Many applications need to store handle large
amounts of unstructured data in the form of files such as images
of checks, X-rays and other scanned documents such as invoices,
article drafts or satellite images. This is a big challenge
in terms of performance and can be a severe security risk.
With Release 11g Oracle has extended the TDE
functionality for LOBs. Oracle has completely re-invented the LOB
datatype to improve performance and security. This new lob
datatype data is always stored inside the database and on the
other hand it comes with benefits such as file system like
Performance tests have shown that query read
access is up to 2 times faster and inserting can even be up to 5
times faster compared with conventional lobs, which are called
basicfile lobs as of Oracle 11g. Securefile lobs even
outperform Linux NFS/EXT3 files system at all file sizes.
Securefiles are fully compatible with the traditional LOB
interfaces such as JDBC (Java thick and thin
clients), ODBC, OCI, .NET.
and applications can fully transparently take advantage of
It is possible to use operating system
interfaces to access securefile lobs through the WebDAV
servers of Oracle XML DB or Oracle
Content DB. Data can be accessed using protocols such as
WebDAV, HTTP, NFS and FTP.
The new securefile lob columns can be
compressed and they support de-duplication,
file system like logging and encryption.
In this chapter I will mainly discuss the
security aspects of securefile lobs. I do not go into details with
features like compression and de-duplication.
The following Oracle products use securefile
lobs as underlying storage:
% For encrypted
securefile lobs you need the extra cost Advanced Security
The following encryption algorithms are
supported for securefile lobs:
Securefile lobs are fully capable of the following Oracle
Transactions and Read Consistency
Backward Compatibility with LOB Interfaces
Point in Time Recovery
Fine Grained Auditing
XML indexing, XML Queries, XPath
Real Application Clusters (RAC)
Automatic Storage Management (ASM)