Using a Combined Approach
In some cases, neither of the approaches I’ve described so far may be suitable. Let’s examine the pros and cons of the two options.
With the one-key approach:
The key management is extremely simple. There is only one key to manage—create, access, and back up.
The key can be placed in many places convenient for the applications to access.
On the other hand, if the key is ever stolen, the entire database becomes vulnerable.
With the one-key-per-row approach:
Figure 4-4. Single-key-per-row approachThe number of keys equates to the number of rows, increasing the complexity of key management—more data to back up, more storage, and so on.
On the other hand, if a single key is stolen, only that corresponding row is compromised, not the entire database. This adds to the overall security of the system.
Clearly, neither approach is perfect, and you will have to find a middle ground—that is, choose an approach somewhere between the two approaches we’ve discussed. Perhaps you will use a single key per column, where the same key applies to all the rows; or a key per table regardless of the number of columns; or a key per schema; and so on. The number of keys to be managed would decrease dramatically with any of these approaches, but of course the vulnerability of the data would increase.
Let’s take a look at a third approach—I will adopt a combination of keys, as shown in Figure ...
Get Oracle PL/SQL for DBAs now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
