2 Replies Latest reply: Feb 4, 2010 11:00 PM by Pradeep George-Oracle RSS

    Advanced Security -TDE - Encrypted Tablespace Question

    413063
      In discussions regarding the move of existing objects from a non-encrypted tablespace to a TDE tablespace, all relevant text, e.g. [TDE Best Practices|http://www.oracle.com/technology/deploy/security/database-security/pdf/twp_transparent-data-encryption_bestpractices.pdf], states that the objects should be exported from the non-encrypted tablespace and then imported into the encrypted tablespace. After which the old tablespace should be dropped, wiped, etc.

      I'm just wondering if there is a reason that we couldn't use an ALTER TABLE..MOVE operation instead. If not, specifically, why not?

      Thanks,

      -Joe
        • 1. Re: Advanced Security -TDE - Encrypted Tablespace Question
          damorgan
          I would imagine because it does not work.

          I'm so unimaginative that I read the docs and follow the advice unless I find a problem.

          If you would like to know whether they just made it up ... try it the other way and let us know what you find.
          • 2. Re: Advanced Security -TDE - Encrypted Tablespace Question
            Pradeep George-Oracle
            Oracle Docs at followng link says..

            http://download-uk.oracle.com/docs/cd/E11882_01/network.112/e10746/asotrans.htm

            " You cannot encrypt an existing tablespace. However, you can import data into an encrypted tablespace using the Oracle Data Pump utility. You can also use SQL commands like CREATE TABLE...AS SELECT...or ALTER TABLE...MOVE... to move data into an encrypted tablespace. The CREATE TABLE...AS SELECT... command enables you to create a table from an existing table. The ALTER TABLE...MOVE... command enables you to move a table into the encrypted tablespace.
            "

            So you can do Alter table move too.