RE: Encrypt data - SQL Server 2000
From: Sasha (nospam_at_mail.com)
Date: 01/19/04
- Previous message: Fred Langston: "RE: Encrypt data - SQL Server 2000"
- In reply to: Kevin E. Casey: "RE: Encrypt data - SQL Server 2000"
- Next in thread: andreas: "RE: Encrypt data - SQL Server 2000"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 19 Jan 2004 12:02:10 +0200 (IST) To: focus-ms@securityfocus.com
On Fri, 16 Jan 2004, Kevin E. Casey wrote:
> If you need to encrypt data in 3 columns and 3 columns only, your best
> bet is to do the encryption at the application (in its data tier) level.
> Using .NET (or other tools), gives you a good range/assortment of tools
> and sencryption schemes to encrypt that confidential data. This keeps
> your DBAs from snooping around. Keeps backup copies safe from prying
> eyes and it also keeps the performance hit for en/decryption at the
> client (or web server level).
Just make sure that you use an encryption which do not produce the same
result twice. That is if you always encrypt 50000 to ABCDE, it will be
very easy to find which rows have the same value and thus who have the
same salaries.
Regards,
ASK
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Fred Langston: "RE: Encrypt data - SQL Server 2000"
- In reply to: Kevin E. Casey: "RE: Encrypt data - SQL Server 2000"
- Next in thread: andreas: "RE: Encrypt data - SQL Server 2000"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
