• Mike Good (3/23/2009)


    I don't think so. A sysadmin is always going to be able to grant herself rights required to open the key.

    So I think you'd need to use passwords instead of certificates. Nothing wrong with that, but you'll need to figure out how to securely manage the password (outside of SQL)...this was one of the big potential problem areas we were trying to avoid when we came up with the approach presented here.

    Check notes at bottom of http://blogs.msdn.com/lcris/archive/2005/12/16/sql-server-2005-yet-another-column-encryption-demo-quot-clinic-quot.aspx, where Laurentiu Cristofor answers same question.

    Thank you, I will look at that link. It seems to me that ultimately SOMEONE will need to hold the key to the treasure box, and if not the sysadmin, then who else? I wonder if there is a way to design a tamper-free auditing system around encryption, to ensure that people with admin rights are monitored. I think that may be the answer to this.

    __________________________________________________________________________________
    SQL Server 2016 Columnstore Index Enhancements - System Views for Disk-Based Tables[/url]
    Persisting SQL Server Index-Usage Statistics with MERGE[/url]
    Turbocharge Your Database Maintenance With Service Broker: Part 2[/url]