Encrypting SQL Server Data
There's an upcoming project for which for security reasons I wish to encrypt every last row and column in the DB
Options
- Stored procedure that encrypts the data as it is being encrypted for storage
- Second stored procedure that encrypts the data as it is being decrypted for viewing
- Function(s) that does the actual encryption and decryption.
Rationale
- The sa account must be emasculated
- Too may smartasses like peeking directly into the database
- Very sensitive data beign stored that can be identified by other attributes e.g. money (The app is financial)
Caveats
- I shall NOT, repeat, NOT write any DLLs in C++ and then register them with SQL. I am not a fan of C++
- How do I mangle fields like ints and money???!!
Workarounds
- Tinker with my SQL Express Beta, memory hog as it is by wrtiting said logic in C# and System.Cryptography
Hmmm. Need to ruminate a bit more
Options
- Stored procedure that encrypts the data as it is being encrypted for storage
- Second stored procedure that encrypts the data as it is being decrypted for viewing
- Function(s) that does the actual encryption and decryption.
Rationale
- The sa account must be emasculated
- Too may smartasses like peeking directly into the database
- Very sensitive data beign stored that can be identified by other attributes e.g. money (The app is financial)
Caveats
- I shall NOT, repeat, NOT write any DLLs in C++ and then register them with SQL. I am not a fan of C++
- How do I mangle fields like ints and money???!!
Workarounds
- Tinker with my SQL Express Beta, memory hog as it is by wrtiting said logic in C# and System.Cryptography
Hmmm. Need to ruminate a bit more
posted by M @ 10:58 AM
0 Comments:
Post a Comment
<< Home