August 27, 2012 at 2:25 pm
I think the subject says it all. I've noticed something with the DB that the developers here are working on (not a DB I had a hand in, but I'm being asked to make suggestions, etc) Namely, they've got some rather "sensitive" information stored un-encrypted. We've got develop this application for the lowest common denominator (read as: clients who are too cheap to buy SQL, and will be using SQL Express,) so I'd like to know if SQL Express will encrypt cell data (preferably using certificates rather than a password.)
I tried to find the feature comparison on MS, but all they have now is SQL2012, and it doesn't say one way or the other, only for TDE.
I'm going to work on getting an SQL Express instance going somewhere so I can try this out, but if I can get a quick answer, it'll save some time for me.
Thanks,
Jason A.
August 27, 2012 at 2:55 pm
I don't see anything in BOL (R2 is here: http://msdn.microsoft.com/en-us/library/bb895327%28v=sql.105%29)
However I don't see any reason why symmetric and asymmetric keys aren't available in Express. I see articles about SSL communications, so I think certificates (or keys) work. I don't have an Express edition to try it out, but if this works, you should be fine.
-- create self signed certificate
create certificate MySalaryCert
ENCRYPTION BY PASSWORD = N'UCan!tBreakThis1'
WITH SUBJECT = 'Sammamish Shipping Records',
EXPIRY_DATE = '20121231';
go
August 27, 2012 at 3:01 pm
Thanks! I always forget to check BOL...
I just completed loading up SQL Express on my PC, and will be testing this out.
Jason A.
August 28, 2012 at 10:25 am
OK, so Express can for sure encrypt by passphrase, so I'm expecting it will work by certificate as well.
Yup, it does work by certificates as well...
Once more, thank you!
Jason A.
August 28, 2012 at 10:59 am
YW. Make sure you backup certificates ASAP when you create them. Lost certificate is lost data. Period.
Make sure you secure those backup files, along with any passwords used for keys.
August 28, 2012 at 1:57 pm
Once more, thank you. I hadn't thought about what would be required to restore the DB (and still be able to access the encrypted data) until after your post.
With some Google-fooing, I tracked down an article that indicated what the steps would be over on SQLHub
Now I just need to convince the programmers (and likely management) *WHY* we need to do this. At least I think I've got one manager on my side already...
Thanks again!
Jason A.
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply