them. With [this] virtual private database, they can mix the data and not require [database administrators] to manage all this, like VIEWS. ...It's a much better way to provide security."

Likewise, corporate database developers want data encryption across a company's infrastructure, not just within the network. "People know the Secure Sockets Layer encryption is in the wire, but they want it to go all the way to the actual storage of the data," Palanca said. "Oracle's done a lot of work in this area that I'm not sure the others have done."

Bob Shimp, senior director of product marketing for Oracle's Internet platform, said Release 2 is available now on a number of popular Unix versions and will be available on the Windows NT platform next month.

"A couple days ago, a guy in Eastern Europe broke into an e-commerce site and stole 300,000 credit-card numbers. With Oracle's data encryption, even if he got past all the other safeguards, all he would see is garbled information," Shimp said. "It's very difficult to decrypt this."

Join the newsletter!

Or
Error: Please check your email address.

More about Giga Information GroupOracle

Show Comments