Re: Decryption within an application

I'm not neccesarily opposed to the sysadmin being able to decrypt the data,
but I don't want any other user outside of the application to have access to
the data. So what I can't figure out (even with SS key management) is how
to open the key only when connecting from the application, unless I compile
a password into the code.

Any thoughts on that would be helpful.

Thanks.

"Mike C#" <xyz@xxxxxxx> wrote in message
news:uH0ftcPmHHA.4624@xxxxxxxxxxxxxxxxxxxxxxx

"Chuck Reif" <creif@xxxxxxxxxxxxxxxxxxx> wrote in message
news:uvmlanAmHHA.4852@xxxxxxxxxxxxxxxxxxxxxxx
I need to encrypt one column of data in a single table and I pretty much
have all the operations figured out, including maintaining both the
encrpyted data and a one way hash for searches. I have a view which
decrypts the data properly when the symmetric key has been opened (and
obviously returns null when the key is not open).

I want the view to return the decrypted data only when the user is
accessing the database from a single application. This application
maintains a single database connection per session. My thought was to
open the key when the database connection is established by the
application and close it when the application exits, thereby granting
access only through the application. Is that an acceptable practice?

If I do that, should I protect the key with a password that is then
compiled in the application so that I can open the key? This means that
every installation will have a key protected by the same password. Or is
there a better way to do that?

Thanks for any help.

Well, when the key is opened it's specific to a session. So you could
have several sessions opening up the same key simultaneously and I
wouldn't think you'd encounter any problems. Of course you will probably
want to do some thorough testing to be sure, and also make sure you don't
take a performance hit there. I wouldn't recommend storing the key
hard-coded in your application. How about using the Automatic Key
Management feature of SQL 2005? The only real downside to it is that all
sysadmins can then decrypt your data (if that's a concern for you - it is
for some folks).



.

Relevant Pages

  • Re: PHP newbie. Storing sensitive data
    ... sysadmin doesn't control? ... Although encryption may help keep honest sysadmins from ... Even if I encrypt the data don't I have to store the decryption key ... key to decrypt the key to decrypt the key). ...
    (comp.lang.php)
  • Re: Cannot access a disposed object
    ... > safe and that it could easily be exposed to people who new what they were ... That's why I'm encrypting it. ... > the decrypting object stored in application to decrypt the data. ... Now, if you were using SQL Server for Session, I suppose it is remotely ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Windows->Linux. Graphical terminal emulator.
    ... >>In the channel we will have a random stream. ... > to decrypt it, someone could still get my sensitive information. ... use it only one time for the new session, we can use 1Kb key or longer), ... know how many bytes was lost, the synchronization will be lost as well. ...
    (alt.linux)
  • Re: Windows->Linux. Graphical terminal emulator.
    ... >>In the channel we will have a random stream. ... > to decrypt it, someone could still get my sensitive information. ... use it only one time for the new session, we can use 1Kb key or longer), ... know how many bytes was lost, the synchronization will be lost as well. ...
    (alt.os.linux)
  • Re: ....best way to encrypt a form posted URL string?
    ... > encode/encrypt a form posted URL and then decrypt it, ... tells info about the session. ...
    (comp.lang.php)