Post reply

Securing Data

  • November 11, 2008 at 11:17 pm

    #195940

    Hi,

    My problem is that i have a table which stores pricing information. I would like to secure the information stored in this table.

    1. How will i avoid unnecessary updates into this table?

    2. Is it possible to hide this table?

    Regards,

    Sairam

  • November 11, 2008 at 11:22 pm

    #897345

    sairams (11/11/2008)

    Hi,

    My problem is that i have a table which stores pricing information. I would like to secure the information stored in this table.

    1. How will i avoid unnecessary updates into this table?

    2. Is it possible to hide this table?

    Regards,

    Sairam

    encryt the confidential values

    kshitij kumar
    kshitij@krayknot.com
    www.krayknot.com

  • November 11, 2008 at 11:38 pm

    #897348

    Dear kshitij,

    Thanks 4 your reply...

    Encrypting the confidential values means i need to do a mass work on the application..Is there any other better option

    Thanks,

    Sairam

  • November 12, 2008 at 12:09 am

    #897359

    sairams (11/11/2008)

    Dear kshitij,

    Thanks 4 your reply...

    Encrypting the confidential values means i need to do a mass work on the application..Is there any other better option

    Thanks,

    Sairam

    yes

    store the pricing in xml and at the tiime of requirement, call the xml data in table variable (if the size is upto medium) and use temp table temprarily.

    but encryption is the best option. just write an encryption function call it on the Insert trigger.

    but the dB must be safe with proper credentials

    kshitij kumar
    kshitij@krayknot.com
    www.krayknot.com

  • November 12, 2008 at 12:28 am

    #897362

    sairams (11/11/2008)

    Dear kshitij,

    Thanks 4 your reply...

    Encrypting the confidential values means i need to do a mass work on the application..Is there any other better option

    No better option. Encryption is the best way to ensure that confidential data remains confidential. Use the built-in 2005 encryption. If you don't have time to do that, make sure that access to the table is limited to just the people who really need access to it and that no one has update rights to it.

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass

  • November 12, 2008 at 12:35 am

    #897366

    krayknot (11/12/2008)

    yes

    store the pricing in xml and at the tiime of requirement, call the xml data in table variable (if the size is upto medium) and use temp table temprarily.

    How does that secure the confidential data?

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass

  • November 12, 2008 at 1:18 am

    #897375

    GilaMonster (11/12/2008)

    krayknot (11/12/2008)

    yes

    store the pricing in xml and at the tiime of requirement, call the xml data in table variable (if the size is upto medium) and use temp table temprarily.

    How does that secure the confidential data?

    he wants to hide the table and he can hide the xml.

    kshitij kumar
    kshitij@krayknot.com
    www.krayknot.com

  • November 12, 2008 at 1:27 am

    #897378

    krayknot (11/12/2008)

    he wants to hide the table and he can hide the xml.

    Where? In another table? In the file system? Some other place?

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass

  • November 12, 2008 at 2:29 am

    #897383

    GilaMonster (11/12/2008)

    krayknot (11/12/2008)

    he wants to hide the table and he can hide the xml.

    Where? In another table? In the file system? Some other place?

    not in another table. just on the physical path.

    create the xml file on the physical path and hide it by using xp_cmdshell.

    use that file for data storage.

    Do all basic dB operations on it with the help of table variable

    but this is only feasible for the less amount of data

    kshitij kumar
    kshitij@krayknot.com
    www.krayknot.com

  • November 12, 2008 at 6:41 am

    #897473

    That's security through obscurity and it doesn't work. It makes it harder to find the sensitive data, not impossible.

    Plus that now requires file backups synced with DB backups, careful security considerations around xp_cmdshell, and additional restore and admin complexities

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass

Viewing 10 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic. Login to reply