堆栈内存溢出
  简体   繁体   English

如何对表的某些列中的数据进行加密/解密,以及在插入新记录时也应对其进行加密

[英]How to encrypt/decrypt data in some columns of a table and when a new record gets inserted it should also get encrypt

 原文  2018-12-18 10:40:35       sql/ sql-server/ tsql/ encryption/ symmetric-key

问题描述

i know like this to insert a new record 我知道这样插入新记录 

INSERT INTO dbo.Customer_data (Customer_id, Customer_Name, Credit_card_number)
VALUES (25665, 'mssqltips4', EncryptByKey( Key_GUID('SymmetricKey1'), CONVERT(varchar,'4545-58478-1245') ) );

but i want to insert a new record with a normal insert statement which should get encrypted. 但是我想用应该被加密的普通插入语句插入一条新记录。 ex: 例如: 

INSERT INTO dbo.Customer_data (Customer_id, Customer_Name, Credit_card_number)
VALUES (25665, 'mssqltips4','4545-58478-1245') ) );

1 个解决方案

解决方案1
 0  2018-12-18 10:56:32

Few months ago I had similar situation. 几个月前,我遇到过类似情况。 A table containing personal data need to have some of the columns encrypted, but the table is used in legacy application and have many references. 包含个人数据的表需要对某些列进行加密,但是该表在旧版应用程序中使用并且具有许多引用。

So, I you can create a separate table to hold the encrypted data: 因此,我可以创建一个单独的表来保存加密的数据: 

CREATE TABLE [dbo].[Customer_data_encrypted]
(
    [customer_id] PRIMARY KEY -- you can create foreign key to the original one, too
   ,[name] VARBANRY(..)
   ,[cretit_card_numbe] VARBINARY(..)
);

Then create a INSTEAD OF INSERT UPDATE DELETE trigger on the original table.The logic in the trigger is simple: 然后在原始表上创建一个INSTEAD OF INSERT UPDATE DELETE 触发器,触发器中的逻辑很简单:

  1. on delete, delete from both tables 删除时,从两个表中删除
  2. on update/insert - encrypt the data and insert in the new table; 更新/插入时-加密数据并插入新表中; use some kind of mask to the original table (for example *** or 43-****-****-**** ) 对原始表使用某种掩码(例如***43-****-****-****

Then, perform a initial migration to move the data from the original table to the new one and then mask it. 然后,执行一次初始迁移,以将数据从原始表移至新表,然后对其进行屏蔽。

Performing the steps above are nice because: 执行上述步骤非常好,因为:

  1. every insert/update to the original table continue to works 对原始表的每次插入/更新都继续有效
  2. you can create the trigger with EXECUTE AS OWNER in order to have access to the symmetric keys and perform changes directly in the T-SQL statement without opening the certificates or by users who have not access to them 您可以使用EXECUTE AS OWNER创建触发器,以便能够访问对称密钥并直接在T-SQL语句中执行更改,而无需打开证书或无法访问证书的用户
  3. in all reads references you are going to get mask data, so you are not worried for breaking the application critically 在所有读取引用中,您将获取掩码数据,因此您不必担心严重破坏应用程序
  4. having trigger gives you ability to easy create and changes information 具有触发器使您能够轻松创建和更改信息

It depends on your environment and business needs because for one of the tables I have stored the encrypted value as new column, not separate table. 这取决于您的环境和业务需求,因为对于其中一个表,我已将加密值存储为新列,而不是单独的表。 So, choose what is more appropriate for you. 因此,选择更适合您的东西。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在表 A 中插入新行时,表 B 中也会插入另一行 - When inserting a new row in table A, another row also gets inserted in table B 加密/解密列,而不更改现有功能 - Encrypt/decrypt columns, without changing existing functionality 如何创建一个表,以便在插入记录时将复合键值插入另一列? - How to create a table such that when ever a record is inserted, composite key values gets inserted in another column? NET中的SQL解密中的加密-我是如何做到的 - Encrypt in SQL Decrypt in .Net - How i made it 加密/解密连接字符串 - Encrypt/Decrypt Connection Strings 加密mysql表中已经存在的数据 - encrypt data that is already in mysql table 在oracle中插入或更新新记录时更新同一表的记录 - Updating the record of same table when new record is inserted or updated in oracle 当表有新记录时自动在另一条记录中创建一条记录 - Create a record automatically in another record when table gets a new record 如何将 getDate() 插入到表中的列中,该列也有使用 OPENJSON 和 CROSSAPPLY 插入数据的列 - How to INSERT getDate() into a column in a table which also has columns that have data inserted with OPENJSON and CROSSAPPLY 如何使用对称密钥加密和解密SQL Server中的整数数据类型列 - How to encrypt and decrypt integer data type column in SQL Server using symmetric key
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM