SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


How to hide sensitive data in SQL 2000 table


How to hide sensitive data in SQL 2000 table

Author
Message
balasach82
balasach82
SSCommitted
SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)

Group: General Forum Members
Points: 1985 Visits: 1085
Is there any way of hiding/encypting a data in table. SQL is 2000. Server is win2003.
Sean Lange
Sean Lange
SSC Guru
SSC Guru (59K reputation)SSC Guru (59K reputation)SSC Guru (59K reputation)SSC Guru (59K reputation)SSC Guru (59K reputation)SSC Guru (59K reputation)SSC Guru (59K reputation)SSC Guru (59K reputation)

Group: General Forum Members
Points: 59234 Visits: 17947
balasach82 (10/15/2013)
Is there any way of hiding/encypting a data in table. SQL is 2000. Server is win2003.


You could encrypt your data before it hits sql.

_______________________________________________________________

Need help? Help us help you.

Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.

Need to split a string? Try Jeff Modens splitter.

Cross Tabs and Pivots, Part 1 – Converting Rows to Columns
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs
Understanding and Using APPLY (Part 1)
Understanding and Using APPLY (Part 2)
balasach82
balasach82
SSCommitted
SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)

Group: General Forum Members
Points: 1985 Visits: 1085
I have few columns like SSN, Creditcard details in the table which i dont want every one who has access to the table to see. Even if they see the value it should be unrecognisable..encrypted. Can it be done?
Sean Lange
Sean Lange
SSC Guru
SSC Guru (59K reputation)SSC Guru (59K reputation)SSC Guru (59K reputation)SSC Guru (59K reputation)SSC Guru (59K reputation)SSC Guru (59K reputation)SSC Guru (59K reputation)SSC Guru (59K reputation)

Group: General Forum Members
Points: 59234 Visits: 17947
balasach82 (10/15/2013)
I have few columns like SSN, Creditcard details in the table which i dont want every one who has access to the table to see. Even if they see the value it should be unrecognisable..encrypted. Can it be done?


Be VERY VERY VERY careful if you are storing credit card numbers. This is generally a very bad idea. Your company becomes liable for the security of this information.

Yes you can store encrypted data. With sql 2000 the best thing to do is to encrypt/decrypt the data outside of the database. That way the values stored are always the encrypted values and the data passing through the pipes is encrypted.

_______________________________________________________________

Need help? Help us help you.

Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.

Need to split a string? Try Jeff Modens splitter.

Cross Tabs and Pivots, Part 1 – Converting Rows to Columns
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs
Understanding and Using APPLY (Part 1)
Understanding and Using APPLY (Part 2)
balasach82
balasach82
SSCommitted
SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)

Group: General Forum Members
Points: 1985 Visits: 1085
That means sql cant be used to secure the data and i have to use .NET or any other programs to get what i need.

Thanks for the reply.
lptech
lptech
SSC Eights!
SSC Eights! (897 reputation)SSC Eights! (897 reputation)SSC Eights! (897 reputation)SSC Eights! (897 reputation)SSC Eights! (897 reputation)SSC Eights! (897 reputation)SSC Eights! (897 reputation)SSC Eights! (897 reputation)

Group: General Forum Members
Points: 897 Visits: 3440
In the meantime, you can create a view for the table(s) with the non-sensitive columns, and lock down access to the base table for almost everybody.
Sean Pearce
Sean Pearce
Hall of Fame
Hall of Fame (3.8K reputation)Hall of Fame (3.8K reputation)Hall of Fame (3.8K reputation)Hall of Fame (3.8K reputation)Hall of Fame (3.8K reputation)Hall of Fame (3.8K reputation)Hall of Fame (3.8K reputation)Hall of Fame (3.8K reputation)

Group: General Forum Members
Points: 3820 Visits: 3436
balasach82 (10/15/2013)
I have few columns like SSN, Creditcard details in the table which i dont want every one who has access to the table to see. Even if they see the value it should be unrecognisable..encrypted. Can it be done?

Are you PCI compliant?
http://www.pcicomplianceguide.org/

https://www.pcisecuritystandards.org/security_standards/index.php



The SQL Guy @ blogspot

@SeanPearceSQL

About Me
homebrew01
homebrew01
SSChampion
SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)

Group: General Forum Members
Points: 11638 Visits: 9222
balasach82 (10/15/2013)
I have few columns like SSN, Creditcard details in the table which i dont want every one who has access to the table to see. Even if they see the value it should be unrecognisable..encrypted. Can it be done?


You can use something like XPCRYPT to encrypt the data. It works within SQL and is simple to implement. We used it at a previous place I worked without problems. The encryption keys can be stored in a separate database with very limited access.

Since you currently have unencrypted data, I would suggest implementing something immediately. Then you can make a business decision about the best solution for your environment.



Steve Jones
Steve Jones
SSC Guru
SSC Guru (139K reputation)SSC Guru (139K reputation)SSC Guru (139K reputation)SSC Guru (139K reputation)SSC Guru (139K reputation)SSC Guru (139K reputation)SSC Guru (139K reputation)SSC Guru (139K reputation)

Group: Administrators
Points: 139710 Visits: 19413
Do you need to retrieve the numbers? If not, you could hash them, but again, as Sean suggested, do this in the application.

SQL 2000 has limited options. SQL 2005+ has more, but in most cases, storing credit card numbers isn't allowed by payment processors.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
homebrew01
homebrew01
SSChampion
SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)

Group: General Forum Members
Points: 11638 Visits: 9222
We were allowed to store CC numbers, but had to have various safeguards in place to be PCI compliant.



Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search