March 17, 2017 at 2:12 pm
Hello All,
I have a table that has 5 encrypted columns. I'm using Symmetric Key for the encryption. Usually when I run the query I Open the Symmetric Key and then run my select statement. How do I achieve this using Views?
Below is the sample select code:
use TestDB
GO
OPEN SYMMETRIC KEY Enc_Key
DECRYPTION BY CERTIFICATE Cert_TestDB
GO
SELECT TOP 1000
[enc_Name1]
, CONVERT(char,DECRYPTBYKEY([enc_Name1])) 'DecryptedName1'
FROM [TestDB].[dbo].[Order_Det]
CLOSE SYMMETRIC KEY Enc_Key
March 17, 2017 at 3:15 pm
SSRS Newbie - Friday, March 17, 2017 2:12 PMHello All,I have a table that has 5 encrypted columns. I'm using Symmetric Key for the encryption. Usually when I run the query I Open the Symmetric Key and then run my select statement. How do I achieve this using Views?
Below is the sample select code:
use TestDB
GO
OPEN SYMMETRIC KEY Enc_Key
DECRYPTION BY CERTIFICATE Cert_TestDB
GOSELECT TOP 1000
[enc_Name1]
, CONVERT(char,DECRYPTBYKEY([enc_Name1])) 'DecryptedName1'
FROM [TestDB].[dbo].[Order_Det]CLOSE SYMMETRIC KEY Enc_Key
DECRYPTBYKEY is a scalar function. Drop all of the decryption code into a UDF and reference it in your view.
For better assistance in answering your questions, please read this[/url].
Hidden RBAR: Triangular Joins[/url] / The "Numbers" or "Tally" Table: What it is and how it replaces a loop[/url] Jeff Moden[/url]
March 19, 2017 at 8:17 am
Seems a bit crazy to do it in a view because then you have to protect the view and all that goes with it.
--Jeff Moden
Change is inevitable... Change for the better is not.
March 20, 2017 at 8:03 am
Jeff,
Can you suggest an alternative to views? Need help with this.
Thanks
March 20, 2017 at 8:36 am
You'd have to revoke privs to use the view from everyone except the group of people that are authorized to view the decrypted data. Keep in mind that (IIRC) that won't keep people with sysadmin privs from viewing the decrypted data. That brings on the larger subject of "Is your system actually secure"? For example, do you have ANY applications or non-DBA users that have sysadmin or DBO privs (just to start) and do you have things like password complexity enforcement at the Windows and SQL Server levels?
--Jeff Moden
Change is inevitable... Change for the better is not.
March 20, 2017 at 8:43 am
You still need the key open, so anyone that can't open the key will get NULLs in the view.
March 20, 2017 at 8:49 am
I do not have any applications or non-DBA users that have sysadmin or DBO privs. How can we perform CRUD operations on the encrypted table? Once I get the view working for reading the encrypted records, I plan to use it for update, delete and insert. Any suggestions to perform CRUD operation on encrypted table are welcome? Thanks for responding
March 20, 2017 at 8:59 am
What's the purpose of the view? In other words, what are you trying to accomplish?
If you use decryptbykey() in the view, you can't insert data into that field. It's the result of a function. Inserts/updates/deletes against a view only work on one table, but the columns are needed in the view, which means you'd need:
create view myview
as
select
mypk
, decrypteddata = decryptbykey(myencyryptedcolumn)
, myencryptedcolumn
from mytable
March 20, 2017 at 9:12 am
Steve,
The idea behind creating a view is to allow programmers to perform CRUD operations using views. My table has firstname, lastname and e_firstname, e_lastname columns (encrypted columns using orginal firstname, lastname columns) Can you suggest any other alternative?
Thanks
March 20, 2017 at 12:02 pm
Use two views. One for CRUD, one for display that decrypts data.
Viewing 10 posts - 1 through 9 (of 9 total)
You must be logged in to reply to this topic. Login to reply