Oracle Developers
Published in

Oracle Developers

Avoid Data Breaches Right Where Your Data Lives

This is how a data leak happens :)

Data breaches scare me to death. They are becoming bigger and bolder. The list of data breaches is growing. Is the following rule still apply in this data powered world?

Store only the information you need to do your business.

That is a big rule. Yeah, fine! But data is power. It is a difficult trade-off. And here you are reading about data breaches because they happen and they affect people just like us.

Think about these three aspects:

  • Is my database securely configured?
  • What sensitive data do I have?
  • Who has access to the data and database?

There are many tools to help you with these questions. But, think briefly on the second question about sensitive data.

The perfect example would be credit cards numbers. Only your payment system should be able to use that information. Keep in mind you would also want to replicate data from your production database to test and dev environments for new features development, testing, and bugs' debugging. The problem grows behind the scenes.

Welcome to Data Redaction

A good approach would be that the database engine is aware of sensitive data and set up policies so that specific data never leaves the engine without being offuscated.

Your data for credit cards would be

xxxx-xxxx-xxxx-5100

instead of

5105–1051–0510-5100

This would be just a change in the database. No need to change your application code.

Try it out

You can try it out in just a few minutes — no need to install or configure anything on your computer. Create an Oracle Autonomous Database for free on Oracle Cloud. You can execute all the SQL statements with SQL Developer Web.

Do you have an Oracle Cloud Account? If not, you can create one here:

Remember, Oracle Cloud does not charge you anything unless you explicitly request the upgrade to pay as you go. No problem.

Oracle Cloud Sign-up for free

Create the database and open SQL Developer Web following the steps in this video:

Create an Autonomous DB and start SQL Developer Web

The first PL/SQL script is going to create a new APP schema and a new table USERS . We are going to insert to new rows (users) with fictitious credit card numbers. The last bit is going to enable Oracle REST Data Services (ORDS) that allow us to use Postman or cURL to query the table like if our application (source code) would do.

Run the statements on SQL Developer Web:

You can use Postman or cURL to get the content of the table as a RESTful service.

On the next video I show you where you can get the URL of ORDS running in Autonomous Database:

Find the ORDS URL to use

After you copy the URL, you have to append app/users/ at the end of the URL, app/` for the schema and users/ for the table. The following cURL command will give you the items on the table.

curl -u APP:Str0nP4ssw0rd! <<ords_uri>>/app/users/

The equivalent on Postman should look like this:

Postman configuration

The result reveals the credit card numbers, and that is just too bad. You have the option to make sure there is no code on the backend that read that data and send it somewhere. But there is a better and programmatic way to do it directly on the database. Less code to check, more control about what information leaves the database.

Run the following PL/SQL code to add a redaction policy on USERS table and column CARD_NUMBER.

Run the same cURL/Postman command and check how the credit card numbers look like this time:

"id": 1,
"name": "John",
"card_number": "****-****-****-8765"

Cool! You redacted high sensitive data directly on your database.

Don’t forget to clean the schema if you want the tear down the example.

Want to learn more?

If you like what you’re reading and interested in taking on some of these challenges with our team, do check out our free training sessions on many topics like Spatial and Graph, Document database, APEX, Digital Assitant, etc. The next event is

Check the next training.

There are periodic free training sessions, around 1 hour long, done by experts and Oracle Cloud Advocates. These are instructor-led training. You can follow along with our team to solve your questions on the spot.

And keep tuned for more articles about the amazing things you can build with Oracle Cloud.

I am Victor Martin, a Software Developer. I deploy on Oracle Cloud Infrastructure.

Feel free to get connected with me on LinkedIn.

I am also interested on Scuba diving and space engineering. Happy to help, everything is easier than rocket science!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Victor Martin

Victor Martin

Principal Cloud Engineer. All opinions are my own. @OracleCloudInfrastructure