Re: SQL 2005 Encryption with off-the-shelf software

That covers securing data "in transit", but I think the OP might have been
asking about the new T-SQL encryption designed to protect your data "at
rest".

To answer the OP's question, the vendor would need to add support for T-SQL
encryption into their product. Even if you were able to modify the vendor
code to take advantage of T-SQL encryption on your own, it might be a
violation of your contract with the vendor...

"Plamen Ratchev" <Plamen@xxxxxxxxxxxxx> wrote in message
news:%23ZjzxCIMHHA.2232@xxxxxxxxxxxxxxxxxxxxxxx
You set up the SQL Server encryption at the SQL Server level. The third
party application that is using SQL Server will simply use the encrypted
connection. Once you set up the encryption between the client and the
server all connections will be encrypted.

See the following articles for more information on setting up encryption
in SQL Server:
http://support.microsoft.com/kb/276553
http://msdn2.microsoft.com/en-us/library/ms189067.aspx
http://msdn2.microsoft.com/en-us/library/ms191192.aspx

Another option is to use IPSec to encrypt the network traffic. This
happens at the network layer so no need to do any settings on SQL Server.

Here are more details about IPSec:
http://support.microsoft.com/default.aspx?kbid=888266
http://www.microsoft.com/technet/network/ipsec/default.mspx


Regards,

Plamen Ratchev
http://www.SQLStudio.com

<brimoore@xxxxxxxxxxx> wrote in message
news:1167837714.006022.249790@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I've been reading up on SQL Server 2005 encryption options, and it
seems that when retrieving encrypted data you must use either a key or
a certificate in your query to decrypt the data.

What if I am using a commercial, off-the-shelf product that utilizes a
SQL Server backend? Since I would not be designing the queries (they
would be "built in" to the app) is it possible to use SQL Server
Encryption?

My guess is that the 3rd party app would have to have native support
for SQL Server Encryption, probably in the form of a configuration
screen where one could enter a key or certificate information. But I
am new to this, and perhaps there is another way...

Any insights would be appreciated.





.

Relevant Pages

  • Re: SQL or Access DB
    ... As far as encryption goes though... ... with Sql Server you can use SQL DMO and encrypt your stored procedures ... installation - Security was absolutely critical and in most instances, ... > then we create a nice gui around this database and sell it to automotive ...
    (microsoft.public.dotnet.languages.vb)
  • RE: Views
    ... you must understand that SQL Server 2000 does not support ... database data encryption as such. ... following method in the KB below to enhance the security. ... Microsoft is providing this information as a convenience to you. ...
    (microsoft.public.sqlserver.programming)
  • Re: Protecting database from administrators
    ... >> there is no encryption while at rest it must still be secure. ... >> All the security MS has offered is weak. ... If it is attached to SQL Server ...
    (microsoft.public.sqlserver.security)
  • Re: MSDE Security (aka users looking at my apps database)
    ... > I have been called in more than once to untangle all sorts of developer ... let's think about a genious tool, RAC by SQL Server MVP Thanh Ngo.. ... even if SQL Server encryption has been defeated... ... think to privacy protection for sensible data... ...
    (microsoft.public.sqlserver.msde)
  • Re: is WITH ENCRYPTION now safe in SQL2005?
    ... There are very dissenting opinions on that in the SQL Server community. ... you are in this situation you are quite happy that you can decrypt the ... How would a safe encryption method be implemented? ... private key, SQL Server must have access to that private key. ...
    (comp.databases.ms-sqlserver)