September 18, 2008 at 9:37 am
Hi,
I'm using SQL Server 2005 and want to take benefit of SQL Server 2005 encryption capabililties.
I would like to crypt some sensitive data in a table.
We use to access data only through SPs which are called automatically by external programs.
I was wondering how secure it was to crypt / encrypt from a stored procedure as it seems that all Encryption functions need some kind of password.
I could encrypt the SP itself but you can find so many tools to decrypt SPs that it does not seem a very secure solution.
Does anyone has an idea on the way to secure the data in this case ? Use of CLR function or Extended SPs or anything else that I did not think about ?
I don't want the encryption to be managed by the application but only at SQL Server level...
Thanks
September 23, 2008 at 9:36 pm
Depends on the situation, but if this is in-house and you aren't sending the SP out to anyone then just grant execute rights on it. If you don't want sysadmins to see the SP either then I'm not sure that it is possible.
September 24, 2008 at 7:38 am
I find this to be one of the failings of SQL Server encryption. My personal opinion is that you should handle encryption in the application, I know you don't want to do that, but I think it's the best place. If you are encrypting/decrypting in the database then the data is not secured between application and database.
If you really want it in the DB then I'd go with the CLR.
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply