Setting the value to 0 eliminates the ability of Toad do automatically save the SQL statements (Recently Used or History depending on the version) but adding SQL to Personal/Named or Saved (depending on the version) is no different than doing a File -> Save except the location of the storage is centralized. How are files with PAN in them handled? Can a user save a file to their hard drive/thumb drive/network share/puffy cloud? If they can, then this process is no different and can best be handled by policy enforcement/education vs trying to have a code change made.
Also, as Michael stated, adding encryption all over the product is ineffective and costly as far as processing goes. A far better solution would to be to encrypt the User Files folder where the information is stored.
Greg
From: tomaz [mailto:bounce-tomaz@toadworld.com]
Sent: Wednesday, September 07, 2016 11:17 AM
To: toadoracle@toadworld.com
Subject: RE: [Toad for Oracle - Discussion Forum] Encryption of UserFIles?
RE: Encryption of UserFIles?
Reply by tomaz
I added the idea to the Idea Pond, but would need a faster response.
The problem is compliance with PCI-DSS standard, that requires that at no point in time the unencrypted PAN should be stored on any media. SaveSQL.dat file stores SQL statements in native form thus violating the PCI-DSS standard. Hence the company supports many credit and charge cards for several banks, SQL statements containing PAN are quite commonly used by data analysts.
When setting the save SQL parameter to 0 still stores the last SQL statement to the SaveSQL.dat file. Suggestion is that the parameter 0 would really mean no SQL to be stored (I think that this is a bug) or better, that the SaveSQL.dat file would be encrypted.
Because of this reason, the company is already looking for a different product.
To reply, please reply-all to this email.
Stop receiving emails on this subject.
Or
Unsubscribe from Toad for Oracle Forum notifications altogether.
Toad for Oracle - Discussion Forum
Flag
this post as spam/abuse.