February 17, 2009 at 2:08 pm
Hi,
I am trying to encrypt data in a table. I found some scripts online which were useful. I would like to know what others are doing in order to encrypt credit card #s, ssn for PCI compliance.
Thanks
February 17, 2009 at 2:58 pm
There are couple of scenarios that I have seen:
1. Some orgs use SSL certificates for encryption of data that is flowing from SQL Server -> WebServers -> client.
2. As per database encrypition is concerned, in SQL Server 2005, it is providing you with good encryption.
but both of the above scenarios are not encrypting the data in the database. I have implemented one solution where, we have created one data- masking wrapper around the sentive data. lets take a small example here, SSN format : 123-12-3698
we created 3 tables - one with values from 0-999, one with 0-99 and 0-9999 and we created dummy numbers in front of every actual number. the data stored was not the actual data, it was derived from the dummy values from these tables. when the row is inserted, wrapper SP (which is imeplemented usign FOR ENCRYPTION) picks up all the values and generate a new value and instert in the table. similarly while fetch a record, it will do reverse action.
May be this well help.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply