February 9, 2013 at 2:31 am
I was serching about encryption in SQL and got one nice article.(http://blog.sqlauthority.com/2009/04/28/sql-server-introduction-to-sql-server-encryption-and-symmetric-key-encryption-tutorial-with-script/#comment-419795).
In this article the Symmetric Key and Triple DES encryption is used.But if i go to SSMS then i can see 'EncryptTestCert'(certificate used in this article) can be easily found in certificate folder and 'TestTable'(symmetric key) can be found in symmetric keys folder in SSMS under that database. So anyone who can login to SSMS can easily decrypt database by using it. So how it can be prevented? Also any other methods?
February 9, 2013 at 2:59 am
winmansoft (2/9/2013)
So anyone who can login to SSMS can easily decrypt database by using it.
Only if they have permission to open the key. The encryption is managed using standard SQL permissions.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply