August 13, 2013 at 7:03 am
The system I am helping maintain must store SSNs - no choice there. What's the best way/practice to store this? I imagine I probably want to encrypt it somehow in the field properties?
If it helps with suggestions, this is an internal app - the data will never be exposed to the outside world.
Thanks!
August 13, 2013 at 7:07 am
RedBirdOBX (8/13/2013)
If it helps with suggestions, this is an internal app - the data will never be exposed to the outside world.Thanks!
You mean never intentionally. 😀 You need to store this type of data encrypted. http://technet.microsoft.com/en-us/library/bb934049.aspx
_______________________________________________________________
Need help? Help us help you.
Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.
Need to split a string? Try Jeff Modens splitter http://www.sqlservercentral.com/articles/Tally+Table/72993/.
Cross Tabs and Pivots, Part 1 – Converting Rows to Columns - http://www.sqlservercentral.com/articles/T-SQL/63681/
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs - http://www.sqlservercentral.com/articles/Crosstab/65048/
Understanding and Using APPLY (Part 1) - http://www.sqlservercentral.com/articles/APPLY/69953/
Understanding and Using APPLY (Part 2) - http://www.sqlservercentral.com/articles/APPLY/69954/
August 13, 2013 at 9:31 am
I believe TDE really only protects against the smash-and-grab risk. People with SELECT permission on the table can still access the data - it's transparent to them. If you want to store it encrypted, start here: http://technet.microsoft.com/en-us/library/bb964742%28v=sql.100%29.aspx TDE also requires Enterprise Edition, which not everyone has the luxury of working with.
In a nutshell, you'll need to create keys and then encrypt the data using the keys. A simple word of advice if you decide to go this route is to backup your keys. There are commands to do this referenced in the above page, but I prefer to also keep the SQL statements I use to originally create the key. This way, I know I can recreate the key when needed. I was burned by this once and I vowed it wouldn't happen to me again.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply