TDE in SQL 2008

  • I configured TDE but still I can see my data when I do select query. Is it not encrypted?


  • It is encrypted.

    TDE performs a real time encryption and decryption of data at the page level. Data is encrypted before it is written into the page and decrypted and read into memory. The advantage here is that your files are encrypted (you cannot access the DB by restoring it onto another machine without restoring the certificate there) while any applications that connect to your DB work as usual without the need for any changes.

    If you want to encrypt your data (wherein a SELECT query will return an encrypted value) then you'll need to use column encryption (lots of information on this blog - with some starter information available here and here)

  • does that means that any one with permissions on table can access the data even if it is encrypted?


  • Yes,

    TDE is not meant to secure data from regular select, it's meant to secure data at rest (files and backup) to avoid someone stealing your backups or active datafiles.

  • BOL explains all about TDE here

    Apress have also released a good book on the subject of encryption: Expert SQL Server 2008 Encryption

    Hope this helps,


Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply