Please forgive me if I have overlooked a thread that answers this question, but I assure you that I have looked.
I would really appreciate a guide of sorts that would tell me the correct steps to take to properly secure a column in my database. I don't need specifics on how to do each step, I either have those already or can find them myself. In fact, I have already successfully encrypted and decrypted some data. I just want to make sure that I create the right keys and certificates and that I follow best-practices as far as backups and stuff is concerned.
Thanks,
Todd Sparks
Here are some suggestions:
- if you will need to share the same encryption key across databases or servers, make sure that you create the key using the KEY_SOURCE and IDENTITY_VALUE parameters.
- if you protect a key using a password, pay special attention to how the password is manipulated by your application and make sure it doesn't leak out. Do not hardcode passwords in your application - have the user enter them instead.
- use strong encryption algorithms. We recommend AES if you only work with Windows 2003. If you need to decrypt on other OS's, then use TripleDES. Avoid RC4.
- open the encryption keys when you need to use them and close them after you are done using them.
Thanks
Laurentiu
No comments:
Post a Comment