November 10, 2021 at 6:27 pm
I know that we cannot encrypt the master, model, and msdb databases; SQL won't even let you... but is there any issue with encrypting the ReportServer and ReportServerTempDB databases? I can't find any best practice for that anywhere.
Not so much CAN we do it, but SHOULD we do it is what I am asking 🙂
November 10, 2021 at 7:48 pm
If there is any data you would be upset or in trouble for if it got leaked, I would encrypt it.
My opinion - there isn't anything worth stealing in the ReportServer or ReportServerTempDB databases UNLESS you have added some custom objects inside which I would advise against.
Now, others may disagree, but I really don't see the point in encrypting those databases.
That being said, TDE adds minimal overhead, so putting it on them shouldn't have much impact to the report server.
The above is all just my opinion on what you should do.
As with all advice you find on a random internet forum - you shouldn't blindly follow it. Always test on a test server to see if there is negative side effects before making changes to live!
I recommend you NEVER run "random code" you found online on any system you care about UNLESS you understand and can verify the code OR you don't care if the code trashes your system.
November 10, 2021 at 7:57 pm
Thanks.
We're being audited and we have to explain to them why any that aren't encrypted; so for example I actually had to provide evidence that you can't do the master, model, etc. - I just showed them the SQL error literally saying you can't do those.
They oddly enough aren't interested in whether or not the data itself is sensitive.
I think I'm going to encrypt - just wanted make sure there wasn't some little-known reason not to do the ReportServer ones.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply