Hot news

Why Oracle DB?

Oracle is the most suitable DB for storing data in high- security mode, arranging BigData , implementing any idea in many applications . ...

2018-06-13

SD and GDPR

Here is the list of GDPR (General Data Protection Regulation) supporting by SQLDetective (SD).

1. The "Connection to Oracle DB" window allows to protect your actions from modifying data in production. Enable DDL and DML confirmations (see pic#1) and you'll be stopped to change DB objects (see pic#2) and data (see pic#3).

(pic#1)

(pic#2)

(pic#3)

2. Unfortunately, in the same "Connection to Oracle DB" window you may leave an opportunaty for hackers: saved password, IP, Port, SID/ServiceName of DB (see pic#4) that are stored with other application settings without encryption. As a workaround you may work in DB by TNS names (see pic#5).

(pic#4)

(pic#5)

3. SD is a product for single using in own PC, so all your connection info can't be shared without your permission. Unfortunately, on updating application or sending OSD messages to ConquestSS site some of personal data may be sent without your confirmation (see comments). As a workaround, don't open Internet in PC on working in SD. Note: SQL Editor stores all executed statements in a file without encrypting; application log contains much info about DB without encryption and these logs are auto-sent with OSD message; you can't mask info on auto-sending to ConquestSS by OSD message; OSD Updater sends some info to ConquestSS site without listing it and any your permission.
4. On working with production and developing DB it's helpful to mark them by color (see pic#6, #1). The DB color can be selected before connecting. The same color notifies your work in all windows. Unfortunately, there is no DB color in confirmation messages on commiting (see pic#7) or executing (see pic#2, #3).

(pic#6)

(pic#7)

5. For data protecting SD 4.7.2 supports Policy (see pic#8) and Data Redaction Policy in object lists.

(pic#8)

6. It was not announced in Release Notes but since SD 4.7.2.202 it's possible to create a custom Code Review Rules and over 170 rules (see pic#9) can check your pl/sql code including checks in License, RAC/Exadata and Security. For example, you may create and use a Code Review Rule that checks the using of non-encrypted info or sending personal info to unknown addresses.

(pic#9)

7. GDPR suggests to mask data. Unfortunately, SD UI doesn't allow to set Oracle Label Security or  Transparent Data Encryption but you may set SmartDataset (see "Data stolen", "Data storing", "Automation of SD work / Data User / 7-8") in Dataset Manager and Built-In VCS Project. For example, values from char columns may be viewed in grid masking by "rpad(substr(a.SYMBOL,1,1),length(A.SYMBOL),'*')" functions.
8. I hope that ConquestSS will make all their best to support the tablespace encryption and data encryption in the nearest builds.
9. You may check and monitor work of all users including hack-attacks as DB admin in tablespaces and sessions by SD DBA tools: DB Monitor (see pic#10), DB Examiner (see pic#11), Storage Manager (see pic#12), Session Navigator (see pic#13), TSL (see pic#14) in real time.

(pic#10)

(pic#11)

(pic#12)

(pic#13)

(pic#14)

GDPR enforces to protect data, control access, monitor and audit data flowing, configure data and application in secure mode. You know how it's possible by SD.

No comments:

Post a Comment