Re: Encrypting data in SQL 2005



Why not have the application request the password when the authorized user
logs in to the database. The application can then open the key using that
password and use it for encryption/decryption. Finally, when the user
disconnects, the key should be closed. The key password would be needed in
addition to the credentials required for connecting to the database. As you
are not hardcoding it anywhere, a dbo would not be able to get to it.

Thanks

--
Laurentiu Cristofor [MSFT]
Software Design Engineer
SQL Server Engine
http://blogs.msdn.com/lcris/

This posting is provided "AS IS" with no warranties, and confers no rights.

"Jim Youmans" <jdyoumans@xxxxxxxxx> wrote in message
news:1147959831.765199.107920@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I had read that but it does not answer the question of how to protect
the password. I don't want to code it into my stored procedure becase
then someone (a developer or DBA) would be able to look at the code and
then see it.

What I need is a suggestion for a system that allows the application to
get to the password but have that access to the password limited to the
app and the security group that put it on the box.

Any thoughts??

Thanks!

Jim



.