|
Posted by Erland Sommarskog on 12/08/05 22:48
Martin (0_0_0_0_@pacbell.net) writes:
> Is there a way to create and encrypted database file?
>
> What do people do when data security is important at the file level? In
> other words, you don't want anyone to be able to take the database file
> (or files) and extract data from them.
>
> Ideally, I want a file the is absolutely encrypted on disk and that is
> decrypted for data access. The problem, obviously, is that this would
> be a very costly (cpu time) approach as you couldn't create a decrypted
> image on disk (this would expose the data).
>
> Are all database systems then, non-secure?
Everything is relative. For a small database, < 50 MB, it may be possible
to encrypt it entirely and only hold the decrypted version in main
memory. Then again, memory can be dumped.
For a 1 TB databae, encryption will have to be selective. Basically,
anything you want to search on, cannot be decrypted unless you are
prepared to take very long response times.
In SQL Server 2005, there are a lot of encryption enhancements, so that
you can encrypt individual columns with asymmetric and symmettric keys.
--
Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
[Back to original message]
|