Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > SQL Server > SQL Server 2000 > SQL Server 2000
Password Reminder
Register
| FAQ | Members List | Search | Today's Posts | Mark Forums Read
SQL Server 2000 General discussion of Microsoft SQL Server -- for topics that don't fit in one of the more specific SQL Server forums. version 2000 only. There's a new forum for SQL Server 2005.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the SQL Server 2000 section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old March 9th, 2008, 08:03 PM
Authorized User
 
Join Date: Nov 2005
Location: lima, lima, Peru.
Posts: 18
Thanks: 0
Thanked 0 Times in 0 Posts
Default Protect sensitive data

Hi:

I need to protect some sentitive data in sql server 2000, I want to know which are the best ways to protect the data, but query the data to show in reports as well.


Thanks in advance.


Reply With Quote
  #2 (permalink)  
Old March 9th, 2008, 11:04 PM
Authorized User
 
Join Date: Jun 2003
Location: Colombo 04, WP, Sri Lanka.
Posts: 15
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to Preethi Send a message via Yahoo to Preethi
Default

In SQL 2000, you don't have the built in feature of encryption. You can still encrypt using your own method, which may cause not only performance issues but also manageability issues and I will strongly discourage you in moving in that path.
Why don't you separate the information and restrict access? Allow the reports to use a privileged connection to extract the data.


G.R.Preethiviraj Kulasingham
Reply With Quote
  #3 (permalink)  
Old March 10th, 2008, 07:44 AM
Friend of Wrox
Points: 1,536, Level: 15
Points: 1,536, Level: 15 Points: 1,536, Level: 15 Points: 1,536, Level: 15
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Oct 2006
Location: , MI, USA.
Posts: 475
Thanks: 0
Thanked 9 Times in 9 Posts
Default

Unless you are a very skilled cryptogropher, never ever try to build your own. Takes amost nothing to crack most home grown attempts.

I believe the SDK for SQL Server comes with a method for encryption, but if I really needed to do encryption correctly, I'd buy certified 3rd part software to do it.

--Jeff Moden
Reply With Quote
  #4 (permalink)  
Old March 12th, 2008, 10:19 AM
Authorized User
 
Join Date: Nov 2005
Location: lima, lima, Peru.
Posts: 18
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi Jeff:

I am planning to do the following:
1. implement AES in a sql server user function.
2. implement a key management system in another enviroment, I've got two ISP. I am thinking of set up a web service in one of them and consume it through ssl and restrict only calls from the other ISP.
3. create a daily key in a private database where the web service will reside, then those will be used in the other system as an inout to encrypt the sensitive data.

I just want to know your comments for these solution, and if you can give me some advice on how to make it secure. Also how I can generate these keys.


Reply With Quote
  #5 (permalink)  
Old April 11th, 2008, 11:56 PM
Friend of Wrox
 
Join Date: Aug 2004
Location: Orange County, CA, USA.
Posts: 385
Thanks: 0
Thanked 0 Times in 0 Posts
Default

The encryption that comes with SQL is extremely week.

Externally accessible third party tools are generally the best.

Ideally I try to add my own salt(cryptogrophy term) in addition to the external tool. Thus if someone has a crack for your third party tool, you additional layer adds just a bit more confusion to the would be hacker.

The feds outlawed certain encryption routines until they had a way of decrypting them. This will frustrate these methods if the wrong parties try to read your stuff. But everything can be cracked given enough force and time.

Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Case sensitive search prabodh_mishra SQL Server 2000 6 June 10th, 2008 04:54 AM
Case Sensitive hymavathy_kr VB Databases Basics 1 August 10th, 2007 06:43 AM
Prevent sensitive data to be written on HDD narkobaron Visual C++ 0 April 12th, 2007 10:35 AM
how to protect data base Rajesh Pachouri Pro VB 6 1 September 23rd, 2006 03:33 AM
Protect input-field from entering data rvw Javascript How-To 4 October 22nd, 2003 05:40 AM



All times are GMT -4. The time now is 02:20 AM.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.