OBIEE 11g RPD Encryption is HomeGrown?
Author: Christian Screen | 2 min read | April 23, 2011
A client recently asked me to find some information regarding the security algorithm used to encrypt the RPD in OBIEE 11g. After some investigation and attempts at trying to identify the encryption patterns, I came across a section in the Oracle BI 11g documentation for encryption in presentation services. A segment of this particular section goes on to say…
“Finally, a proprietary key-based encryption provides security to prevent unauthorized users from accessing the metadata repository.”
Well there is your answer, it is a proprietary encryption algorithm. This leads me to believe that the algorithm applied to the repository (RPD), utilizing the repository password most likely as a hash key, is most likely something like DES. No matter what algorithm really is I believe encrypting the repository in OBI 11g was a brilliant idea.
My opinion is that the RPD encryption is just a deterrent rather than an actual attempt at mission critical security lock-down. Because, if a professional hacker was able to get into your system and get at your RPD, chances are they would already be able to access a myriad of other sensitive bits of information and data, making the compromise of your RPD the least of your concerns.
References:
http://download.oracle.com/docs/cd/E14571_01/bi.1111/e10543/authentication.htm#BABBIBBI