Posted by Simon Johnson on 06/19/70 11:53

Sav wrote:

> Hi,
>
> I'm developing a software that makes a lot of access to a MS SQL
> Server. All information in the data base is decrypted and encrypt upon
> each read and write access -- this is causing a big overload of CPU in
> my system.

Do you need to encrypt at the row level? Do different rows have
different keys?

> I'd like to implement something to make it faster so I
> wondered if there is any MS SQL Server API that would make the
> cryptography transparent for the application.

Not natively I believe. If you're using SQL Server 2005 you could embed
an assembly in to the database. This assembly that could do the
encryption "closer" to the database and doing the encryption here would
probably allow greater throughput.

> Another solution would be
> setting up an encrypted file system so I could unmount
> the device when the application finishes. The last one is not optimal
> though, since the encrypted device would have read access while
> mounted.

By this do you mean that you worry that while the drive is open, some
other application could steal the database?

I'd personally modify something like Truecrypt so that only your
application can access the information. This is probably not for the
faint of heart.

> So, I'd like to get some suggestions about tools, api's and probably
> other better solutions. Any information would be of great help.

I'd like to know more about your threat model. After all, assuming that
some user can enter and retrieve information, don't they already have
access to all the information anyway?

What assests are you trying to protect?

Simon

[Back to original message]