RE: Encrypt data - SQL Server 2000

Eduardo.Ortiz_at_alderwoods.com
Date: 01/19/04

  • Next message: Bohling James CONT JBC: "RE: About MS-Networking security." 
    To: focus-ms@securityfocus.com
Date: Mon, 19 Jan 2004 09:44:57 -0800

    Hello Eric,

    Thanks a lot for your message. Regarding you recommendation to encrypt the
    data from client to Server using SSL, I am not really sure how to implement
    it. (Business users requested that, but I do not know how implement it and
    if I really need it). Maybe if I give your more details about our DW you
    could give me more ideas about the implementation.

    Our solution is a Data Warehouse; we have three big production servers:
    Data Server (SQL Server 2000), ETL Server, and Presentation Server (Crystal
    tools). We have one server with MS Windows Server 2003 and the others with
    MS Windows Server 2003 service pack 4. End users acccess data using Crystal
    Enterprise (CE) as a portal, the authentication is via Active Directory. We
    have many reports that have been built either in Crystal Analysis (CA) or
    Crystal Reports (CR). Crystal Analysis reports access Microsoft cubes and
    Crystal Reports go directly to the views created in Database with
    restricted access.

    End users do not have any application installed in their PCs. They access
    the CE portal through the Intranet and, then they see just to the menus and
    reports assigned to them.

    Do you see room to implement SSL in this schema? Please let me know.

    Thanks,
    Eduardo Ortiz

    Date: Thu, 15 Jan 2004 13:08:11 -0800
    To: <focus-ms@securityfocus.com>

    You can Encrypt the data from client to Server using SSL or the standard
    encryption within the protocol library :

    http://support.microsoft.com/default.aspx?scid=kb;en-us;316898

    Other than that I would follow these guidelines and call it a day, I
    don't believe that encrypting the data within the database is supported
    natively, but I'm

    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodt
    echnol/sql/maintain/operate/opsguide/sqlops3.asp

    Eric McCarty

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Bohling James CONT JBC: "RE: About MS-Networking security."

    Relevant Pages

    • Re: Crypted fields
      ... I did check on the server I use for my internet ... As a bookseller I have a internet site with form to order books. ... You need to make sure your order form is using SSL at the browser ... You also need to encrypt the data when it reaches your email server. ...
      (borland.public.delphi.thirdpartytools.general)
    • Re: A cryptography solution for a client/server winforms app
      ... good idea if you want to learn crypto. ... you control both the client and server, you don't even need to use a ... code the client to ignore certificate trust errors. ... encrypt the memory stream. ...
      (microsoft.public.dotnet.security)
    • Re: SSL without certificates
      ... >> I want to use SSL for client to server communication. ... As I said in my original post, I want to use SSL to encrypt the ...
      (alt.computer.security)
    • Re: SSL without certificates
      ... >> I want to use SSL for client to server communication. ... As I said in my original post, I want to use SSL to encrypt the ...
      (microsoft.public.win2000.security)
    • Re: A cryptography solution for a client/server winforms app
      ... You could use a self-signed cert deployed with the server ... code the client to ignore certificate trust errors. ... generate a hash value for the data in the memory stream. ... encrypt the memory stream. ...
      (microsoft.public.dotnet.security)