September 1, 2020 at 12:00 am
Comments posted to this topic are about the item Bypassing Dynamic Data Masking
September 1, 2020 at 6:52 am
have used dynamic masking for sensitive data, which actually works rather well.
only wish the permissions could be applied per DB object and not only on the entire db.
____________________________________________
Space, the final frontier? not any more...
All limits henceforth are self-imposed.
“libera tute vulgaris ex”
October 27, 2020 at 6:33 am
I have never been all that keen to use SQL masking because it is too easy work around by design. The fact that you can use a masked column in joins and WHERE conditions means that someone who wants to, can potentially work out what a column contains. (e.g. if you mask the salary column, you can still work out the salary for the general manager by SELECT * FROM Payroll WHERE Name = 'your gm' and salary > n... and keep repeating until you find what you are after)
Some of my use cases have been more finely grained requirements than just masking a column for all rows of a table. DDM works pretty well for the simple case, certainly, but as things get more complex, it is too limiting.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply