[英]Encryption SQL Server 2005
I have a SQL Server 2005 Database and I am planning to encrypt some of my columns using PassByPhrase. 我有一个SQL Server 2005数据库,并计划使用PassByPhrase加密某些列。 But these columns have to be displayed in the original form on my ASP.Net web pages and on some Crystal Reports.
但是这些列必须以原始形式显示在我的ASP.Net网页和某些Crystal Reports上。 Now I know that I will have to create a Stored Procedure to decrypt the columns and run this stored procedure every time my classes (which display the data) hit the database.
现在我知道,每次我的类(显示数据)访问数据库时,我都必须创建一个存储过程来解密列并运行此存储过程。 But if I store my passphrase in some stored procedure, then anybody who has access to the database can open the stored procedure and get the value of the pass phrase.
但是,如果我将密码短语存储在某个存储过程中,那么任何有权访问数据库的人都可以打开该存储过程并获取密码短语的值。 Then what's the point of encryption?
那加密的重点是什么?
So my questions are: 所以我的问题是:
How would I display my Encrypted columns(in their original form) on a ASP webpage or a Crystal Report? 如何在ASP网页或Crystal Report上显示加密的列(以其原始形式)?
How should I store my Passphrase? 我应该如何保存密码?
There is no magic bullet. 没有魔术子弹。 the problem you see is always there when a service has to access data on an user behalf.
当服务必须代表用户访问数据时,您始终会看到您遇到的问题。 Encryption is not a substitute for access protection.
加密不能替代访问保护。 If you need to display encrypted data then you must present the decryption key.
如果需要显示加密的数据,则必须出示解密密钥。 There are only two possibilities:
只有两种可能性:
That's all there is. 这就是全部。 Anything else is either a variation on the encryption hierarchy theme (eg. storing passwords in ASP.Net config files under protected sections) or plain old snake oil (like embedding passwords in app code).
其他任何事情都不是加密层次结构主题的变体(例如,将密码存储在ASP.Net配置文件中受保护的部分下),还是普通的老蛇油(例如在应用程序代码中嵌入密码)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.