Re: Encryption
- From: John <XMS@xxxxxxxxxxxxxxxxx>
- Date: Fri, 25 Jul 2008 09:25:12 -0700
I wasn't here when the application shipped, so I just took the explanation I
received at face value. I see this was not my best choice.
The requirement I was given is for some portion of the tables in the mdf we
distribute to be encrypted. This is primarily an administrative rather than
a technical requirement, and chances of it changing are small.
I realize that almost any encryption scheme can be cracked if you throw
enough horsepower at it. The question from my management that I will need to
answer is whether we can make a database used by SQL Express 2005/8 "secure"
using "in the box" SQL Server technologies. Vague question with fuzzy
clarifiers.
If you could toss out a guestimate of how much effort it would take, that
would be very much appreciated.
Thanks,
John
"Erland Sommarskog" wrote:
John (XMS@xxxxxxxxxxxxxxxxx) writes:.
We have an application which uses a local SQL2k db that we plan to
migrate to Sql 2005/8 eventually. We currently use a 3rd party
encryption tool because by installing a SQL encrypted MDF on a server a
SA can bypass the encryption.
The 3rd party shim we use now has caused many ongoing compatibility
problems
with other windows applications.
Has the behavior of native SQL Server encryption changed such this
security hole is no longer an issue?
Could you clarify? The only encryption SQL 2000 supported was to permit
the communication to SQL Server to be encrypted, but there was no support
for encrypting data at rest. So it's difficult what security hole you
were talking about, as there was no thing to have a hole in.
SQL 2005 offers the ability to store data encrypted, and SQL 2008 offers
more functionality in this area. I think all the new features in SQL 2008
are in Enterprise Edition only.
However, encrypting the data, so that it will be out of reach for a DBA
who is dead set go getting it, will remain difficult.
--
Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
- Follow-Ups:
- Re: Encryption
- From: Erland Sommarskog
- Re: Encryption
- References:
- Re: Encryption
- From: Erland Sommarskog
- Re: Encryption
- Prev by Date: Re: DENY ALL on system SPs in a database
- Next by Date: Deny Delete on Entire DB
- Previous by thread: Re: Encryption
- Next by thread: Re: Encryption
- Index(es):
Relevant Pages
|
