Data Masking. Procedure



Similar documents
STUDY OF PL/SQL BLOCK AIM: To Study about PL/SQL block.

Handling Exceptions. Copyright 2006, Oracle. All rights reserved. Oracle Database 10g: PL/SQL Fundamentals 8-1

Writing Control Structures

SQL. Short introduction

Oracle PL/SQL Language. CIS 331: Introduction to Database Systems

Physical Design. Meeting the needs of the users is the gold standard against which we measure our success in creating a database.

Answers to the Try It Yourself Sections

Creating PL/SQL Blocks. Copyright 2007, Oracle. All rights reserved.

Table Backup and Recovery using SQL*Plus

Review your answers, feedback, and question scores below. An asterisk (*) indicates a correct answer.

Handling Exceptions. Copyright 2008, Oracle. All rights reserved.

When an exception occur a message which explains its cause is received. PL/SQL Exception message consists of three parts.

Oracle For Beginners Page : 1

Advanced Tutorials. The Dark Side of the Transparent Moon

Financial Data Access with SQL, Excel & VBA

Handling Exceptions. Schedule: Timing Topic 45 minutes Lecture 20 minutes Practice 65 minutes Total

Review your answers, feedback, and question scores below. An asterisk (*) indicates a correct answer.

3.GETTING STARTED WITH ORACLE8i

Recognizing PL/SQL Lexical Units. Copyright 2007, Oracle. All rights reserved.

Managing Objects with Data Dictionary Views. Copyright 2006, Oracle. All rights reserved.

Database Query 1: SQL Basics

A basic create statement for a simple student table would look like the following.

PL / SQL Basics. Chapter 3

Chapter 9 Java and SQL. Wang Yang wyang@njnet.edu.cn

SQL/PSM. Outline. Database Application Development Oracle PL/SQL. Why Stored Procedures? Stored Procedures PL/SQL. Embedded SQL Dynamic SQL

5.1 Database Schema Schema Generation in SQL

SQL Injection. Sajjad Pourali CERT of Ferdowsi University of Mashhad

COMS20700 DATABASES 13 PL/SQL. COMS20700 Databases Dr. Essam Ghadafi

Chapter 5 More SQL: Complex Queries, Triggers, Views, and Schema Modification

Oracle 10g PL/SQL Training

SQL - QUICK GUIDE. Allows users to access data in relational database management systems.

Darshan Institute of Engineering & Technology PL_SQL

SQL 2: GETTING INFORMATION INTO A DATABASE. MIS2502 Data Analytics

Programming Database lectures for mathema

Training Guide. PL/SQL for Beginners. Workbook

Oracle Database: SQL and PL/SQL Fundamentals

Retrieving Data Using the SQL SELECT Statement. Copyright 2006, Oracle. All rights reserved.

Oracle PL/SQL Best Practices

Oracle For Beginners Page : 1

PL/SQL MOCK TEST PL/SQL MOCK TEST I

Oracle Internal & Oracle Academy

Making the Most of Oracle PL/SQL Error Management Features

Handling Exceptions. Schedule: Timing Topic. 45 minutes Lecture 20 minutes Practice 65 minutes Total

Information Technology NVEQ Level 2 Class X IT207-NQ2012-Database Development (Basic) Student s Handbook

Oracle Database: SQL and PL/SQL Fundamentals NEW

SQL Server An Overview

1 Triggers. 2 PL/SQL Triggers

Oracle For Beginners Page : 1

1 Stored Procedures in PL/SQL 2 PL/SQL. 2.1 Variables. 2.2 PL/SQL Program Blocks

CSI 2132 Lab 3. Outline 09/02/2012. More on SQL. Destroying and Altering Relations. Exercise: DROP TABLE ALTER TABLE SELECT

A table is a collection of related data entries and it consists of columns and rows.

ORACLE 10g Lab Guide

Maintaining Stored Procedures in Database Application

Oracle Database: SQL and PL/SQL Fundamentals

SQL Server Database Coding Standards and Guidelines

Knocker main application User manual

PL/SQL TUTORIAL. Simply Easy Learning by tutorialspoint.com. tutorialspoint.com

I have been playing with Oracle Streams again lately. My goal is to capture changes in 10g and send them to a 9i database.

Question 1. Relational Data Model [17 marks] Question 2. SQL and Relational Algebra [31 marks]

Certified PHP/MySQL Web Developer Course

Handling PL/SQL Errors

SQL Simple Queries. Chapter 3.1 V3.0. Napier University Dr Gordon Russell

Package sjdbc. R topics documented: February 20, 2015

PL/SQL Overview. Basic Structure and Syntax of PL/SQL

ORACLE 9I / 10G / 11G / PL/SQL COURSE CONTENT

SQL injection: Not only AND 1=1. The OWASP Foundation. Bernardo Damele A. G. Penetration Tester Portcullis Computer Security Ltd

Cabot Consulting Oracle Solutions. The Benefits of this Approach. Infrastructure Requirements

A Comparison of Database Query Languages: SQL, SPARQL, CQL, DMX

2. Which of the following declarations is invalid? Mark for Review (1) Points

Duration Vendor Audience 5 Days Oracle End Users, Developers, Technical Consultants and Support Staff

In this session, we use the table ZZTELE with approx. 115,000 records for the examples. The primary key is defined on the columns NAME,VORNAME,STR

Chapter 6: Physical Database Design and Performance. Database Development Process. Physical Design Process. Physical Database Design

Apache Cassandra Query Language (CQL)

A Brief Introduction to MySQL

Webapps Vulnerability Report

Costing In Oracle HRMS CONCEPTS

Instant SQL Programming

OPP ODTUG Kaleidoscope. An ODTUG SP* Oracle PL/SQL Programming Conference. WOW-Wide Open World, Wide Open Web!

Review your answers, feedback, and question scores below. An asterisk (*) indicates a correct answer.

14 Triggers / Embedded SQL


Understanding Sql Injection

Lab 9 Access PreLab Copy the prelab folder, Lab09 PreLab9_Access_intro

5. CHANGING STRUCTURE AND DATA

History of SQL. Relational Database Languages. Tuple relational calculus ALPHA (Codd, 1970s) QUEL (based on ALPHA) Datalog (rule-based, like PROLOG)

Handling PL/SQL Errors

WMO Climate Database Management System Evaluation Criteria

Oracle For Beginners Page : 1

Drupal Survey. Software Requirements Specification /10/2009. Chris Pryor Principal Project Manager

Managing Tables in Microsoft SQL Server using SAS

SQL Programming. CS145 Lecture Notes #10. Motivation. Oracle PL/SQL. Basics. Example schema:

OLH: Oracle Loader for Hadoop OSCH: Oracle SQL Connector for Hadoop Distributed File System (HDFS)

How To Create A Table In Sql (Ahem)

Structured Query Language. Telemark University College Department of Electrical Engineering, Information Technology and Cybernetics

2874CD1EssentialSQL.qxd 6/25/01 3:06 PM Page 1 Essential SQL Copyright 2001 SYBEX, Inc., Alameda, CA

SQL Server Instance-Level Benchmarks with DVDStore

Transcription:

Procedure Author: G S Chapman Date: October 2008 Version: 1.1 Location of Document:

DOCUMENT HISTORY Version Date Changed By: Remarks 1.1 20/10/2008 G S Chapman This version DOCUMENT DISTRIBUTION Copy No Name Role Organisation i

DOCUMENT REFERENCES Document Name Originator Part Number Version Date ii

TABLE OF CONTENTS 1 Introduction... 1 2 Method... 1 3 Enhancements... 2 A1 Procedure mask_table_columns... 1 PURPOSE OF DOCUMENT This document describes a simple implementation of a data masking procedure within an Oracle database. iii

1 INTRODUCTION This procedure was developed to meet a requirement of a client that would enable external development of code against sanitised data held upon the client site. The nature of the client data was such that it was not permissible to perform a simple export of the database since they were unwilling (and unable) to permit the data held in the database and the relationships between the data to be held off site. To enable external application development work to proceed some sample data was required, hence the development of this simple procedure to perform the task. 2 METHOD To permit the export to be performed easily a new database user is created. Permission is given to the new user to create table and also to be able to read the source tables. A single table is created to hold details of the tables and the columns that are to be masked. The command to create the table is given below. CREATE TABLE mask_table (table_name VARCHAR2(32), column_name VARCHAR2(32), CONSTRAINT mask_pk PRIMARY KEY (table_name, column_name)) organization index; The mask_table_columns procedure (as given in A1 Procedure mask_table_columns) will when run create an output table of the same name as the source table with a suffix of _X. If the source tabvle name is greater than 28 characters then the trailing characters are removed and the _X appended. VALUES('INCIDENTREPORT','HOWRECEIVED'); VALUES('INCIDENTREPORT','RESEARCHCRITERIA'); VALUES('INCIDENTREPORT','DATETIMERECEIVED'); VALUES('INCIDENTREPORT','ACTIONINSTANCEID'); The procedure is invoked by a call of the following form: mask_table_columns('incidentreport',true); END; The first parameter, the table name is required. The second optional parameter instructs the procedure to ignore the table creation statement if the masking table already exists. This is required where a source table requires more than one column to be masked. The default is FALSE, i.e. To raise an exception if the masking table exists. The procedure works upon date and character (VARCHAR2) columns determined from the table definition. Making use of the dbms random package the column values are 1

randomised. This enables the data resulting in the target tables to be used fro the generation of an user export for transfer to a remote location. It is always possible to incorporate additional changes to the export data. One common change is to limit data changes on certain columns to within a certain data range. This is usually performed at the remote site since time and circumstances enable some important relationships to be established where required by the application developers. NOTE: No indexes or primary keys are permitted on the target tables. This is a requirement of the client. If it were desired to implement such relationships, then the indexes would need to be disabled and further checks enabled to cross check the various tables to ensure that the constraints would be enabled correctly. This is outside the current client requirements. 3 ENHANCEMENTS As mentioned above there are a number of enhancements that may be made to the code. All are outside the client requirements an hence have not been incorporated. If time and opportunity exist then these may be implemented at some future time. 2

A1 Annex A PROCEDURE MASK_TABLE_COLUMNS CREATE OR REPLACE PROCEDURE mask_table_columns(tab_name IN VARCHAR2 DEFAULT NULL, ignoreflag IN BOOLEAN DEFAULT FALSE) IS /* Simple procedure to mask columns values in a table that can be extracted. Written 10th August 2004 G S Chapman. Require explicit create table priv to a desired exportable user. Requires a table structure as follows for the criteria selection. CREATE TABLE mask_table (table_name VARCHAR2(32), column_name VARCHAR2(32), CONSTRAINT mask_pk PRIMARY KEY (table_name, column_name)) organization index; Then typically insert into the above table the table name and columns to be masked. VALUES('INCIDENTREPORT','HOWRECEIVED'); VALUES('INCIDENTREPORT','RESEARCHCRITERIA'); VALUES('INCIDENTREPORT','DATETIMERECEIVED'); VALUES('INCIDENTREPORT','ACTIONINSTANCEID'); When run will create a table named after the first 30 characters of the input table, or the whole name if less than 30 character followed the characters '_X'. No indexes or primary keys are created. Typical usage would be as follows: mask_table_columns('incidentreport',true); END; The second optional parameter instructs the procedure to ignore the table creation if the masking table already exists. Default is FALSE, i.e. To object if the masking table exists. The first parameter, the table name is required. Last change: Description */ DebugFlag BOOLEAN := FALSE; invalid_parameter EXCEPTION; A - 1

no_requirement EXCEPTION; already_exists EXCEPTION; CURSOR c1 (tab_name IN VARCHAR2) IS SELECT column_name, data_type, data_length, column_id FROM user_tab_columns WHERE table_name = tab_name ORDER BY column_id; v_tab_name VARCHAR2(32); v_num INTEGER; v_sqltext VARCHAR2(4096); v_len INTEGER; v_chk INTEGER; /* Functions form basis of criteria used in select string. Could be made part of the database if required. */ function mask_char (isize IN INTEGER) RETURN VARCHAR2 IS RETURN dbms_random.string('a',isize); END mask_char; function mask_date RETURN date IS RETURN sysdate - dbms_random.random; END mask_date; /* Simplistic string display routine. Will display the first 960 characters of the supplied string. */ PROCEDURE display_string(v_sqltext IN VARCHAR2) IS v_len INTEGER; v_len := length (v_sqltext); dbms_output.put_line(to_char(v_len) ' string length'); IF v_len < 120 AND v_len > 0 THEN dbms_output.put_line(substr(v_sqltext,1,v_len)); dbms_output.put_line(substr(v_sqltext,1,120)); IF v_len < 240 THEN dbms_output.put_line(substr(v_sqltext,121,120)); dbms_output.put_line(substr(v_sqltext,121,120)); IF v_len < 360 THEN dbms_output.put_line(substr(v_sqltext,241,v_len-240)); dbms_output.put_line(substr(v_sqltext,241,120)); IF v_len < 480 THEN dbms_output.put_line(substr(v_sqltext,361,v_len-360)); A - 2

dbms_output.put_line(substr(v_sqltext,361,120)); IF v_len < 600 THEN dbms_output.put_line(substr(v_sqltext,481,v_len-480)); dbms_output.put_line(substr(v_sqltext,481,120)); IF v_len < 720 THEN dbms_output.put_line(substr(v_sqltext,601,v_len-600)); dbms_output.put_line(substr(v_sqltext,601,120)); IF v_len < 840 THEN dbms_output.put_line(substr(v_sqltext,721,v_len-720)); dbms_output.put_line(substr(v_sqltext,721,120)); IF v_len < 960 THEN dbms_output.put_line(substr(v_sqltext,841,v_len-840)); dbms_output.put_line(substr(v_sqltext,841,120)); END display_string; -- Main routine follows. IF tab_name IS NULL then RAISE invalid_parameter; SELECT count(*) INTO v_num FROM mask_table WHERE table_name = tab_name; IF v_num = 0 THEN dbms_output.put_line('no column entries to process.'); RAISE no_requirement; v_tab_name := substr(tab_name, 1,30) '_X'; IF DebugFlag THEN dbms_output.put_line('table to be created/used: ' v_tab_name); v_num := 0; SELECT 1 INTO v_num FROM user_tables WHERE table_name = tab_name; EXCEPTION WHEN no_data_found THEN IF ignoreflag THEN NULL; RAISE already_exists; A - 3

END; IF v_num = 0 THEN v_sqltext := 'create table ' v_tab_name ' as (select * from ' tab_name ' where 1=0 )'; IF DebugFlag THEN dbms_output.put_line(v_sqltext); EXECUTE IMMEDIATE v_sqltext; dbms_output.put_line('table ' v_tab_name ' created.'); dbms_output.put_line('using Table ' v_tab_name ' which already exists.'); -- Build up insert - select string v_sqltext := 'insert into ' v_tab_name ' select '; FOR r1 IN c1(tab_name) LOOP v_chk := 0; SELECT 1 INTO v_chk FROM mask_table WHERE table_name = tab_name AND column_name = r1.column_name; EXCEPTION WHEN no_data_found THEN v_chk := 0; END; IF r1.column_id = 1 THEN IF v_chk = 1 THEN IF r1.data_type = 'VARCHAR2' THEN v_sqltext := v_sqltext 'dbms_random.string(''a'',nvl(length(' r1.column_name '),0))'; ELSIF r1.data_type = 'DATE' THEN v_sqltext := v_sqltext 'sysdate-mod(dbms_random.random,1000)'; v_sqltext := v_sqltext r1.column_name; IF v_chk = 1 THEN IF r1.data_type = 'VARCHAR2' THEN v_sqltext := v_sqltext ', dbms_random.string(''a'',nvl(length(' r1.column_name '),0))'; ELSIF r1.data_type = 'DATE' THEN v_sqltext := v_sqltext ', sysdate-mod(dbms_random.random,1000)'; v_sqltext := v_sqltext ',' r1.column_name; END LOOP; -- cludge up the end of the string. v_sqltext := v_sqltext ' from ' tab_name; v_sqltext := v_sqltext ' where rownum < 11'; A - 4

IF DebugFlag THEN display_string(v_sqltext); IF length(v_sqltext) > 0 THEN EXECUTE IMMEDIATE v_sqltext; COMMIT; EXCEPTION WHEN already_exists THEN dbms_output.put_line('table to be created already exists.'); dbms_output.put_line(' Remove table and rerun.'); dbms_output.put_line(' Job terminated.'); WHEN no_requirement THEN dbms_output.put_line(' Table specified does not have any masking criteria.'); dbms_output.put_line(' Job terminated.'); WHEN invalid_parameter THEN dbms_output.put_line('no table name specified.'); dbms_output.put_line(' Job terminated.'); END mask_table_columns; A - 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information