Francisco Tapia
fhtapia at gmail.com
Tue May 10 11:47:02 CDT 2005
So data would only be as safe as the user's memory for their Pwd. So Technically the entire columns or rows could be encrypted within the sproc and the user's choice of pwd but also w/o storing the pwd used. Thinking more technically on this, the entire HR dept would need access to these screens right? or a certain number of people in HR would need access, thus 2 or more people would possibly know the pwd, possibly writting it down in a memo pad and end up storing it under their keyboard... :| ---------- Forwarded message ---------- From: Gavin <gavin at cobraball.co.uk> Date: May 10, 2005 9:33 AM Subject: Re: Security & encryption To: SQL Server 2k List <sql2k at ls.sswug.org> You could make it so part of the encryption key was a value that only the user knew and had to type in every time they used the application so even if you had the decryption code and the data in the database you'd never be able to make clear text again. However if they forgot their key and you had no admin user or key then you'd never get your data back, in a truly secure system there's purposely no way around this. This system would allow you to write the front end application but still not read the data it handled. ----- Original Message ----- *From:* Francisco Tapia <fhtapia at gmail.com> *To:* SQL Server 2k List <sql2k at ls.sswug.org> *Cc:* roz.clarke at donnslaw.co.uk ; dba-sqlserver at databaseadvisors.com *Sent:* Tuesday, May 10, 2005 5:25 PM *Subject:* Re: Security & encryption Oh, I hadn't thought of that. If it is encrypted at the Front end, as a DBA you'd still be able to get to the data tho... On 5/10/05, Gavin <gavin at cobraball.co.uk> wrote: > > It could very easily be done if the encryption is handled purely in the > front end application. > While possible to encrypt a whole table you'd need to ask yourself how > you'd join on its columns or write your where clauses and still benefit from > the client/server model. > You could even encrypt everything in your SQL Server database but the > overhead in network traffic and client processing would be huge. > > ----- Original Message ----- > *From:* Francisco Tapia <fhtapia at gmail.com> > *To:* SQL Server 2k List <sql2k at ls.sswug.org> > *Cc:* roz.clarke at donnslaw.co.uk > *Sent:* Tuesday, May 10, 2005 5:14 PM > *Subject:* Fwd: Security & encryption > > I'm forwarding this message on to this list because I think the author of > the original post would receive a better response from this group... I am > also curious how a dba could encrypt a whole table (or set of tables) and > lock themselves out of it.. :| > > > ---------- Forwarded message ---------- > From: Roz Clarke <roz.clarke at donnslaw.co.uk> > Date: May 10, 2005 2:04 AM > Subject: Security & encryption > To: > Hi all > > This may or may not be slightly OT... We have been asked by our HR > department whether it's possible for us to build a storage facility for > confidential data (such as salary information), that is encrypted and that > > neither we nor the network administrators could get into once it's gone > live. Ideally it would be integrated with their current application which > is > Access 2002 FE / SQL Server 7.0 BE. > > How do I build an encrypted database that I can then lock myself out of > completely?! Without locking everyone else out too (that I've done > before). > > Management are willing to spend some money if necessary. > > TIA > > Roz > > -- -Francisco http://pcthis.blogspot.com |PC news with out the jargon! http://sqlthis.blogspot.com | Tsql and More...