RE: Encrypt data - SQL Server 2000
From: Mr. Momotaro (momotaro_at_catholic.org)
Date: 01/22/04
- Previous message: John West: "RE: Encrypt data - SQL Server 2000"
- In reply to: Fred Langston: "RE: Encrypt data - SQL Server 2000"
- Next in thread: Eric McCarty: "RE: Encrypt data - SQL Server 2000"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 22 Jan 2004 10:47:37 -0500 (EST) To: focus-ms@securityfocus.com
> EFS is probably the worst approach to this problem and should me avoided
> in
> all but the smallest installations when applied in this manner. You need
> encryption technology designed for this type of application, not a
> user/filesystem based encryption system.
>
I'll piggy-back here that EFS doesn't cut it. EFS doesn't stop the DBAs
from seeing the data. EFS has to be configured in such a way SQL Server
has access to the file. Since SQL Server has access, the DBA will be able
to see into the table. Therefore, EFS will stop someone from stopping the
SQL Server service and copying off the data file if they are familiar with
this approach but aren't familiar with EFS.
The last time I talked to someone from Microsoft about this (a couple of
years ago, albeit), I believe Protegrity (http://www.protegrity.com/) was
the recommendation for encrypting at the table or column level.
Yes, you're going to suffer a performance hit because SQL Server won't be
able to index on the data, but there's always a trade-off.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: John West: "RE: Encrypt data - SQL Server 2000"
- In reply to: Fred Langston: "RE: Encrypt data - SQL Server 2000"
- Next in thread: Eric McCarty: "RE: Encrypt data - SQL Server 2000"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
