September 25, 2007 at 9:59 am
We are running SQL 2000 Database server. One of the clients wants to encrypt SQL Database. There are many third party applications use the SQL database. How to encrypt the SQL Database without requiring any changes to these third party applications. Pls help me.
Thanks in advance
September 25, 2007 at 10:16 am
You don't want to encrpyt the entire database. You'll kill performance.
Encrypt certain columns, but if you don't change the app and decrypt on the clients, you're sending unencrypted stuff on the wire.
Not sure who's still doing SQL 2000 encryption, try DBCrypt or AppSec Inc.
September 25, 2007 at 7:13 pm
thanks steve,
I want to encrypt only certain columns in SQL Database. Without require any change to the applications; how I can encrypt and decrypt the columns within SQL server side only.
September 25, 2007 at 8:24 pm
You can't... you would be sending unencrypted data over the wire. Defeats one of the two purposes of encryption altogether.
--Jeff Moden
Change is inevitable... Change for the better is not.
September 25, 2007 at 9:00 pm
Still better than nothing... but what is the cost of performance for doing this? and what is there to be gained?
September 25, 2007 at 9:25 pm
Actually, it's worse than nothing... leads folks into a false sense of security even though their data is flapping in the breeze 😉
--Jeff Moden
Change is inevitable... Change for the better is not.
September 25, 2007 at 9:27 pm
There are a few products that you can use, but it's a complicated endeavor. The way you're asking the question leads me to believe you're asking for trouble. If you don't understand the implications of encrypting data, you can get yourself into trouble.
There's free software here: http://www.sqlservercentral.com/articles/Security/freeencryption/1980/
but I'd really recommend you pick a commercial product to help you.
Netlib has one (http://www.netlib.com/sql-column-encryption-api.asp), don't see any other companies still in business.
I guess you could SSL on the wire to clients.
September 26, 2007 at 8:57 am
Thanks for your helps. I want to encrypt/decrypt only at the Server side only and few columns in the SQL Tables. I do not care about the decrypted data going thru the network. When users use SQL analyser, they should not see the encrypted data. Pls direct me to the right tools for this purpose. I need to do this ASAP.
September 26, 2007 at 8:59 am
I mean, when the users use sql analyser, they should see encrypted data, they should not be seening the actual data.
September 27, 2007 at 4:21 am
I've used ActiveCrypt for past 7 years without issue in SQL Server 2000. However like Netlib it requires increasing columns length and changing data types to stored the encrypted text. Both ActiveCrypt and Netlib use extended stored procedures and functions. When I upgraded to 2005 I switched the encryption to use native SQL 2005 encryption however like Netlib and ActiveCrypt requires modifying columns length and possible datatypes to stored the encrypted text.
I had a couple of conversations with Ingrian, they sell an appliance based device which supposedly encrypts data at rest as well as data on the wire. I do not know if it is transparent data encryption i.e. does not require modifying schema to accommodate encryption. Apparently their product is used by some of the credit card companies.
October 3, 2007 at 1:10 pm
Not sure if it's god enough for your purpose but have a look at this article:
http://www.sqlservercentral.com/articles/Security/freeencryption/1980/
Markus
[font="Verdana"]Markus Bohse[/font]
October 3, 2007 at 2:11 pm
Here is an idea...
Create views of the tables which do NOT reveal the columns. Grant access to the views. Revoke access to the tables for those users. It's the quickest and safest solution (and does not impact application performance) as long as the users don't have to have access to the tables due to an application.
Otherwise, you're looking at potentially having to recode apps/rewrite stored procedures to handle the encryption/de-encryption.
K. Brian Kelley
@kbriankelley
Viewing 12 posts - 1 through 11 (of 11 total)
You must be logged in to reply to this topic. Login to reply