Re: Encrypt data - SQL Server 2000
From: Dark-Avenger (Dark-Avenger_at_comcast.net)
Date: 01/21/04
- Previous message: silkm_at_hushmail.com: "RE: Encrypt data - SQL Server 2000"
- In reply to: Harbar, Spencer: "RE: Encrypt data - SQL Server 2000"
- Next in thread: Michael Silk: "RE: Encrypt data - SQL Server 2000"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 20 Jan 2004 23:49:49 -0600 To: focus-ms@securityfocus.com
This may be too simple of a solution, but why not use
RSA_public_encrypt() in the application that inserts or updates these
fields, and RSA_private_decrypt() with access to the private key for
privileged users that need to view the data?
D-A
>
>-----Original Message-----
>From: Eduardo.Ortiz@alderwoods.com [mailto:Eduardo.Ortiz@alderwoods.com]
>
>Sent: 15 January 2004 18:02
>To: focus-ms@securityfocus.com
>Subject: Encrypt data - SQL Server 2000
>
>Hello,
>
>We are implementing an Enterprise Data Warehouse. We already have data
>regarding different business process. Now we need to include Payroll
>data in our SQL Server (2000) database. Business users have specific
>security requirements about this sensitive data. They want to secure the
>following
>information:
>* Annual employee salaries
>* Commissions
>* Wages
>This information is stored in two tables and are three different
>columns.
>We have already implemented a tight security schema for the server,
>database and user groups (active directory), but business users want
>more security. Now we are planning to encrypt the data (just these three
>columns) in the database. I did not find any function in SQL Server to
>encrypt data. I found a tool provided by Application Security Inc
>(http://www.appsecinc.com) called DbEncrypt. Have you guys heard or
>worked with tool? Do you any suggestion or recommendation to encrypt the
>data?
>
>Thanks,
>Eduardo Ortiz
>
>
>
>------------------------------------------------------------------------
>---
>------------------------------------------------------------------------
>---
>
>
>
>
>
>---------------------------------------------------
>This email from dns has been validated by dnsMSS Managed Email Security and is free from all known viruses.
>
>For further information contact email-integrity@dns.co.uk
>
>
>
>
>
>---------------------------------------------------------------------------
>---------------------------------------------------------------------------
>
>
>
>
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: silkm_at_hushmail.com: "RE: Encrypt data - SQL Server 2000"
- In reply to: Harbar, Spencer: "RE: Encrypt data - SQL Server 2000"
- Next in thread: Michael Silk: "RE: Encrypt data - SQL Server 2000"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
