Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 12»»

How to Encrypt Database Objects in SQL Server 2008R2 Expand / Collapse
Author
Message
Posted Wednesday, November 30, 2011 12:24 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Yesterday @ 7:07 AM
Points: 140, Visits: 453
I am using SQL Server 2008R2, I want to encrypt all database objects before sending these to Production.
I want this to avoid any changes in the objets in Live Environment.
What is the best way to do this and what are the pros and cons of this.
Thanks.

Azhar Iqbal
Post #1213699
Posted Wednesday, November 30, 2011 12:41 AM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Tuesday, August 19, 2014 6:53 PM
Points: 2,013, Visits: 1,589
I am recommending a lengthy but good article below. It will help you narrow down the term Encryption (for database / column etc.)

Database Encryption in SQL Server 2008 Enterprise Edition
http://msdn.microsoft.com/en-us/library/cc278098(v=SQL.100).aspx


Dev

Devendra Shirbad | BIG Data Architect / DBA | Ex-Microsoft CSS (SQL 3T)
*** Open Network for Database Professionals ***

LinkedIn: http://www.linkedin.com/in/devendrashirbad
Post #1213702
Posted Wednesday, November 30, 2011 10:22 PM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Today @ 3:46 AM
Points: 1,101, Visits: 5,286
azhar.iqbal499 (11/30/2011)

I want this to avoid any changes in the objets in Live Environment.

You have to consider permissions also. Grant minimum permission to the users.
By revokeing ALTER permission, you can avoid changes.
Post #1214345
Posted Thursday, December 1, 2011 12:06 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Yesterday @ 7:07 AM
Points: 140, Visits: 453
I have implemented TDE at Database. I want to test the TDE. What is the procedure of this. Should I create new user for this or should I take backup to test.
Please help
Post #1214372
Posted Thursday, December 1, 2011 12:20 AM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Today @ 3:46 AM
Points: 1,101, Visits: 5,286
azhar.iqbal499 (12/1/2011)
I have implemented TDE at Database. I want to test the TDE. What is the procedure of this. Should I create new user for this or should I take backup to test.
Please help

TDE will not prevent valid users from altering the objects.
So creating new user is not required.

Yes, backup/restore test you should do.


Post #1214380
Posted Thursday, December 1, 2011 12:54 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Yesterday @ 7:07 AM
Points: 140, Visits: 453
I have created TDE from sa user and I logged in with another user with same rights. But all DB objects were looking unencrypted.
My Question is that When this database would be uploaded at Liver Server then how it would be protected from attacks. Should I use other users for this? I want to test these scenarios at dev environment before shift it to Live.
I think you understand my Question.
Thanks for reply.
Post #1214397
Posted Thursday, December 1, 2011 2:02 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: 2 days ago @ 2:20 AM
Points: 5,231, Visits: 5,106
i think the question is, how do you get the padlock on objects like some 3rd parties do, one example is LiteSpeed, where the properties of the object show as Encrypted and you cannot right click and modify the object via SSMS or by doing a sp_helptext on the object



Want an answer fast? Try here
How to post data/code for the best help - Jeff Moden
Need a string splitter, try this - Jeff Moden
How to post performance problems - Gail Shaw
CrossTabs-Part1 & Part2 - Jeff Moden
SQL Server Backup, Integrity Check, and Index and Statistics Maintenance - Ola Hallengren
Managing Transaction Logs - Gail Shaw
Troubleshooting SQL Server: A Guide for the Accidental DBA - Jonathan Kehayias and Ted Krueger

Post #1214412
Posted Thursday, December 1, 2011 7:21 AM


SSC-Forever

SSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-Forever

Group: General Forum Members
Last Login: Today @ 4:28 PM
Points: 43,028, Visits: 36,193
azhar.iqbal499 (12/1/2011)
I have created TDE from sa user and I logged in with another user with same rights. But all DB objects were looking unencrypted.


Yes, because TDE is encryption of the database file to prevent people from attaching it on other servers. Nothing whatsoever to do with the objects in the DB.



Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #1214610
Posted Thursday, December 1, 2011 7:24 AM


SSC-Forever

SSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-Forever

Group: General Forum Members
Last Login: Today @ 4:28 PM
Points: 43,028, Visits: 36,193
anthony.green (12/1/2011)
i think the question is, how do you get the padlock on objects like some 3rd parties do, one example is LiteSpeed, where the properties of the object show as Encrypted and you cannot right click and modify the object via SSMS or by doing a sp_helptext on the object


Just bear in mind that is not encryption. It's nothing more than a bit of obfuscation and extra checks by SQL. It's trivial to reverse.



Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #1214614
Posted Thursday, December 1, 2011 10:08 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Yesterday @ 7:07 AM
Points: 140, Visits: 453
Thanks.
I just want to save my database from any user at live, In case if He would be able to reach the database then He must not be able to see the code of database objects.
So What security meausres should I take to acheive this goal.

Thanks
Post #1215118
« Prev Topic | Next Topic »

Add to briefcase 12»»

Permissions Expand / Collapse