RE: Encrypt the whole database

SSC Guru

Points: 323504

April 21, 2010 at 10:08 am

solid advice so far; I agree with everyone above that encryption should be selective to specific items.

think it through a little though:

Is it not true that if EVERY field is encrypted, The entire all the scherma/current table structure gets thrown out and replaced.

I think that you could no longer use ANY reporting tool to generate reports. NONE. no SSMS, crystal, excel, nothing. everything has to go thru your applications biz layer to decrypt all the fields.

if you got carried away and also encrypt the Primary keys/foreign keys, you obfuscate the data so your developers can't even find the data easily.

if you don't get so carried away, and you only change VARCHAR columns to varbinary columns so they can be encrypted, that's going to at least leave stuff in place os developerss can see the relational schema.

since everything is encrypted, all queries are going to be poorly performing table scans, since the old index on "Lastname" would be dropped because you wouldn't/couldn't index the encrypted values. most indexes get thrown away.

Lowell

--help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!