March 30, 2007 at 12:49 pm
There has been some concern at my site about people getting a hold of the database file and log file (and backups) and attaching these "stolen" files and then able to read the data.
What folks are looking for is some way to encrypt the database file (not the tables or columns, but the who file(s)). I can't find anything that offers this as an option for SQL, but wanted to throw this out for comment.
Thanks, Tom
April 2, 2007 at 11:46 am
It is somewhat difficult to get a database file and log file to work re-attaching it if you copied it while it is still attached and in use. If you do not have significant down time for your server, these files are typically pretty safe on their own. Keep them in a directory on the server that is not shared and few people can access and you are probably in good shape.
Backup files are a bit of a different story and I think are often overlooked as security problems. A reasonable strategy could be to make sure these files are not accessible to very many people. In addition to this, there are some third-party backup applications that can create backups to files with an encryption key to prevent them from being restored. You could also create backups to local, inaccessible backup directories, use PGP or another encryption application to encrypt the files, and then move them to the folders your backup software can access.
The other option would be to encrypt the data in the database and then being able to restore the database is not much of a concern.
Try to keep the plan reasonable and as simple as you can or you will find yourself tubbling down a steep hill in no time. At the end of the day if you find yourself trying to encrypt files so your network administrators and database administrators cannot get to it, you need to ask yourself how sensitive the data really is.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply