November 12, 2018 at 8:26 pm
Can I use TDE along with DDM at the same time?
Does the TDE encrypt the DDM or how does it work?
Thanks
November 13, 2018 at 6:10 am
I would expect that yes, you can use both features simultaneously.
TDE encrypts your data files AT REST while DDM "masks" the data within the column(s) specified.
TDE does *NOT* actually encrypt any particular data within your database, if I gain access to your certificate used for TDE and a copy of the database, I *WILL* be able to read any and all data within said database, UNLESS that data is actually encrypted by another tool (IE a function on the application side.)
November 14, 2018 at 9:55 am
This does work. I tested it today to verify.
TDE encrypts data at rest. When an authorized user connects and queries data, the database engine decrypts the data in memory, and that's where DDM takes over and masks the data before sending results to the client.
DDM does not encrypt or secure things. It returns masked results.
November 14, 2018 at 11:22 am
Thanks.
So that means they can use together.
I understand TDE encrypts data at rest, the mdf, ldf and backup file. It does not encrypt data in dataabase.
The DDM still works with TDE. and masks the data.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply