RE: Encrypting the entire database.

SSC Guru

Points: 172994

April 30, 2010 at 4:29 am

Joy Smith San (4/30/2010)
Many of the prior replies noted Transparent Data Encryption as an option. It was also noted that TDE encrypts the physical data files and not the data itself. The intent of this feature is to prevent someone from stealing your backup files or .mdf/.ldf files and restoring them on another server.
... This is what exactly my client's requirement.
"to prevent someone from stealing your backup files or .mdf/.ldf files and restoring them on another server."

I guess our confusion came from the part where you said no one with proper logins should be able to see the data in the database too. Which makes it more than just TDE / backup encryption.

FYI, .mdf & .ldf files can't be read while SQL Services are still going. So if someone "stole" the drive without logging into SQL or the Server first and stopping the services, then those files should be completely unreadable.

Note use of phrase "SHOULD be".

Brandie Tarvin, MCITP Database AdministratorLiveJournal Blog: http://brandietarvin.livejournal.com/[/url]On LinkedIn!, Google+, and Twitter.Freelance Writer: ShadowrunLatchkeys: Nevermore, Latchkeys: The Bootleg War, and Latchkeys: Roscoes in the Night are now available on Nook and Kindle.