|
|
Posted by Volker Hetzer on 12/07/06 14:06
Erland Sommarskog schrieb:
> Volker Hetzer (firstname.lastname@ieee.org) writes:
>> Hm. One could have /one/ password for the set of authorized users,
>> encrypted for each user separately, with the users normal password.
>> Then the user (or his program anyway) could look up the encrypted
>> password for the user and decrypt it with the users password.
>
> I'm not sure that works with SQL Server encryption, but I would need to
> think both twice and thrice to say for sure. Then again,
> encryption/descryption could also be done client-side.
Yes, en-/decryption would be done client-side. The scenario
above just makes sure that someone who hacked himself into
the database without a legitimate password cannot access
the data.
The normal access would go like this:
given a table keys
(
table_name varchar2(32),
column_name varchar2(32),
user_name varchar2(32),
encrypted_key <some binary>
);
Access would be like this:
- select encrypted_key from keys
where
table_name='XXX'
and column_name='YYY'
and user_name='myself';
- client decrypts key with login password
- client has the key to en-/decrypt the columns
Key change presents a problem.
Lots of Greetings!
Volker
--
For email replies, please substitute the obvious.
Navigation:
[Reply to this message]
|