Re: Encription for MDF files

From: Mercury (me_at_spam.com)
Date: 07/30/05 

Date: Sun, 31 Jul 2005 00:15:14 +1200

Respectfully, EFS by itself is not a complete solution.

If the box is stolen - including the EFS recovery keys, then you are no
better off as the system administrator password can be hacked, the filestore
accessed and viola!

If you want to protect against this, then research the syskey command and
also read up about EFS recovery agents and make sure you know the full in's
and out's of it as otherwise it could cost you all your data. It is common
for people to lose data by losing EFS keys.

If some of your data is critical - e.g. columns containing say credit card
numbers, then encrypt it before it is stored and decrypt it when retrieving.
It is easy to code using .Net. This is not an easy solution tho' as you also
have to protect the keys used for encryption and decryption here. If you
want to store some type of passwords - use hashing instead - it is a one way
process. Research SHA1, SHA256 etc.

HTH

"Hari Prasad" <hari_prasad_k@hotmail.com> wrote in message
news:ut72iu6kFHA.2396@TK2MSFTNGP12.phx.gbl...
> Hi,
>
> You can use the Encrypted File System Support on Windows 2000
>
> Windows 2000 support encrypted file system property.
>
> Below are the steps encrypt the data files:
>
> 1) Logon with the SQL Server startup account
> 2) Stop SQL Server and sql agent service
> 3) Right click the data files, select properties, click Advance button,
> check the "Encrypt contents to secure data"
> 4) Start the SQL Server service
>
> See the below KB for more information:-
>
>
> HOW TO: Encrypt Data Using EFS in Windows 2000
> http://support.microsoft.com/default.aspx?scid=kb;en-us;230520
>
> Note:
> If you change the SQL Server startup accout you have to redo the same,
> otherwise SQL Server service will not start.
>
>
> "With EFS, database files are encrypted under the identity of the account
> running SQL Server. Only this account can decrypt the files. If you need
> to
> change the account that runs SQL Server, you should first decrypt the
> files under the old account, then re-encrypt them under the new account."
>
> --
> Thanks
> Hari
> SQL Server MVP
>
>
>
> "Sharad2005" <niitmalad@yahoo.co.uk> wrote in message
> news:9667DEDF-C6BD-4817-BC5E-88941ABE10D2@microsoft.com...
>> Dear Friends
>>
>> I want to use the encryption for the MDF files so that no one can just
>> copy
>> the data and attach the MDF files to access the database.
>>
>> When i have done the same the database is in Suspect Mode. Please suggest
>> what can be the reason.
>>
>> I also have the following questions.
>>
>> 1. Can another user restore the database backup for the encrypted MDF
>> files.
>>
>> Thanks in advance.
>>
>> Best regards
>> Shailesh
>
>

Quantcast