Art of BI: OBIEE 11g RPD Encryption is HomeGrown?

A client recently asked me to find some information regarding the security algorithm used to encrypt the RPD in OBIEE 11g.  After some investigation and attempts at trying to identify the encryption patterns, I came across a section in the Oracle BI 11g documentation for encryption in presentation services.   A segment of this particular section goes on to say…

“Finally, a proprietary key-based encryption provides security to prevent unauthorized users from accessing the metadata repository.”

Well there is your answer, it is a proprietary encryption algorithm.  This leads me to believe that the algorithm applied to the repository (RPD), utilizing the repository password most likely as a hash key, is most likely something like DES.  No matter what algorithm really is I believe encrypting the repository in OBI 11g was a brilliant idea.

My opinion is that the RPD encryption is just a deterrent rather than an actual attempt at mission critical security lock-down.   Because, if a professional hacker was able to get into your system and get at your RPD, chances are they would already be able to access a myriad of other sensitive bits of information and data, making the compromise of your RPD the least of your concerns.

References:

http://download.oracle.com/docs/cd/E14571_01/bi.1111/e10543/authentication.htm#BABBIBBI

Contact Us
Christian Screen
Christian is an innovator in analytics and data warehousing design, best practices, and delivery. With more than fifteenyears of decision support and data warehousing with key experiences at Office Depot HQ, Sierra-Cedar, and Capgemini, he oversees the Oracle Analytics Practice which includes the technical development and delivery of Oracle BI collaboration software, data warehouse solutions, Oracle BI/EPM projects, and packaged analytics solutions at Datavail.

Leave a Reply

Your email address will not be published.
Required fields are marked (*).