RE: Encrypt data - SQL Server 2000
From: Stacy Millions (stacy_at_Millions.Ca)
Date: 01/21/04
- Previous message: Tod Beardsley: "Re: Local Account Vs Domain Account"
- In reply to: silkm_at_hushmail.com: "RE: Encrypt data - SQL Server 2000"
- Next in thread: Harbar, Spencer: "RE: Encrypt data - SQL Server 2000"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 21 Jan 2004 18:26:51 -0000 To: <focus-ms@securityfocus.com>
silkm@hushmail.com said:
> Well the point here is the DBA's don't need to know anything
> about the encrypted data ... just have them create tables to
> hold it.
>
> You need to educate your progammers on how to encrypt it, and
> there are plenty of resources for that no matter what language
> you choose.
Two considerations before using application level encryption:
1) If the column in question is going to be indexed, then you
probably don't want to encrypt the data in it :-)
2) Key Management. If the application has to encrypt/decrypt the
data, where does it get the key and is that process any more
secure than the security you already have around the data in
the database.
-stacy
--
"On two occasions I have been asked [by members of Parliament!], `Pray,
Mr. Babbage, if you put into the machine wrong figures, will the right
answers come out?' I am not able rightly to apprehend the kind of
confusion of ideas that could provoke such a question."
-- Charles Babbage
Stacy Millions stacy@millions.ca
Millions Consulting Limited
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Tod Beardsley: "Re: Local Account Vs Domain Account"
- In reply to: silkm_at_hushmail.com: "RE: Encrypt data - SQL Server 2000"
- Next in thread: Harbar, Spencer: "RE: Encrypt data - SQL Server 2000"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
