Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


How to hide sensitive data in SQL 2000 table


How to hide sensitive data in SQL 2000 table

Author
Message
balasach82
balasach82
SSC-Addicted
SSC-Addicted (459 reputation)SSC-Addicted (459 reputation)SSC-Addicted (459 reputation)SSC-Addicted (459 reputation)SSC-Addicted (459 reputation)SSC-Addicted (459 reputation)SSC-Addicted (459 reputation)SSC-Addicted (459 reputation)

Group: General Forum Members
Points: 459 Visits: 1079
Is there any way of hiding/encypting a data in table. SQL is 2000. Server is win2003.
Sean Lange
Sean Lange
SSCoach
SSCoach (16K reputation)SSCoach (16K reputation)SSCoach (16K reputation)SSCoach (16K reputation)SSCoach (16K reputation)SSCoach (16K reputation)SSCoach (16K reputation)SSCoach (16K reputation)

Group: General Forum Members
Points: 16626 Visits: 17024
balasach82 (10/15/2013)
Is there any way of hiding/encypting a data in table. SQL is 2000. Server is win2003.


You could encrypt your data before it hits sql.

_______________________________________________________________

Need help? Help us help you.

Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.

Need to split a string? Try Jeff Moden's splitter.

Cross Tabs and Pivots, Part 1 – Converting Rows to Columns
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs
Understanding and Using APPLY (Part 1)
Understanding and Using APPLY (Part 2)
balasach82
balasach82
SSC-Addicted
SSC-Addicted (459 reputation)SSC-Addicted (459 reputation)SSC-Addicted (459 reputation)SSC-Addicted (459 reputation)SSC-Addicted (459 reputation)SSC-Addicted (459 reputation)SSC-Addicted (459 reputation)SSC-Addicted (459 reputation)

Group: General Forum Members
Points: 459 Visits: 1079
I have few columns like SSN, Creditcard details in the table which i dont want every one who has access to the table to see. Even if they see the value it should be unrecognisable..encrypted. Can it be done?
Sean Lange
Sean Lange
SSCoach
SSCoach (16K reputation)SSCoach (16K reputation)SSCoach (16K reputation)SSCoach (16K reputation)SSCoach (16K reputation)SSCoach (16K reputation)SSCoach (16K reputation)SSCoach (16K reputation)

Group: General Forum Members
Points: 16626 Visits: 17024
balasach82 (10/15/2013)
I have few columns like SSN, Creditcard details in the table which i dont want every one who has access to the table to see. Even if they see the value it should be unrecognisable..encrypted. Can it be done?


Be VERY VERY VERY careful if you are storing credit card numbers. This is generally a very bad idea. Your company becomes liable for the security of this information.

Yes you can store encrypted data. With sql 2000 the best thing to do is to encrypt/decrypt the data outside of the database. That way the values stored are always the encrypted values and the data passing through the pipes is encrypted.

_______________________________________________________________

Need help? Help us help you.

Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.

Need to split a string? Try Jeff Moden's splitter.

Cross Tabs and Pivots, Part 1 – Converting Rows to Columns
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs
Understanding and Using APPLY (Part 1)
Understanding and Using APPLY (Part 2)
balasach82
balasach82
SSC-Addicted
SSC-Addicted (459 reputation)SSC-Addicted (459 reputation)SSC-Addicted (459 reputation)SSC-Addicted (459 reputation)SSC-Addicted (459 reputation)SSC-Addicted (459 reputation)SSC-Addicted (459 reputation)SSC-Addicted (459 reputation)

Group: General Forum Members
Points: 459 Visits: 1079
That means sql cant be used to secure the data and i have to use .NET or any other programs to get what i need.

Thanks for the reply.
lptech
lptech
Old Hand
Old Hand (347 reputation)Old Hand (347 reputation)Old Hand (347 reputation)Old Hand (347 reputation)Old Hand (347 reputation)Old Hand (347 reputation)Old Hand (347 reputation)Old Hand (347 reputation)

Group: General Forum Members
Points: 347 Visits: 3276
In the meantime, you can create a view for the table(s) with the non-sensitive columns, and lock down access to the base table for almost everybody.
Sean Pearce
Sean Pearce
Ten Centuries
Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)

Group: General Forum Members
Points: 1170 Visits: 3432
balasach82 (10/15/2013)
I have few columns like SSN, Creditcard details in the table which i dont want every one who has access to the table to see. Even if they see the value it should be unrecognisable..encrypted. Can it be done?

Are you PCI compliant?
http://www.pcicomplianceguide.org/

https://www.pcisecuritystandards.org/security_standards/index.php



The SQL Guy @ blogspot

@SeanPearceSQL

About Me
homebrew01
homebrew01
SSCrazy
SSCrazy (3K reputation)SSCrazy (3K reputation)SSCrazy (3K reputation)SSCrazy (3K reputation)SSCrazy (3K reputation)SSCrazy (3K reputation)SSCrazy (3K reputation)SSCrazy (3K reputation)

Group: General Forum Members
Points: 2980 Visits: 9071
balasach82 (10/15/2013)
I have few columns like SSN, Creditcard details in the table which i dont want every one who has access to the table to see. Even if they see the value it should be unrecognisable..encrypted. Can it be done?


You can use something like XPCRYPT to encrypt the data. It works within SQL and is simple to implement. We used it at a previous place I worked without problems. The encryption keys can be stored in a separate database with very limited access.

Since you currently have unencrypted data, I would suggest implementing something immediately. Then you can make a business decision about the best solution for your environment.



Steve Jones
Steve Jones
SSC-Dedicated
SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)

Group: Administrators
Points: 36226 Visits: 18751
Do you need to retrieve the numbers? If not, you could hash them, but again, as Sean suggested, do this in the application.

SQL 2000 has limited options. SQL 2005+ has more, but in most cases, storing credit card numbers isn't allowed by payment processors.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
homebrew01
homebrew01
SSCrazy
SSCrazy (3K reputation)SSCrazy (3K reputation)SSCrazy (3K reputation)SSCrazy (3K reputation)SSCrazy (3K reputation)SSCrazy (3K reputation)SSCrazy (3K reputation)SSCrazy (3K reputation)

Group: General Forum Members
Points: 2980 Visits: 9071
We were allowed to store CC numbers, but had to have various safeguards in place to be PCI compliant.



Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search