December 2, 2009 at 2:35 am
Hi,
I have a requirement given to me to encrpyt the contents of data within one field in a SQL 2000 DB. As usual with a business set up there are restrictions and caveates that make the task more 'interesting'! These are:
-- I cannot touch the code that prepares the SQL for insert - we are just given the unencrypted text via a SQL insert - hence the idea of a trigger
-- I need two way encryption/decryption (it needs to be decrypted to present back to users of the application
-- The decryption part I can control - though it is presented via RS 2000 so not necessarily so straight forward.
-- the solution would ideally be lightweight in that I don't want to have to install a full blown solution or suite of tools for this seemingly minor task
My 'plan' at the moment is to use a trigger on the insert (and SP on the fetch) and drop into the shell to execute the encryption exe (or similar). Is this madness?! Alternatively does anyone know a method (i.e. UDF or SP) that already has a strong encryption routine (DES?) so I am not re-inventing the wheel?
I realise also that there may be security issues around how/where the 'key' part of the encryption is stored - so any advice keenly sought.
Sorry if it sounds a bit vague - as normal I am operating with hands slightly tied by infrastructure set up and policies, so the 'ideal' solution is not really available!
Cheers in advance!
December 2, 2009 at 9:42 am
First I think an instead of trigger might be just the thing to control the insert and manipulate the data..
Second I think this might be what you are looking for as far as encryption tools:
http://www.sqlservercentral.com/articles/SQLServerCentral/sqlserver2000encryptiontools/2344/
And here:
http://www.sqlservercentral.com/articles/Security/sql2000dbatoolkitpart1/2361/
With the code here:
http://www.sqlservercentral.com/columnists/mcoles/DBAToolkit.zip
CEWII
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply