Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
amit002
Starting Member
3 Posts |
 Posted - 2004-07-09 : 02:04:02
|
| We want to encrypt our entire database in SQL Server using RC4 algorithm.We have achieved this database encryption .But we are facing a new problem.We want to use the database for insert ,update,delete operations .Also we want to use data via select queries etc.But we do not want to use a middle tier which can exchange data between our application and the database.We also do not want to decrypt the database while modifying/using it because it will defeat the purpose of encryption.What shall we do to ensure usage of encryted database while not modifying either the front end application nor using a middle tier?Can we go beyond the limits of SQL Server? |
|
|
Wanderer
Master Smack Fu Yak Hacker
1168 Posts |
Posted - 2004-07-09 : 03:31:30
|
| You are encrypting the database via a 3rd party tool? Is the database available from a SQL server point of view, i.e. EM?As long as it is, and you have an authorized users, you should be able to select, but that data would necessarily still be encrypted.It sounds to me like you want to use stored procedure to do all your data access, and have your decryption happen in the SP, so that it can receive and send "decrypted" data to the application. However, that might be unacceptable to you from a security point of view. In that case, you will need to do the decryption in your application - which is something you said you don't want to do.BTW - do you have encryption on your network? I hear it isn't particularly strong, but it is another layer to help remove simple sniffing.I'll be interested to see what other people have to say redards this.BTW - performance may well be AWFUL with all of this encryption.*##* *##* *##* *##* Chaos, Disorder and Panic ... my work is done here! |
 |
|
|
amit002
Starting Member
3 Posts |
Posted - 2004-07-09 : 03:46:49
|
No not that.I want something which can be enjected in the communication process of sql and my application. Is there anything which can leave the data encrypted on the system while providing the decrypted data to my apps. I don't want to use any objects of the SQL. I want to have something which can intercept the communication and do as i want.quote:
Originally posted by Wanderer
You are encrypting the database via a 3rd party tool? Is the database available from a SQL server point of view, i.e. EM?As long as it is, and you have an authorized users, you should be able to select, but that data would necessarily still be encrypted.It sounds to me like you want to use stored procedure to do all your data access, and have your decryption happen in the SP, so that it can receive and send "decrypted" data to the application. However, that might be unacceptable to you from a security point of view. In that case, you will need to do the decryption in your application - which is something you said you don't want to do.BTW - do you have encryption on your network? I hear it isn't particularly strong, but it is another layer to help remove simple sniffing.I'll be interested to see what other people have to say redards this.BTW - performance may well be AWFUL with all of this encryption.*##* *##* *##* *##* Chaos, Disorder and Panic ... my work is done here!
|
|
|
|
Wanderer
Master Smack Fu Yak Hacker
1168 Posts |
Posted - 2004-07-09 : 04:02:22
|
| Hmm - seems exactly like this thread :http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=37271As I said there - I've never heard of something doing this, BUT I suppose it might be possible... but it would definitely be a "layer" between your components and your database, imho*##* *##* *##* *##* Chaos, Disorder and Panic ... my work is done here! |
|
|
|
|
|
|
|
|
Database Encryption