RE: Encrypt data - SQL Server 2000

From: Eric McCarty (eric_at_lawmpd.com)
Date: 01/15/04

  • Next message: Locher Thomas: "USB - Devices" 
    Date: Thu, 15 Jan 2004 13:08:11 -0800
To: <focus-ms@securityfocus.com>

    You can Encrypt the data from client to Server using SSL or the standard
    encryption within the protocol library :

    http://support.microsoft.com/default.aspx?scid=kb;en-us;316898

    Other than that I would follow these guidelines and call it a day, I
    don't believe that encrypting the data within the database is supported
    natively, but I'm

    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodt
    echnol/sql/maintain/operate/opsguide/sqlops3.asp

    Eric McCarty

    -----Original Message-----
    From: Eduardo.Ortiz@alderwoods.com [mailto:Eduardo.Ortiz@alderwoods.com]

    Sent: Thursday, January 15, 2004 10:02 AM
    To: focus-ms@securityfocus.com
    Subject: Encrypt data - SQL Server 2000

    Hello,

    We are implementing an Enterprise Data Warehouse. We already have data
    regarding different business process. Now we need to include Payroll
    data
    in our SQL Server (2000) database. Business users have specific security
    requirements about this sensitive data. They want to secure the
    following
    information:
    * Annual employee salaries
    * Commissions
    * Wages
    This information is stored in two tables and are three different
    columns.
    We have already implemented a tight security schema for the server,
    database and user groups (active directory), but business users want
    more
    security. Now we are planning to encrypt the data (just these three
    columns) in the database. I did not find any function in SQL Server to
    encrypt data. I found a tool provided by Application Security Inc
    (http://www.appsecinc.com) called DbEncrypt. Have you guys heard or
    worked
    with tool? Do you any suggestion or recommendation to encrypt the data?

    Thanks,
    Eduardo Ortiz

    ------------------------------------------------------------------------ 

    ---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------
  • Next message: Locher Thomas: "USB - Devices"

    Relevant Pages

    • Re: Application security question
      ... you want to implement security. ... So you are protecting the database from direct querying and altering ... login credentials for the database from the application. ... Why encrypt the password? ...
      (comp.lang.java.programmer)
    • Re: Password encryption
      ... I have source code to the database including ODBC server and ... can encrypt the password before passing it to us so we can remain ignorant ... support for AD integration so that customers can logon to our database ... i.e. they enter it into the ODBC/JDBC client. ...
      (microsoft.public.windows.server.active_directory)
    • Re: Can web site data be protected from access by the webmasters?
      ... create a development database with junk data. ... the changes to a staging server that uses the junk data. ... > I have advised the client to be wary of security. ... > But I don't see that there could be any way to completely encrypt that ...
      (microsoft.public.sqlserver.security)
    • Re: Password encryption
      ... support for AD integration so that customers can logon to our database ... i.e. they enter it into the ODBC/JDBC client. ... our ODBC/JDBC client and server code has access to this password in clear ... encrypt their password so the encrypted password could be passed through ...
      (microsoft.public.windows.server.active_directory)
    • Re: subtext search in encrypted text
      ... > that would mean that all clients would need to possess all the ... > keys that are used to encrypt the database. ... > server, but it does not seem to help when the clients are the most ...
      (sci.crypt)