A Fundamental Security Mistake

  • the company I work for is managing some hundred client sales applications in the pharm business. Most of these are express edition, some larger clients have workgroup edition. I'm a member of the db-development team.

    Since customer data in pharm / health care business is very sensitive, we (and most of our customers) would prefer to have stronger security on their data.

    I am with Matt on this Express does not need TDE because SQL Server Express was created to help Access users stop using Access with Asp.net 2.0 and other developers help small companies use .NET 2.0. When last I checked Pharma and Healthcare don't qualify as small companies but both industries like wasting money on a lot of other things technology not included.

    Kind regards,
    Gift Peddie

  • I could see developers writing client apps that using Compact and Express editions for holding data in flight locally. TDE may be necessary if those apps hold critical data, particularly if these apps are remote apps using replication back to a central server.

  • Lynn Pettis (12/21/2009)


    I could see developers writing client apps that using Compact and Express editions for holding data in flight locally. TDE may be necessary if those apps hold critical data, particularly if these apps are remote apps using replication back to a central server.

    SQL Server 2005 and up comes with standard .NET encryption which allows sensitive data to be encrypted as needed not the whole database.

    Kind regards,
    Gift Peddie

  • If it can be done transparently at the database level there may be a better chance of developers making use of the technology when it is needed without specialized coding.

  • Lynn Pettis (12/21/2009)


    If it can be done transparently at the database level there may be a better chance of developers making use of the technology when it is needed without specialized coding.

    We are talking the same thing SQL Server 2005 and up comes with DPAPI check the links below there is T-SQL code in the first link.

    http://msdn.microsoft.com/en-us/library/ms179331(SQL.90).aspx

    http://msdn.microsoft.com/en-us/library/ms189586(SQL.90).aspx

    Kind regards,
    Gift Peddie

  • As far as I am concerned encryption and data security should be present in all editions.

    I can understand the lesser editions having limits on CPU and RAM they can use.

    I can understand that certain features are omitted from the lower editions.

    Some feature omissions really annoy me.

    1. Replication. I want to publish/subscribe on all editions even if I can't distribute.

    2. Partitioning. I could understand some limitation on partitioning but the need for it is defined by database size rather than the edition.

    3. Security as mentioned above

    I don't mind a lower edition of SQL Server having a slower performing feature than Enterprise Edition (providing this doesn't apply to management studio) but omitting the feature all together seems a little harsh.

  • I know, and you have to explicitly code for the encryption, you can't just encrypt the database like you can with TDE in SQL Server 2008 EE. That is what we are talking about, that TDE should, perhaps, be available at all levels of the product not just EE.

  • Lynn Pettis (12/21/2009)


    I know, and you have to explicitly code for the encryption, you can't just encrypt the database like you can with TDE in SQL Server 2008 EE. That is what we are talking about, that TDE should, perhaps, be available at all levels of the product not just EE.

    Express cannot have it because Express is used by people not database skilled but needs to persist their data in a database. TDE in Express will cause more problem than solve for a product that does not generate any revenue.

    Kind regards,
    Gift Peddie

  • Standard answer here, It Depends. I would not have it as a default, but a development team working on a distributed app may see the usefulness of using TDE to encrypt an express edition database that is written for a specific application that must retain confidential data on the client.

  • Lynn Pettis (12/21/2009)


    I know, and you have to explicitly code for the encryption, you can't just encrypt the database like you can with TDE in SQL Server 2008 EE. That is what we are talking about, that TDE should, perhaps, be available at all levels of the product not just EE.

    I'd agree with you if there was any way to prevent the laptop owner from just making themselves the owner of the database. There isn't so TDE would never work for securing local data. Making your code encrypt the data locally (so that the database cannot just open the stuff up once you get into SSMS) is the only viable solution for any semblance of security on a laptop. Any yes - you'd have to built the key right into your code, so it's not easy to get a hold of.

    That's the thing - convenient secure encryption ain't either.

    ----------------------------------------------------------------------------------
    Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?

  • Lynn Pettis (12/21/2009)


    Standard answer here, It Depends. I would not have it as a default, but a development team working on a distributed app may see the usefulness of using TDE to encrypt an express edition database that is written for a specific application that must retain confidential data on the client.

    I actually think a distributed application team should look into RMO (replication management object) and take care of security there or use the many encryption tools in the platform.

    Kind regards,
    Gift Peddie

  • It isn't an end all or silver bullet. But that doesn't mean it isn't something that can be enhanced and further developed to enhance the security of local databases.

    Have to remember, locks only keep honest people honest.

  • Lynn Pettis (12/21/2009)


    It isn't an end all or silver bullet. But that doesn't mean it isn't something that can be enhanced and further developed to enhance the security of local databases.

    Have to remember, locks only keep honest people honest.

    You are right I agree on that.

    Kind regards,
    Gift Peddie

  • Steve

    May I suggest that you post your suggestion on the MS Connect site at https://connect.microsoft.com/dashboard/?wa=wsignin1.0 and post the URL of your suggestion to this thread.

    Anybody with a Microsoft Live / Hotmail account can vote for your suggestion. I can see the Wisdom of your suggestion and would vote for it.

    I also suggest that you post a note on the Free-For-All section of forums.asp.net. This will reach a large number of people who use SQL Express.

  • Lynn Pettis (12/21/2009)


    It isn't an end all or silver bullet. But that doesn't mean it isn't something that can be enhanced and further developed to enhance the security of local databases.

    Have to remember, locks only keep honest people honest.

    Agreed - I just prefer to have locks on the back door AND the front door before I call it "secure". I'd hate to think of anyone using this to secure, say - our medical records (e.g. visitng nurse, etc..) or anything financial.

    ----------------------------------------------------------------------------------
    Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?

Viewing 15 posts - 16 through 30 (of 49 total)

You must be logged in to reply to this topic. Login to reply