Posted by Bill Karwin on 12/08/05 23:17

Martin wrote:
> What do people do when data security is important at the file level? In
> other words, you don't want anyone to be able to take the database file (or
> files) and extract data from them.

IMHO, the only way to protect a database in this way is not to give the
database to persons whom you don't want to have it.

For example, you could put the database on a hosted site that your
clients can access using only prescribed methods. Create your own
authenticated SOAP web service on your site to give access only to data
to which the client is authorized. Then you can use technology like
firewalls and HTTPS protocol to protect the database. In other words,
features aside from the RDBMS itself.

Encrypting the database is a kind of barrier to crackers, but unless you
use one-way encryption (which precludes reading the data), you simply
can't protect the data from a brute-force attack if you give the
database to the attacker. If they are motivated enough to get into that
data, they can use unlimited computational resources to crack your
encryption.

Regards,
Bill K.

[Back to original message]