stackoom
  简体   繁体   中英

MS SQL Server: Securing column level data

 原文  2014-01-30 11:25:10       java/ sql-server/ security/ encryption/ hash

Question

We already have an application being developed and now we want to secure(encrypting\\hashing) the table columns in the database ( MS SQL Server 2008 ). These few columns are like passwords, credit card numbers, SSN etc.

It is Java (1.5) based application and we are not using any api's like hibernate. Everything has been done from scratch.

I want to secure this data in such a way that it is not useful for anyone reading it. Can someone please advice how to do it (best practices) and what are the disadvantages in terms of performance?

Can this be done at database level (I am not talking about the whole db encrytion)?

Thanks

1 answers

solution1
 1  2014-01-30 11:33:42

SQL server has encryption built in. Here is some sample code taken from my book about security (SQL Server 2012 Security Cookbook) : 

USE marketing ;

-- create the database master key
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'a very strong password';

-- a sample table
CREATE TABLE dbo.Customer ( 
    CustomerId int NOT NULL IDENTITY(1,1) PRIMARY KEY, 
    Firstname varchar(50) NOT NULL, 
    Lastname varchar(50) NOT NULL, 
    CreditCardInfo varbinary(2000) NOT NULL 
) 

-- a certificate to protect the encryption key
CREATE CERTIFICATE KeyProtectionCert 
WITH SUBJECT = 'to protect symmetric encryption keys'; 

-- the symmetric encryption key
CREATE SYMMETRIC KEY CreditCardSKey 
WITH ALGORITHM = AES_256,
     KEY_SOURCE = '4frT-7FGHFDfTh98#6erZ3dq#«',
     IDENTITY_VALUE = 'l·Fg{(ZEfd@23fz4fqeRHY&4efVql'
ENCRYPTION BY CERTIFICATE KeyProtectionCert; 

-- using the encryption key
OPEN SYMMETRIC KEY CreditCardSKey 
DECRYPTION BY CERTIFICATE KeyProtectionCert; 

INSERT INTO dbo.Customer (Firstname, LastName, CreditCardInfo) 
VALUES ('Jim', 'Murphy', 
EncryptByKey(Key_Guid('CreditCardSKey'), '1111222233334444;12/13,456', 1, 'JimMurphy') 
); 

CLOSE SYMMETRIC KEY CreditCardSKey;

--To read the data and get back the original unencrypted data (the plaintext), we use the DecryptByKey() function: 
OPEN SYMMETRIC KEY CreditCardSKey DECRYPTION BY CERTIFICATE KeyProtectionCert; 

SELECT Firstname, Lastname,  
CAST(DecryptByKey(CreditCardInfo, 1, Firstname + Lastname) as varchar(50)) 
FROM dbo.Customer; 

CLOSE SYMMETRIC KEY CreditCardSKey;

-- or without opening it :
SELECT Firstname, Lastname,  
CAST(DecryptByKeyAutoCert(CERT_ID('KeyProtectionCert'), NULL, CreditCardInfo, 1, Firstname + Lastname) as varchar(50)) 
FROM dbo.Customer;

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Hibernate and MS SQL Server Identity column JDBC not inserting data into MS SQL Server Copying the data from MS SQL server to MySQL Securing data while calling API and store it in SQL Why spring-data-jpa is not creating tables in MS SQL server? connecting to local MS SQL Server Connecting to MS SQL Server with JRuby Restore .bak on MS SQL server Cannot connect to MS SQL SERVER connect to ms sql database in a server
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM