SQL 2000 DB Encryption

  • We are running SQL 2000 Database server. One of the clients wants to encrypt SQL Database. There are many third party applications use the SQL database. How to encrypt the SQL Database without requiring any changes to these third party applications. Pls help me.

    Thanks in advance

  • You don't want to encrpyt the entire database. You'll kill performance.

    Encrypt certain columns, but if you don't change the app and decrypt on the clients, you're sending unencrypted stuff on the wire.

    Not sure who's still doing SQL 2000 encryption, try DBCrypt or AppSec Inc.

  • thanks steve,

    I want to encrypt only certain columns in SQL Database. Without require any change to the applications; how I can encrypt and decrypt the columns within SQL server side only.

  • You can't... you would be sending unencrypted data over the wire. Defeats one of the two purposes of encryption altogether.

    --Jeff Moden


    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

    Change is inevitable... Change for the better is not.


    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)

  • Still better than nothing... but what is the cost of performance for doing this? and what is there to be gained?

  • Actually, it's worse than nothing... leads folks into a false sense of security even though their data is flapping in the breeze 😉

    --Jeff Moden


    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

    Change is inevitable... Change for the better is not.


    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)

  • There are a few products that you can use, but it's a complicated endeavor. The way you're asking the question leads me to believe you're asking for trouble. If you don't understand the implications of encrypting data, you can get yourself into trouble.

    There's free software here: http://www.sqlservercentral.com/articles/Security/freeencryption/1980/

    but I'd really recommend you pick a commercial product to help you.

    Netlib has one (http://www.netlib.com/sql-column-encryption-api.asp), don't see any other companies still in business.

    I guess you could SSL on the wire to clients.

  • Thanks for your helps. I want to encrypt/decrypt only at the Server side only and few columns in the SQL Tables. I do not care about the decrypted data going thru the network. When users use SQL analyser, they should not see the encrypted data. Pls direct me to the right tools for this purpose. I need to do this ASAP.

  • I mean, when the users use sql analyser, they should see encrypted data, they should not be seening the actual data.

  • I've used ActiveCrypt for past 7 years without issue in SQL Server 2000. However like Netlib it requires increasing columns length and changing data types to stored the encrypted text. Both ActiveCrypt and Netlib use extended stored procedures and functions. When I upgraded to 2005 I switched the encryption to use native SQL 2005 encryption however like Netlib and ActiveCrypt requires modifying columns length and possible datatypes to stored the encrypted text.

    I had a couple of conversations with Ingrian, they sell an appliance based device which supposedly encrypts data at rest as well as data on the wire. I do not know if it is transparent data encryption i.e. does not require modifying schema to accommodate encryption. Apparently their product is used by some of the credit card companies.

  • Not sure if it's god enough for your purpose but have a look at this article:

    http://www.sqlservercentral.com/articles/Security/freeencryption/1980/

    Markus

    [font="Verdana"]Markus Bohse[/font]

  • Here is an idea...

    Create views of the tables which do NOT reveal the columns. Grant access to the views. Revoke access to the tables for those users. It's the quickest and safest solution (and does not impact application performance) as long as the users don't have to have access to the tables due to an application.

    Otherwise, you're looking at potentially having to recode apps/rewrite stored procedures to handle the encryption/de-encryption.

    K. Brian Kelley
    @kbriankelley

Viewing 12 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic. Login to reply