Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 12»»

How to hide sensitive data in SQL 2000 table Expand / Collapse
Author
Message
Posted Tuesday, October 15, 2013 10:02 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: 2 days ago @ 6:47 AM
Points: 405, Visits: 984
Is there any way of hiding/encypting a data in table. SQL is 2000. Server is win2003.
Post #1504841
Posted Tuesday, October 15, 2013 10:28 AM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: 2 days ago @ 2:05 PM
Points: 13,327, Visits: 12,820
balasach82 (10/15/2013)
Is there any way of hiding/encypting a data in table. SQL is 2000. Server is win2003.


You could encrypt your data before it hits sql.


_______________________________________________________________

Need help? Help us help you.

Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.

Need to split a string? Try Jeff Moden's splitter.

Cross Tabs and Pivots, Part 1 – Converting Rows to Columns
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs
Understanding and Using APPLY (Part 1)
Understanding and Using APPLY (Part 2)
Post #1504854
Posted Tuesday, October 15, 2013 10:56 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: 2 days ago @ 6:47 AM
Points: 405, Visits: 984
I have few columns like SSN, Creditcard details in the table which i dont want every one who has access to the table to see. Even if they see the value it should be unrecognisable..encrypted. Can it be done?
Post #1504864
Posted Tuesday, October 15, 2013 12:08 PM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: 2 days ago @ 2:05 PM
Points: 13,327, Visits: 12,820
balasach82 (10/15/2013)
I have few columns like SSN, Creditcard details in the table which i dont want every one who has access to the table to see. Even if they see the value it should be unrecognisable..encrypted. Can it be done?


Be VERY VERY VERY careful if you are storing credit card numbers. This is generally a very bad idea. Your company becomes liable for the security of this information.

Yes you can store encrypted data. With sql 2000 the best thing to do is to encrypt/decrypt the data outside of the database. That way the values stored are always the encrypted values and the data passing through the pipes is encrypted.


_______________________________________________________________

Need help? Help us help you.

Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.

Need to split a string? Try Jeff Moden's splitter.

Cross Tabs and Pivots, Part 1 – Converting Rows to Columns
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs
Understanding and Using APPLY (Part 1)
Understanding and Using APPLY (Part 2)
Post #1504895
Posted Tuesday, October 15, 2013 1:02 PM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: 2 days ago @ 6:47 AM
Points: 405, Visits: 984
That means sql cant be used to secure the data and i have to use .NET or any other programs to get what i need.

Thanks for the reply.
Post #1504923
Posted Tuesday, October 15, 2013 1:47 PM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Thursday, December 18, 2014 2:05 PM
Points: 241, Visits: 2,294
In the meantime, you can create a view for the table(s) with the non-sensitive columns, and lock down access to the base table for almost everybody.
Post #1504954
Posted Wednesday, October 16, 2013 3:26 AM


SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Thursday, December 18, 2014 1:37 AM
Points: 997, Visits: 3,089
balasach82 (10/15/2013)
I have few columns like SSN, Creditcard details in the table which i dont want every one who has access to the table to see. Even if they see the value it should be unrecognisable..encrypted. Can it be done?

Are you PCI compliant?
http://www.pcicomplianceguide.org/

https://www.pcisecuritystandards.org/security_standards/index.php




The SQL Guy @ blogspot

@SeanPearceSQL

About Me
Post #1505118
Posted Sunday, October 20, 2013 7:26 AM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Thursday, December 11, 2014 6:43 PM
Points: 2,838, Visits: 8,570
balasach82 (10/15/2013)
I have few columns like SSN, Creditcard details in the table which i dont want every one who has access to the table to see. Even if they see the value it should be unrecognisable..encrypted. Can it be done?


You can use something like XPCRYPT to encrypt the data. It works within SQL and is simple to implement. We used it at a previous place I worked without problems. The encryption keys can be stored in a separate database with very limited access.

Since you currently have unencrypted data, I would suggest implementing something immediately. Then you can make a business decision about the best solution for your environment.



Post #1506470
Posted Sunday, October 20, 2013 9:38 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 3:11 PM
Points: 31,368, Visits: 15,837
Do you need to retrieve the numbers? If not, you could hash them, but again, as Sean suggested, do this in the application.

SQL 2000 has limited options. SQL 2005+ has more, but in most cases, storing credit card numbers isn't allowed by payment processors.







Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #1506477
Posted Sunday, October 20, 2013 10:34 AM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Thursday, December 11, 2014 6:43 PM
Points: 2,838, Visits: 8,570
We were allowed to store CC numbers, but had to have various safeguards in place to be PCI compliant.


Post #1506483
« Prev Topic | Next Topic »

Add to briefcase 12»»

Permissions Expand / Collapse