[dba-SQLServer] Re: Security & encryption

Francisco Tapia fhtapia at gmail.com
Tue May 10 13:59:42 CDT 2005


Very true. unless of course your where clause would be encrypted as well 
such as:

Select dbo.udfDeCrypt(BankAccountNr, @key) Where SSN = dbo.udfEnCrypt(@SSN, 
@key)

would this key be required for all data access per use or stored in memory 
at the FE?

On 5/10/05, Ian Pettman <ian at pettman.net> wrote:
> 
>  I had a thought that may be you could encrypt the data but leave the 
> indexes unencrypted – but that would not work as it would be trivial to: 
> 
>  select BankAccountNr Where BankAccountNr = '123456789' 
> 
>  I think you have to lock the vault door – not shred the notes inside!
> 
>  HTH
> 
>  Ian
> 
>   ------------------------------
>  
> *From:* bounce-sql2k-8812377 at ls.datareturn.com [mailto:
> bounce-sql2k-8812377 at ls.datareturn.com] *On Behalf Of *Goutam Paruchuri
> *Sent:* 10 May 2005 18:58
> *To:* SQL Server 2k List
> *Cc:* roz.clarke at donnslaw.co.uk
> *Subject:* RE: Security & encryption
>  
>  Encryption concepts like PGP could work in this case. 
> 
> The best way is to encrypt the data in the database. (Though the database 
> is readable , the data would not make sense to anyone except the user using 
> the application.
> 
> As others have said, threat analysis needs to be done to enfore type of 
> security you need.. 
> 
>  - Goutam
> 
>     ------------------------------
>  
> *From:* bounce-sql2k-9077134 at ls.sswug.org [mailto:
> bounce-sql2k-9077134 at ls.sswug.org] *On Behalf Of *Francisco Tapia
> *Sent:* Tuesday, May 10, 2005 12:15 PM
> *To:* SQL Server 2k List
> *Cc:* roz.clarke at donnslaw.co.uk
> *Subject:* Fwd: Security & encryption
> 
> I'm forwarding this message on to this list because I think the author of 
> the original post would receive a better response from this group... I am 
> also curious how a dba could encrypt a whole table (or set of tables) and 
> lock themselves out of it.. :|
> 
> 
> ---------- Forwarded message ----------
> From: *Roz Clarke* <roz.clarke at donnslaw.co.uk&g t;
> Date: May 10, 2005 2:04 AM 
> Subject: Security & encryption 
> To: 
> Hi all
> 
> This may or may not be slightly OT... We have been asked by our HR
> department whether it's possible for us to build a storage facility for
> confidential data (such as salary information), that is encrypted and that 
> 
> neither we nor the network administrators could get into once it's gone
> live. Ideally it would be integrated with their current application which 
> is
> Access 2002 FE / SQL Server 7.0 BE.
> 
> How do I build an encrypted database that I can then lock myself out of 
> completely?! Without locking everyone else out too (that I've done 
> before).
> 
> Management are willing to spend some money if necessary.
> 
> TIA
> 
> Roz
> 
> 
> 


-- 
-Francisco
http://pcthis.blogspot.com |PC news with out the jargon!
http://sqlthis.blogspot.com | Tsql and More...


More information about the dba-SQLServer mailing list