[英]Azure SQL Database Transparent Data Encryption(TDE) + Always Encrypted safe?
I was curious if anyone knows if you can combine Transparent Data Encryption(TDE) and Always Encrypted column-level encryption simultaneously without causing problems? 我很好奇是否有人可以同时使用透明数据加密(TDE)和始终加密列级加密而不会引起问题?
TDE encrypts the entire database but the table data can still be viewed by database administrators. TDE对整个数据库进行加密,但是数据库管理员仍可以查看表数据。 Whereas Always Encrypted protects data from our staff by encrypting the values stored within the table.
而Always Encrypted通过加密存储在表中的值来保护我们员工的数据。 But we only need to protect a few columns in this way.
但是我们只需要以这种方式保护几个列。
I read that it is risky to perform actions such as compression on an Always Encrypted column. 我读到,在“始终加密”列上执行诸如压缩之类的操作是有风险的。 So I wonder if adding TDE to a database using Always Encrypted will be ok?
所以我想知道是否可以使用“始终加密”将TDE添加到数据库中? I don't want to risk corrupting the data.
我不想冒险破坏数据。
Thanks 谢谢
I don't see why that wouldn't work. 我不明白为什么这行不通。 TDE and Always Encrypted are basically different approaches:
TDE和始终加密是基本上不同的方法:
When you use both - you have encoded data in columns which is kept in encoded data files. 当您同时使用两者时-您已将数据编码在保留在编码数据文件中的列中。
I read that it is risky to perform actions such as compression on an Always Encrypted column
我读到,在“始终加密”列上执行诸如压缩之类的操作是冒险的
I cannot find any references to that. 我找不到任何引用。 You could be misguided by idea that there's no sense in compressing encrypted data.
您可能会误以为压缩加密数据毫无意义 。
Microsoft about TDE backup compression : Microsoft关于TDE备份压缩 :
Encrypted data compresses significantly less than equivalent unencrypted data.
加密的数据压缩比等效的未加密数据少得多。 If TDE is used to encrypt a database, backup compression will not be able to significantly compress the backup storage.
如果使用TDE加密数据库,则备份压缩将无法显着压缩备份存储。 Therefore, using TDE and backup compression together is not recommended.
因此,不建议同时使用TDE和备份压缩。
Microsoft about Always Encrypted compression : Microsoft关于Always Encrypted压缩 :
Encrypted data cannot be compressed, but compressed data can be encrypted.
加密的数据无法压缩,但是压缩的数据可以加密。 If you use compression, you should compress data before encrypting it
如果使用压缩,则应在加密数据之前先压缩数据
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.