Results 1 to 7 of 7

Thread: SQL Server 2005 Encryption

  1. #1
    Join Date
    Jul 2005
    Posts
    3

    SQL Server 2005 Encryption

    I have a question about SQL Server 2005 Encryption. Is there a way to encrypt an entire database (or selected columns) and then selectively grant access to certain columns based on individual or group priviledges? For example the entire database is encrypted but Bob has read access to fields 1,2,5 and 9 based on his privs and Steve has access to fields 4,5,6 based on his privs while Ted has no access at all. When I say encrypt the database or selected columns I mean do this via the managment interface not programatically. Otherwise if the only way to do something like this is programatically and that means current applications would need to be modified...which would be BAD.

  2. #2
    Join Date
    Sep 2002
    Posts
    5,938
    No as I aware of.

  3. #3
    Join Date
    Feb 2003
    Posts
    1,048
    Why would you need to encrypt fields that they don't have access to?

    You can create views for each user that only returns the columns for which they have access.

  4. #4
    Join Date
    Jul 2005
    Posts
    3
    Because I want the data that is sitting in those tables to be encrypted so that if someone hacks the computer that SQL Server is installed on or if someone removes the physical disk the data should be unreadable.

    So is there a way in SQL Server 2005 to encrypt all or select data in tables and selectively give decryption rights based on individual or group membership? Of couse without having to modify currently written applications.

  5. #5
    Join Date
    Feb 2003
    Posts
    1,048
    No, and if someone can hack the computer, user permissions isn't going to stop them from getting the data. In order to do what you want, you'll have to set up an interface that decrypts select fields of data before sending the result sets to the user.

  6. #6
    Join Date
    Jul 2005
    Posts
    3
    If user permissions included encryption key exchange thats what would determine whether certain fields could be decrypted or not. Otherwise the data physically sitting in the tables would be encrypted. So if someone hacked the box or for that matter stole the harddrive all the thief would get is a database full of encrypted fields because he wouldnt have the key. There are some 3rd party products that will do this but I was hoping Yukon would have this built-in since they talk about security so much with it.

    Thanks a lot for the help!!!

  7. #7
    Join Date
    Sep 2002
    Posts
    5,938
    No, Yukon doesn't have that feature builtin.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •