Posted by Erland Sommarskog on 12/09/05 21:25

Martin (0_0_0_0_@pacbell.net) writes:
> Let's say that you develop an application. This application does some
> work and needs to allow the user to save it to files. Much like MS Word
> or Photoshop let you save files. Now, the application can be best
> written if it can use database technology while doing its job. However,
> the resulting files need to be encrypted for security reasons. There
> are many possible reasons for this. One may be that you don't want your
> competition to benefit from your work product and extract data from your
> files.

I'm not sure that I understand what you're getting at, but an application
cannot on its own save data in an encrypted format, and then decrypt it.
It can save the data in an obfusticated format, to make it more difficult
to access. But to truely encrypt, you need an encryption key that must
come from elsewhere, and the same applies when you decrypt. And the keys
also will have to be protected, typically by a passphrase entered by a
user.

From this follows that it's useful to encrypt for the user's benefit, so
he can protect the data. But it is not equally useful to protect for
the benefit of the application and its author.

--
Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx

[Back to original message]