September 26, 2013 at 12:07 pm
I have some sensitive, Executive payroll tables that I would like to restrict access to, including from the System Administrator. I can't restrict by User Groups because the SA could add himself to the Group and gain access. Is there a way to password protect or encrypt or hide or explicitly use DENY to these tables to keep the SA, and any other unauthorized users, from seeing the data? I have security in the application, but I need a way to keep users from connecting to the server and accessing these tables with Crystal Reports, Excel, etc.
September 26, 2013 at 12:31 pm
Only if you can change the code that accesses the tables. If you can control the code, and have users enter a password, you can use symmetric/asymmetric encryption to secure this data and prevent sysadmins from viewing the data.
September 26, 2013 at 12:54 pm
Passwords should not be stored encrypted, they should be stored hashed. One-way cryptographic hash. There is no need to ever unencrypt a password. Hash whatever is entered and compare, don't decrypt what is stored and compare.
Of course, that requires changing the code that checks the passwords and the table design. If you can't do both, there's little to nothing you can effectively do.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
September 26, 2013 at 1:07 pm
Thanks for the responses. Yes, as the Developer, I can control the code. With this in mind, do you have any other suggestions? I would like to be able to do this to the entire table, not just selected columns. Does that make a difference in your thoughts?
September 26, 2013 at 1:20 pm
First, encrypting the entire table means that access is going to be slow since you have to decrypt. Indexing doesn't help, and that can be an issue. If you always perform access for just a row or two and the table isn't large, then that's fine. However, I'm not sure why you'd encrypt key columns. Usually you want to encrypt the data only that's sensitive.
The password can't ever be stored anywhere in the database or it can be compromised by the sysadmin. That's why I say this has to be controlled from the front end. You'd set this up, have the user enter a password, encrypt the data and then send it on the wire.
You could use temp keys in SQL Server as well. This isn't simple, but it's not too hard either.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply