nagendrareddy.kolli (5/24/2009)
Hi,Can some one send me the article which was talking about in the below.
"Found this article useful as a newbie to encryption methods. A dept in our company has asked for an application to store sensitive information in a SQL2005 database, however they do not even want myself (DBA) and developers to see the encrypted data. From what I can gather one certificate and key can be created and used in a stored procedure to save and encrypt the data( developers would know) and another to decrypt the data. But I can see a way of how myself with the sysadmin access cannot easily decrypt the data as I will know the cert and keys. I wonder if anyone could clarify if my thinking is correct or if there is any option?"
Thanks in advance..
Nagendra
I don't think it's possible using SQL Server's native encryption toolset. By design, the DBA as sysadmin has ultimate access on the data whether encrypted or not. Ultimately, the DBA's job is to safeguard data access. If they are not trusted with that key, then I'm not sure who would...
I have had to grapple with this issue myself recently, but I haven't been able to find a way around it.
Also, let's not forget that one of the DBA's duties is data recovery in case of system failure. If DBAs are kept out of the loop of how to decrypt sensitive information, it will ultimately be their employer who will suffer (potentially catastrophic) loss of data.
__________________________________________________________________________________
SQL Server 2016 Columnstore Index Enhancements - System Views for Disk-Based Tables[/url]
Persisting SQL Server Index-Usage Statistics with MERGE[/url]
Turbocharge Your Database Maintenance With Service Broker: Part 2[/url]