Re: Encrypting data in existin application

From: Dan Farino (news.danATstamps.com)
Date: 07/06/03 

Date: Sat, 5 Jul 2003 20:38:26 -0700

You're dealing with a very tough problem...even if you did encrypt the data,
where are they keys kept? Are they going to be in the SQL database somewhere
(which would need to happen for your stored procedures to be able to act on
the data)?

Unfortunately, in the majority of cases, encrypting data really doesn't help
anything. It just requires you to shift your efforts over to the
equally-difficult key-management problem. 

-- 
Dan Farino
Sr. Systems Engineer
Stamps.com, Inc.
news.danATstamps.com
"Karthik" <karthik@maximizelearning.com> wrote in message
news:ubZlu8fQDHA.2228@tk2msftngp13.phx.gbl...
> Hi,
>
> I have an existing financial software application. This connects to a
> database having tables that have basic datatypes like int, decimal,
varchar
> etc.
>
> Now, I have a requirement wherein i should encrypt most of the data that
is
> fed into the system. This is especiall with regards to int and decimal
> fields as this may contain monetary values.
>
> How do i go about doing the same ? I wouldn't want to change too much of
> code as lots of SQL queries are there. And there are sql statements that
> compare between two different columns to decide on a certain action.
>
> Can someone advice me as to what is to be done ?
>
> Regards,
> Karthik.
>
>

Relevant Pages

  • Re: Encrypting data in existin application
    ... The wiCrypt product we use manages all keys outside the database in an encrypted ... > You're dealing with a very tough problem...even if you did encrypt the data, ... Are they going to be in the SQL database somewhere ... This is especiall with regards to int and decimal ...
    (microsoft.public.sqlserver.security)
  • Re: Encrypting passwords in a SQL database
    ... On a basic level, hashes, as David suggests, are often a good means. ... classes to create a much more secure encrypt method. ... > Is there a way to encrypt password column in a SQL database? ...
    (microsoft.public.sqlserver.programming)
  • RE: local admin account password
    ... > encrypt the database and create alerts in the event of unsuccessful ... >> no more recovery console and don't think cached logins will work. ... >> The DB file would be encrypted with EFS so only the limited user SQL ... >> itself doesn't really need to be secure as the authentication is based ...
    (Focus-Microsoft)
  • Re: Relational database & OO
    ... And when was the last time you saw an RDB that stored a telephone ... The modern relational theory permits to store values of user-defined type: ... Neither do the relational model or SQL. ... Your comprehension of the SQL database performance is not good. ...
    (comp.object)
  • Re: SQL Server 2000 / 2005 Encryption
    ... encrypting the connection makes sense to me. ... This is possible on SQL 2005 via built-in T-SQL statements and functions, but requires 3rd-party tools, usually some sort of extended procedures. ... to encrypt your SSL connections will be different. ... Excel does not know how to decrypt data stored in SQL Server 2005 in encrypted form. ...
    (microsoft.public.sqlserver.security)
Loading