堆栈内存溢出
  简体   繁体   English

Azure SQL数据库透明数据加密(TDE)+始终加密安全吗?

[英]Azure SQL Database Transparent Data Encryption(TDE) + Always Encrypted safe?

 原文  2016-02-20 18:46:13       c#/ sql-server/ azure/ encryption/ always-encrypted

问题描述

I was curious if anyone knows if you can combine Transparent Data Encryption(TDE) and Always Encrypted column-level encryption simultaneously without causing problems? 我很好奇是否有人可以同时使用透明数据加密(TDE)和始终加密列级加密而不会引起问题?

TDE encrypts the entire database but the table data can still be viewed by database administrators. TDE对整个数据库进行加密,但是数据库管理员仍可以查看表数据。 Whereas Always Encrypted protects data from our staff by encrypting the values stored within the table. 而Always Encrypted通过加密存储在表中的值来保护我们员工的数据。 But we only need to protect a few columns in this way. 但是我们只需要以这种方式保护几个列。

I read that it is risky to perform actions such as compression on an Always Encrypted column. 我读到,在“始终加密”列上执行诸如压缩之类的操作是有风险的。 So I wonder if adding TDE to a database using Always Encrypted will be ok? 所以我想知道是否可以使用“始终加密”将TDE添加到数据库中? I don't want to risk corrupting the data. 我不想冒险破坏数据。

Thanks 谢谢

1 个解决方案

解决方案1
 0 已采纳  2016-02-22 09:36:28

I don't see why that wouldn't work. 我不明白为什么这行不通。 TDE and Always Encrypted are basically different approaches: TDE和始终加密是基本上不同的方法:

  • TDE encodes data files, and (IMHO) the only reason to use that is to prevent data compromising when physical files are stolen TDE对数据文件进行编码,并且(IMHO)使用该文件的唯一原因是为了防止物理文件被盗时数据受损
  • Always Encrypted encrypts data in columns using public-private keys, so even if you know login/pass to database - you still need private key to decode data; “始终加密”使用公私钥对列中的数据进行加密,因此,即使您知道登录/传递到数据库的权限,您仍然需要私钥才能解码数据; it is used for sensitive data like credit cards etc 它用于敏感数据,如信用卡等

When you use both - you have encoded data in columns which is kept in encoded data files. 当您同时使用两者时-您已将数据编码在保留在编码数据文件中的列中。

I read that it is risky to perform actions such as compression on an Always Encrypted column 我读到,在“始终加密”列上执行诸如压缩之类的操作是冒险的

I cannot find any references to that. 我找不到任何引用。 You could be misguided by idea that there's no sense in compressing encrypted data. 您可能会误以为压缩加密数据毫无意义

Microsoft about TDE backup compression : Microsoft关于TDE备份压缩

Encrypted data compresses significantly less than equivalent unencrypted data. 加密的数据压缩比等效的未加密数据少得多。 If TDE is used to encrypt a database, backup compression will not be able to significantly compress the backup storage. 如果使用TDE加密数据库,则备份压缩将无法显着压缩备份存储。 Therefore, using TDE and backup compression together is not recommended. 因此,不建议同时使用TDE和备份压缩。

Microsoft about Always Encrypted compression : Microsoft关于Always Encrypted压缩

Encrypted data cannot be compressed, but compressed data can be encrypted. 加密的数据无法压缩,但是压缩的数据可以加密。 If you use compression, you should compress data before encrypting it 如果使用压缩,则应在加密数据之前先压缩数据

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 始终加密的方法在移动(插入)Azure数据库之前对数据进行加密 - Is Always Encrypted method Encrypts data's the before moving(inserting into) Azure Database 使用C#/。NET使用KeyVault为SQL Azure配置始终加密 - Configure Always Encrypted for SQL Azure with KeyVault using C#/.NET 将 SQL Server Always Encrypted 与 SSIS 和 Azure Key Vault 结合使用 - Use SQL Server Always Encrypted with SSIS and Azure Key Vault 对称加密(AES):保存IV和Salt以及加密数据是否安全且正确? - Symmetric Encryption (AES): Is saving the IV and Salt alongside the encrypted data safe and proper? 由于缺少SSL加密,连接到SQL Azure数据库失败 - Connecting to SQL Azure Database fails due to missing SSL encryption SQL 2016始终加密-使用加密和未加密列的联接操作? - Sql 2016 Always Encrypted - Join operation with Encrypted and Non Encrypted column? U-SQL和/或Azure Data Lake Store中的PGP加密 - PGP Encryption in U-SQL and/or Azure Data Lake Store SQL Server TDE 和 LINQ - SQL Server TDE and LINQ 如何在C#asp.net中从数据库解密加密密钥并将其用于从数据库中获取数据。 使用AES加密 - How to decrypt an encrypted key from database and use it for fetching data from database in C# asp.net . Encryption is done with AES LINQ 到 SQL - 始终加密列 - 不工作 - LINQ to SQL - Always Encrypted Column - Not working
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM