Oracle Data Redaction Is Broken

The Oracle data redaction service is a new feature introduced with Oracle 12c. It allows sensitive data, such as PII, to be redacted or masked to prevent it being exposed to attackers. On paper this sounds like a great idea but in practice, Oracle's implementation is vulnerable to multiple attacks that allow an attacker to trivially bypass the masking and launch privilege escalation attacks.

Provided by: SecurityTube.net Topic: Data Management Date Added: Dec 2014 Format: Webcast

Find By Topic