Re: SQL-Server and Content encryption
From: Hal Berenson (haroldb_at_truemountainconsulting.com)
Date: 04/26/03
- Previous message: Hal Berenson: "Re: sp_setapprole"
- In reply to: Andrew J. Kelly: "Re: SQL-Server and Content encryption"
- Next in thread: Kubyshev Andrey: "Re: SQL-Server and Content encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 25 Apr 2003 17:05:48 -0700
The problem of securely keeping the key out of the hands of the sa is why
SQL Server 2000 didn't directly tackle the content encryption problem.
Instead SQL Server relies on EFS for media-level protection and third
parties were encouraged to provide more extensive solutions. You can find a
list of third party solutions under "Encryption" at
http://www.sqlsecurity.com/DesktopDefault.aspx?tabindex=9&tabid=11
-- Hal Berenson True Mountain Consulting "Andrew J. Kelly" <ajkellynospam@attbi.com> wrote in message news:%23CN%23cZaCDHA.1304@TK2MSFTNGP11.phx.gbl... > That will not do what he requested. There would be nothing to stop the sa > from calling the udf and decrypting the data. > > -- > > Andrew J. Kelly > SQL Server MVP > > > "Madhu" <madhu@visionencompass.com> wrote in message > news:O800dJaCDHA.2376@TK2MSFTNGP10.phx.gbl... > > Hi, > > > > U can try this. (only in Sql server 2000) > > > > 1. Have a encryption api from third party vendor (ex: activecrypt.com) > > 2. Map the dll to sql server using extended stored procedure > > 3. Write a user-defined function to call the encrypt and decrypt > functions. > > Use some your own password (which are exposed in API) > > 4. Rename all tables to <table_name_org> (could be anything) > > 5. Create a view as original table name > > 6. Write a triggers to view to insert/update/delete the actual table > > > > If you have any problem revert back. > > > > Bye, > > Madhu > > > > "Andrew J. Kelly" <ajkellynospam@attbi.com> wrote in message > > news:uR$SS#ZCDHA.392@TK2MSFTNGP12.phx.gbl... > > > SQL Server does not have any encryption features built in like that. If > > you > > > really don't want anyone (even sa) to be able to decrypt it then you > must > > do > > > the encryption and decryption in the application. Then sql server is > just > > a > > > data store as it is intended and unless someone else has this decryption > > > scheme they won't be able to interpret the data even if they can read > it. > > > > > > -- > > > > > > Andrew J. Kelly > > > SQL Server MVP > > > > > > > > > "Reiner" <Reiner.proels@laposte.net> wrote in message > > > news:02b301c3099b$f4f9ac50$2f01280a@phx.gbl... > > > > Hello, > > > > > > > > is there any possibility to hide the datas stored in the > > > > database even for an administrator (encryption). So only a > > > > special application with a build in password / key can > > > > read the data stored in the SQL-Server database? > > > > > > > > Thanks > > > > > > > > Reiner > > > > > > > > > > > >
- Previous message: Hal Berenson: "Re: sp_setapprole"
- In reply to: Andrew J. Kelly: "Re: SQL-Server and Content encryption"
- Next in thread: Kubyshev Andrey: "Re: SQL-Server and Content encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
