Re: Encrypt/Decrypt SQL Server 2005 data files

Have you looked at using Windows Encrypted File System? That's the supported
way of protecting your data at the filesystem level. There are a few things
to be careful with paticularly with login/permissions management when
encrypting the folder but it's not rocket science (and well document in
msdn/technet).

As for losing the drive, well, not much you can do there really. Even if you
encrypt the filesystem, that generally just delays the would-be thief. When
you lose the hardware, pretty much all bets are off. If you're thinking of
notebooks, you can implement both EFS and secure the hard disk with a
password (go to setup when you boot). That makes is REALLY hard to get
through and will probably buy you enough time to initiate all kinds of
remedial defense actions (e.g. place credit alerts, cancel credit cards,
update resume & post on monster.com, etc...) before they get to your data.


joe.

"Robert Robinson" <robbiex@xxxxxxxxxxxxx> wrote in message
news:e9fdHUdDHHA.3660@xxxxxxxxxxxxxxxxxxxxxxx
We are trying to encrypt/decrypt a SQL Server 2005 database file.
It is my understanding that you can encrypt the main database, but not its
log file. The database file was successfully encrypted, but SQL Server
failed to decrypt it on opening after a many minutes delay. The database
was subsequently decrypted with a manual command, but the database had
been damaged and couldn't be re-opened. It had to be deleted and restored.
It appears that there is no practical way to use an encrypted SQL database
because of apparent glitches and the extremely slow decryption process.
We have considered backing up the database, encrypting the backup copy,
deleting the database from the SQL directory on shutdown and then
restoring it on startup. Another alternative is to store the data on
removable media.
I would greatly appreciate a suggestion as to how to best protect the
data. We use SecuriKey to protect OS system startup. This works, but it
doesn't protect the data if, for example, the hard drive is moved to
another computer.
I have read the following article:
http://msdn.microsoft.com/msdnmag/issues/05/06/SQLServerSecurity/default.aspx

Thank you very much.

Robert Robinson


.

Relevant Pages

  • Re: general concerns regarding hacking of .NET assemblies
    ... >> CLI metadata to more or less random names, and optionally encrypting ... >> passwords used to access remote data, like a database server). ... >> Of course the password is encrypted in the file, but once the hacker finds ... > in .Net to sign your assemblies with a strong name, ...
    (microsoft.public.dotnet.security)
  • Re: AES Questions From Another Dummy.
    ... C++ rand() is typically not recommended. ... Encrypting so several people can read it makes me think public-key crypto.. ... The other extreme would be to have everything in the database encrypted using ...
    (sci.crypt)
  • RE: general concerns regarding hacking of .NET assemblies
    ... > disassembled into its easily readable, underlying CLI code. ... > CLI metadata to more or less random names, and optionally encrypting internal ... > passwords used to access remote data, like a database server). ... > My application connects to a remote database, so let’s say a hacker wants to ...
    (microsoft.public.dotnet.security)
  • Re: general concerns regarding hacking of .NET assemblies
    ... > management application using the .NET framework and am becoming worried ... > CLI metadata to more or less random names, and optionally encrypting ... > passwords used to access remote data, like a database server). ... in .Net to sign your assemblies with a strong name, ...
    (microsoft.public.dotnet.security)
  • Re: Store database password
    ... We are storing our database password in an include ... > file that resides outside of the web root. ... > about securely encrypting that password? ... If the server is apache on *nix... ...
    (comp.lang.php)