Wrox Programmer Forums
|
SQL Server 2000 General discussion of Microsoft SQL Server -- for topics that don't fit in one of the more specific SQL Server forums. version 2000 only. There's a new forum for SQL Server 2005.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the SQL Server 2000 section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old March 9th, 2008, 08:03 PM
Authorized User
  
Join Date: Nov 2005
Posts: 18
Thanks: 0
Thanked 0 Times in 0 Posts
Default Protect sensitive data
Hi:

I need to protect some sentitive data in sql server 2000, I want to know which are the best ways to protect the data, but query the data to show in reports as well.


Thanks in advance.
 
Old March 9th, 2008, 11:04 PM
Authorized User
  
Join Date: Jun 2003
Posts: 15
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to Preethi Send a message via Yahoo to Preethi
Default
In SQL 2000, you don't have the built in feature of encryption. You can still encrypt using your own method, which may cause not only performance issues but also manageability issues and I will strongly discourage you in moving in that path.
Why don't you separate the information and restrict access? Allow the reports to use a privileged connection to extract the data.


G.R.Preethiviraj Kulasingham
 
Old March 10th, 2008, 07:44 AM
Friend of Wrox
  
Join Date: Oct 2006
Posts: 475
Thanks: 0
Thanked 9 Times in 9 Posts
Default
Unless you are a very skilled cryptogropher, never ever try to build your own. Takes amost nothing to crack most home grown attempts.

I believe the SDK for SQL Server comes with a method for encryption, but if I really needed to do encryption correctly, I'd buy certified 3rd part software to do it.

--Jeff Moden
 
Old March 12th, 2008, 10:19 AM
Authorized User
  
Join Date: Nov 2005
Posts: 18
Thanks: 0
Thanked 0 Times in 0 Posts
Default
Hi Jeff:

I am planning to do the following:
1. implement AES in a sql server user function.
2. implement a key management system in another enviroment, I've got two ISP. I am thinking of set up a web service in one of them and consume it through ssl and restrict only calls from the other ISP.
3. create a daily key in a private database where the web service will reside, then those will be used in the other system as an inout to encrypt the sensitive data.

I just want to know your comments for these solution, and if you can give me some advice on how to make it secure. Also how I can generate these keys.
 
Old April 11th, 2008, 11:56 PM
Friend of Wrox
  
Join Date: Aug 2004
Posts: 385
Thanks: 0
Thanked 0 Times in 0 Posts
Default
The encryption that comes with SQL is extremely week.

Externally accessible third party tools are generally the best.

Ideally I try to add my own salt(cryptogrophy term) in addition to the external tool. Thus if someone has a crack for your third party tool, you additional layer adds just a bit more confusion to the would be hacker.

The feds outlawed certain encryption routines until they had a way of decrypting them. This will frustrate these methods if the wrong parties try to read your stuff. But everything can be cracked given enough force and time.





Similar Threads
Thread Thread Starter Forum Replies Last Post
Case sensitive search prabodh_mishra SQL Server 2000 6 June 10th, 2008 04:54 AM
Case Sensitive hymavathy_kr VB Databases Basics 1 August 10th, 2007 06:43 AM
Prevent sensitive data to be written on HDD narkobaron Visual C++ 0 April 12th, 2007 10:35 AM
how to protect data base Rajesh Pachouri Pro VB 6 1 September 23rd, 2006 03:33 AM
Protect input-field from entering data rvw Javascript How-To 4 October 22nd, 2003 05:40 AM




Contact Us - Wrox - Privacy Statement - Top

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.