Post reply

Encrypting the Data and Retriving it

  • November 26, 2001 at 3:33 am

    #77561

    Does anybody knows how to store the data in and encrypted form in the table and retrieve it in the decrypted format.


    Yuvraj Pingale
    @Mumbai

  • November 26, 2001 at 4:06 am

    #420378

    You might want to have a look at this related thread: http://www.sqlservercentral.com/forum/topic.asp?TOPIC_ID=950&FORUM_ID=8&CAT_ID=1&Topic_Title=how%20to%20decrypt%20data%20from%20sql%20server&Forum_Title=T-SQL.

    (There are other threads which deal with this as well, as well as several articles). For my part, we used crypto.dll for credit card info. This algorithm is based on an XOR function and was converted to a com dll (calls to a com dll from a stored proc can be done using the SP_OA procedures). It is breakable, but provides a sufficient barrier to wandering developers eyes in the database.

    If you want this dll/algorithm, do a search for it on the MS site - I think that's where we got it from.

    Paul Ibison

    Paul.Ibison@btinternet.com


    Paul Ibison
    Paul.Ibison@replicationanswers.com

  • November 26, 2001 at 8:48 am

    #420386

    I have an article discussing why this is a bad idea coming next month. Bascially, there are tons of ways you can encrypt data, pick up Bruce Schneier's book "Applied Cryptography" if you want to write your own. Otherwise, I'd recommend purchasing some 3rd party DLL to do the work. Keep in mind, however, that if you do not encrypt at the client, the clear text passes across the network. Encrypting at the server only slightly increases the security.

    Also, keeping track of the keys is the hard part. If someone wanted to read the data, it would be easier to try and "get" the key than decode the data for most people. But don't lose the key (you might lose your job).

    Steve Jones

    steve@dkranch.net

  • November 28, 2001 at 1:04 pm

    #420470

    SQL2K supports SSL and SQL7 had multiprotocol for encryption, provided client and server both are configured correctly, but Steve's right. There are a ton of relatively secure, easy to implement encryption methods out there. Schneier's book has C source code for many of them in the appendecies.

    K. Brian Kelley

    bk@warpdrivedesign.org

    http://www.sqlservercentral.com/columnists/bkelley/

    K. Brian Kelley
    @kbriankelley

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply