January 4, 2012 at 7:24 am
Hi Guys,
Our HR department is concerned about their data which contains salary information.
They don't want us SQL DAB's to be able to see the information.
Is it possible to make some security that will prevent this but at the same time let's us administrate their database?
HOw do you handle this?
Regards
Rasmus
January 4, 2012 at 7:28 am
Encryption methods should help you.
For More: http://technet.microsoft.com/en-us/library/bb510663.aspx
January 4, 2012 at 7:32 am
Short of encrypting the data in the application layer and keeping the encryption keys somewhere away from the database, there's no way to do this.
Column encryption (with the exception of EncryptByPassPhrase) doesn't help, as the key hierarchy is part of the database and the database permissions apply to the keys and sysadmin, having all permission to all objects within the DB, can open any of the keys and decrypt any of the data.
Your options are essentially:
* Use EncryptByPassPhrase and ensure that the passphrase is not stored in the database and is never visible in profiler (harder than you may think). Note that encrypt by passphrase uses a fairly weak key
* Implement encryption and key management in the application so that only encrypted data is passed to and from the database and the keys are stored elsewhere (and key management is a whole challenge by itself)
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
January 4, 2012 at 7:34 am
Ultimately it comes down to you need to trust the guy(s) who do that job.
Doesn't matter how much security you put in place, anyone with SA access can go around it all.
There are many good ways to lock the system down, but locks only keep honest people out. 😉
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply