TDE in SQL 2008

  • Ahmad Osama

    SSCertifiable

    Points: 7676

    I configured TDE but still I can see my data when I do select query. Is it not encrypted?

    Regards,
    [font="Verdana"]Sqlfrenzy[/font]

  • winash

    SSChampion

    Points: 11446

    It is encrypted.

    TDE performs a real time encryption and decryption of data at the page level. Data is encrypted before it is written into the page and decrypted and read into memory. The advantage here is that your files are encrypted (you cannot access the DB by restoring it onto another machine without restoring the certificate there) while any applications that connect to your DB work as usual without the need for any changes.

    If you want to encrypt your data (wherein a SELECT query will return an encrypted value) then you'll need to use column encryption (lots of information on this blog - http://blogs.msdn.com/b/lcris/ with some starter information available here and here)

  • Ahmad Osama

    SSCertifiable

    Points: 7676

    does that means that any one with permissions on table can access the data even if it is encrypted?

    Regards,
    [font="Verdana"]Sqlfrenzy[/font]

  • Oliiii

    SSCertifiable

    Points: 5328

    Yes,

    TDE is not meant to secure data from regular select, it's meant to secure data at rest (files and backup) to avoid someone stealing your backups or active datafiles.

  • RichardDouglas

    SSCarpal Tunnel

    Points: 4029

    BOL explains all about TDE here

    Apress have also released a good book on the subject of encryption: Expert SQL Server 2008 Encryption

    Hope this helps,
    Rich

    [p]
    [/p]

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply