Skip to Main Content
  • Questions

  • How to wipe datafiles after dropping a tablespace

Breadcrumb

Question and Answer

Connor McDonald

Thanks for the question, Alan.

Asked: September 08, 2020 - 9:31 pm UTC

Last updated: September 09, 2020 - 3:18 am UTC

Version: Oracle 12c

Viewed 1000+ times

You Asked

We have a tablespace with sensitive data in it. If we drop the tablespace then we need to be able to wipe or shred the datafiles so that they can not possibly be read. We are already using TDE and encrypted rman backups. I know about the Linux shred, wipe, and srm tools for wiping out the contents of a datafile.

Is there an "Oracle Approved" way to permanently destroy the contents of an old datafile?

Thanks,
Alan

and Connor said...

If its using TDE then that datafile will never be compromised unless your wallet is compromised, which is basically saying your entire data centre has been compromised.

Perhaps a different way of saying that would be - if TDE is compromised, then it means AES256 is compromised and it means ... well.... most security mechanisms in the world for everything to do with encryption are now compromised :-)

But lets assume you were *not* using TDE. Then a suitable approach would be:

- drop tablespace WITHOUT including the datafiles
- run an OS scrubber of your choice over the files that now remain.



Is this answer out of date? If it is, please let us know via a Comment
more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's channel and Chris's channel from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.

More to Explore

Administration

Need more information on Administration? Check out the Administrators guide for the Oracle Database