堆栈内存溢出
  简体   繁体   English

MS SQL Server:保护列级数据

[英]MS SQL Server: Securing column level data

 原文  2014-01-30 11:25:10       java/ sql-server/ security/ encryption/ hash

问题描述

We already have an application being developed and now we want to secure(encrypting\\hashing) the table columns in the database ( MS SQL Server 2008 ). 我们已经有一个正在开发的应用程序,现在我们想要保护(加密\\散列)数据库中的表列( MS SQL Server 2008 )。 These few columns are like passwords, credit card numbers, SSN etc. 这几列就像密码,信用卡号,SSN等。

It is Java (1.5) based application and we are not using any api's like hibernate. 这是基于Java (1.5)的应用程序,我们没有使用任何像冬眠之类的api。 Everything has been done from scratch. 一切都从头开始。

I want to secure this data in such a way that it is not useful for anyone reading it. 我想以对任何人都没有用的方式保护此数据。 Can someone please advice how to do it (best practices) and what are the disadvantages in terms of performance? 有人可以建议如何做(最佳做法),以及在性能方面有哪些缺点?

Can this be done at database level (I am not talking about the whole db encrytion)? 可以在数据库级别完成此操作(我不是在讨论整个数据库加密)吗?

Thanks 谢谢

1 个解决方案

解决方案1
 1  2014-01-30 11:33:42

SQL server has encryption built in. Here is some sample code taken from my book about security (SQL Server 2012 Security Cookbook) : SQL Server内置了加密功能。以下是一些示例代码,摘自我的有关安全性的书(《 SQL Server 2012安全食谱》): 

USE marketing ;

-- create the database master key
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'a very strong password';

-- a sample table
CREATE TABLE dbo.Customer ( 
    CustomerId int NOT NULL IDENTITY(1,1) PRIMARY KEY, 
    Firstname varchar(50) NOT NULL, 
    Lastname varchar(50) NOT NULL, 
    CreditCardInfo varbinary(2000) NOT NULL 
) 

-- a certificate to protect the encryption key
CREATE CERTIFICATE KeyProtectionCert 
WITH SUBJECT = 'to protect symmetric encryption keys'; 

-- the symmetric encryption key
CREATE SYMMETRIC KEY CreditCardSKey 
WITH ALGORITHM = AES_256,
     KEY_SOURCE = '4frT-7FGHFDfTh98#6erZ3dq#«',
     IDENTITY_VALUE = 'l·Fg{(ZEfd@23fz4fqeRHY&4efVql'
ENCRYPTION BY CERTIFICATE KeyProtectionCert; 

-- using the encryption key
OPEN SYMMETRIC KEY CreditCardSKey 
DECRYPTION BY CERTIFICATE KeyProtectionCert; 

INSERT INTO dbo.Customer (Firstname, LastName, CreditCardInfo) 
VALUES ('Jim', 'Murphy', 
EncryptByKey(Key_Guid('CreditCardSKey'), '1111222233334444;12/13,456', 1, 'JimMurphy') 
); 

CLOSE SYMMETRIC KEY CreditCardSKey;

--To read the data and get back the original unencrypted data (the plaintext), we use the DecryptByKey() function: 
OPEN SYMMETRIC KEY CreditCardSKey DECRYPTION BY CERTIFICATE KeyProtectionCert; 

SELECT Firstname, Lastname,  
CAST(DecryptByKey(CreditCardInfo, 1, Firstname + Lastname) as varchar(50)) 
FROM dbo.Customer; 

CLOSE SYMMETRIC KEY CreditCardSKey;

-- or without opening it :
SELECT Firstname, Lastname,  
CAST(DecryptByKeyAutoCert(CERT_ID('KeyProtectionCert'), NULL, CreditCardInfo, 1, Firstname + Lastname) as varchar(50)) 
FROM dbo.Customer;

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Hibernate和MS SQL Server标识列 - Hibernate and MS SQL Server Identity column JDBC 未将数据插入 MS SQL 服务器 - JDBC not inserting data into MS SQL Server 将数据从MS SQL Server复制到MySQL - Copying the data from MS SQL server to MySQL 在调用 API 时保护数据并将其存储在 SQL 中 - Securing data while calling API and store it in SQL 为什么spring-data-jpa没有在MS SQL Server中创建表? - Why spring-data-jpa is not creating tables in MS SQL server? 连接到本地MS SQL Server - connecting to local MS SQL Server 使用JRuby连接到MS SQL Server - Connecting to MS SQL Server with JRuby 在MS SQL Server上还原.bak - Restore .bak on MS SQL server 无法连接到MS SQL SERVER - Cannot connect to MS SQL SERVER 连接到服务器中的ms sql数据库 - connect to ms sql database in a server
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM