Security Guide : 6. Using Data at Rest Encryption : Log Records and Passphrases
 
Share this page                  
Log Records and Passphrases
Caution!  The application source code calling the AES_ENCRYPT_VARCHAR or AES_DECRYPT_VARCHAR functions should be secured because the passphrase is visible in the call.
Caution!  The SET SESSION_TRACE command logs SQL statement text, which includes the passphrase. This command is limited to users with TRACE privilege and is written to a file owned by the installation owner, but session tracing should be used with caution if the encrypt and decrypt functions are in use.