Hello,
We have a requirement to encrypt our database so that us
DBA cannot read the infomation on it.
Can anyone point me to resource that will help us do this.
MYou cannot "encrypt a database" -- you can encrypt some of the data in the
database. But the application(s) that read and write the data should
probably handle that. The app can use the MS Crypto API for that ...
http://msdn.microsoft.com/library/d...>
cryptapi.asp
Adam Machanic
SQL Server MVP
http://www.sqljunkies.com/weblog/amachanic
--
"Moira" <anonymous@.discussions.microsoft.com> wrote in message
news:046101c4fa4c$a3be1b20$a501280a@.phx.gbl...
> Hello,
> We have a requirement to encrypt our database so that us
> DBA cannot read the infomation on it.
> Can anyone point me to resource that will help us do this.
> M|||Thanks Adam.
>--Original Message--
>You cannot "encrypt a database" -- you can encrypt some
of the data in the
>database. But the application(s) that read and write the
data should
>probably handle that. The app can use the MS Crypto API
for that ...
>http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/dncapi/html/msdn_cryptapi.asp
>
>--
>Adam Machanic
>SQL Server MVP
>http://www.sqljunkies.com/weblog/amachanic
>--
>
>"Moira" <anonymous@.discussions.microsoft.com> wrote in
message
>news:046101c4fa4c$a3be1b20$a501280a@.phx.gbl...
this.[vbcol=seagreen]
>
>.
>|||Moira wrote:
> Hello,
> We have a requirement to encrypt our database so that us
> DBA cannot read the infomation on it.
> Can anyone point me to resource that will help us do this.
>
You may try putting your MDF and LDF on a Windows EFS volume. It
essentially encrypts your file so that only the account "owner" of the
volume can read the file. SQL Server should be using that "owner"
account. There is a big performance hit though. But if you want to
secure your files from being "hijacked" by a system admin or restored
elsewhere, then this may be a solution. However, I cannot see how you
can keep a DBA out of the DB without having "DBA" expertise, at least
not without resorting to encrypting the data before it gets stored in
the DB...as described in other places
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment