[AccessD] SQL Server Encrypted field

Charlotte Foust charlotte.foust at gmail.com
Thu Jun 7 08:54:59 CDT 2012


So do you want to discuss how to do this using the built in SQL Server
features or through encryption/decription at the UI level?

Charlotte Foust
On Wed, Jun 6, 2012 at 10:08 AM, jwcolby <jwcolby at colbyconsulting.com>wrote:

> I need to store sensitive data in specific fields of specific tables.  I
> find things like:
>
> http://msdn.microsoft.com/en-**us/library/ms179331.aspx<http://msdn.microsoft.com/en-us/library/ms179331.aspx>
>
>
>
> Which discusses creating a certificate etc.  Hmm... what happens if the
> database is backed up?  What happens if I need to move the database?
>
> And of course my favorite SQL guy (Pinal Dave):
>
> http://blog.sqlauthority.com/**2009/04/28/sql-server-**
> introduction-to-sql-server-**encryption-and-symmetric-key-**
> encryption-tutorial-with-**script/<http://blog.sqlauthority.com/2009/04/28/sql-server-introduction-to-sql-server-encryption-and-symmetric-key-encryption-tutorial-with-script/>
>
>
>
> In the end however what I want do (in this case) is to allow specific
> information to be encrypted / decrypted on a user specific basis, i.e.
> based on something user specific.
>
> Assume that users need to store their own Email Address, username and
> password in my database and then use that to send email "on their behalf"
> from my system.  The database is used for generating Community Volunteer
> passes, and when the pass is created it is printed to PDF, attached to an
> email and mailed to one or more email address at a specific prison.  I have
> created a new GMail account with a username and password but it would be
> nice to allow each user to enter their own email address / username /
> password to send from so that if there are issues and the prison replies to
> the email, it gets back to them directly.  Using my current system it would
> come back to my general address.  Of course I can do a "do not respond to
> this email" kind of thing but I have already been asked if they can get
> responses.
>
> Obviously if I am going to store a user's email address, username and
> password it has to be encrypted, but furthermore it has to be retrievable
> only by that user.
>
> --
> John W. Colby
> Colby Consulting
>
> Reality is what refuses to go away
> when you do not believe in it
>
> --
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/**mailman/listinfo/accessd<http://databaseadvisors.com/mailman/listinfo/accessd>
>
>
> Website: http://www.databaseadvisors.**com<http://www.databaseadvisors.com>
>
>
>


More information about the AccessD mailing list