Encryption - Implementing Database Security and Auditing

Databases Reference

In-Depth Information

00b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........

00c0 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........

00d0 00 00 00 00 00 00 ......

I've used a simple example using the dept table—one of the standard

samples packaged with Oracle. As you can see, the SQL statement being

executed is also shown in clear text, allowing a hacker to learn of your data-

base structure and even see data (if it is included in WHERE clauses or

INSERT clauses, for example). The SQL statement that is being passed

(fully in clear text) within the packet is:

select * from dept

The response to this query (if done in SQL*Plus, for example) would

be:

DEPTNO DNAME LOC

---------- -------------- -------------

10 ACCOUNTING NEW YORK

20 RESEARCH DALLAS

30 SALES CHICAGO

40 OPERATIONS BOSTON

As you can guess by now, the reply data is also passed in clear text. If the

reply includes complex result sets, then the internal structure used by the

database may be a little difficult to crack but by no means impossible. Con-

tinuing with our example, let's look at the reply to our simple query, which

is spread over two packets:

0000 00 0d 56 b2 05 34 00 0e d7 98 07 7f 08 00 45 00 ..V..4.. ......E.

0010 01 79 5d 4d 40 00 3f 06 58 22 c0 a8 02 17 c0 a8 .y]M@.?. X"......

0020 01 a8 05 f2 0d bf 2e 5f 36 88 64 56 a7 47 50 18 ......._ 6.dV.GP.

0030 2c 37 2f 98 00 00 01 51 00 00 06 00 00 00 00 00 ,7/....Q ........

0040 10 19 be e9 8e d6 e8 b8 98 58 00 00 78 68 07 1b ........ .X..xh..

0050 10 17 24 6b 2c 00 00 00 00 00 00 31 00 00 00 03 ..$k,... ...1....

0060 00 00 00 39 02 00 02 00 16 00 00 00 00 00 00 00 ...9.... ........

0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........

0080 00 00 06 06 00 00 00 06 44 45 50 54 4e 4f 00 00 ........ DEPTNO..

0090 00 00 00 00 00 00 01 80 00 00 0e 00 00 00 00 00 ........ ........

00a0 00 00 00 00 00 00 00 00 00 00 00 00 1f 00 01 0e ........ ........

00b0 00 00 00 01 05 05 00 00 00 05 44 4e 41 4d 45 00 ........ ..DNAME.

00c0 00 00 00 00 00 00 00 01 80 00 00 0d 00 00 00 00 ........ ........

00d0 00 00 00 00 00 00 00 00 00 00 00 00 00 1f 00 01 ........ ........

Search WWH ::

Custom Search

Home