March 10, 2010     |
Home
FAQs
       SQL Server FAQ
       SQL Injection FAQ
       SQL Security Checklist
       SQL Server-Related Products
       SQL Server/MSDE-Based Applications
       SQL Server Version Database
Tools
       Lockdown Script
       Free Tools
       Free Analysis
       Group Policy Templates
       Commercial Tools
Community
       Discussions
       Links
About
Search
Network Toaster
SQL Security Forums
Note: SQLSecurity.com does not allow nor require registration due to privacy concerns for users. SQLSecurity.com is open and anonymous for all. Please report any abuse or profanity.
Forums > Discussions > SQL Server Security
Subject: encryption
Prev Next
Add Reply

Author Messages
tip
09/11/2001 4:29 AM Quote Reply Alert 
i want to encrypt the data of a column in my database. but the important point nobody should decrypt the encrypted data (also sql administrator)
Chip Andrews
01/01/2001 12:00 AM Quote Reply Alert 
The answer is to place the key in a location inaccessable to the SQL Administrator. In other words, placing the key in the database would be a mistake. In your case, I recommend you do the encryption using middle tier COM components on the IIS servers or other other location and then place only the encrypted data into the database. This way, a SQL admin cannot gain access to the key as long as he does not have admin access to the IIS servers and the key location on those servers. Chip
Chris Bullock
09/17/2001 12:14 PM Quote Reply Alert 
Does anyone have any good suggestions on encrytping entire data within a SQL 7.0 SP1 database? I want to do it so as not to cause a re-write of any proprietary specific code as well.
Add Reply
Forums > Discussions > SQL Server Security > encryption
Quick Reply
Username:  
Subject:  
Body:
 



ActiveForums 3.6
Copyright 1999 by Chip Andrews   |  Privacy Statement  |  Terms Of Use