tamhas
ProgressTalk.com Sponsor
Also, define "protect". Is this a question of application security or a need to protect the data from reading regardless of the tool, i.e., encrypt it. Progress has a tool, TDE (transparent data encryption) which is very good and highly performant, but also far from free. Depending on the processing requirements, you can do your own encryption and decryption, but of course you can't then meaningfully index it.
Rob Fitzpatrick
ProgressTalk.com Sponsor
TDE isn't meant to be an object-level access mechanism. It doesn't "protect" data from anyone who can authenticate against the database and the key store. If TDE is enabled and key store authentication is set to automatic then any user who can authenticate against the database has full access to the encrypted data, same as before TDE was enabled (thus, "transparent"). And if KS authentication is set to manual, then access is all-or-nothing. Either you specify the KS passphrase and get access to all data, or else you get no access to the DB at all. It doesn't sound like that's the use case here, although we don't have much detail yet.
TDE is meant to protect against media loss (stolen disk, server, backup tape, OS copy of DB files, etc.) and prevent access to data on disk, e.g. opening an extent in a text editor or hexdumping it.
TDE is meant to protect against media loss (stolen disk, server, backup tape, OS copy of DB files, etc.) and prevent access to data on disk, e.g. opening an extent in a text editor or hexdumping it.
TheMadDBA
Active Member
I took "When anyone try read the specific field on table, i need block. " to mean preventing read/view access to that column. I guess we will have to see if he comes back 
TDE is not cheap but awesome. I was one of the Alpha/Beta testers and of course it had a few issues, but when it was ready for commercial release it was rock solid with minimal performance impact. It was really nice to just answer yes to a set of audit questions instead of having a ton of meetings about compensating controls.
TDE is not cheap but awesome. I was one of the Alpha/Beta testers and of course it had a few issues, but when it was ready for commercial release it was rock solid with minimal performance impact. It was really nice to just answer yes to a set of audit questions instead of having a ton of meetings about compensating controls.
Rob Fitzpatrick
ProgressTalk.com Sponsor
I agree that TDE is a great product. I have a client using it successfully and in my application testing the performance impact was not measurable. But it is not a silver bullet for protecting data.
Similar threads
- Locked
- Doug Dunn
- Progress Blog
- Locked