tags:

views:

398

answers:

9
+6  Q: 

database encryption

Hi all,

I need my database to be secure in case of the hard drive being stolen.

I have not seen many databases (even mainstream ones) claiming to support encryption.

  • Do you guys know of any databases that support encryption?
  • If I'm using a database that doesn't support encryption, is it a bad idea to encrypt data natively (using java encryption libraries, for example)? Would this potentially cause a problem for databases with strongly typed fields?
  • What other solutions are available for encrypting my database?

Please let me know.

Thanks in advance, jbu

+6  A: 

Maybe you should think to encrypt your entire hard disk drive. This is done natively at the filesystem level.

It uses the windows credentials to encrypt it. So, even if your entire computer is stolen, your data is protected.

The stealer will have to reformat the drive to use it.

Of course, if your computer use auto-login, it's not an option for you.

HTH, even if it's not really a database encryption solution.

vIceBerg  2008-11-11 17:49:20
There is, of course, encryption solutions available for other OS than Windows as well.
kigurai  2008-11-11 18:02:04
And of course you can always partition off a chunk for the DB (and any other data that needs to be secured) and just do the encryption there.
Adam Jaskiewicz  2008-11-11 18:10:08
Remember to keep an eye on performance: unless encryption is done by hardware, encrypting the HD can easily half your read-write performance. If not expecting too much requests, having Windows encrypt the whole HD may be fine.
Joe Pineda  2008-11-11 18:57:19
+2  A: 

Fujitsu and Samsung sell hard drives that incorporate the encryption at the hard drive level. I don't know if these are an option for your problem.

JeeBee  2008-11-11 17:52:15
A: 

SQL Compact DBs offer encryption out of the box by giving them a password.

http://blogs.msdn.com/stevelasker/archive/2008/05/14/security-and-encryption-for-sql-server-compact.aspx

Echostorm  2008-11-11 17:53:51
A: 

Not sure if it's an option for you, but the developer of SQLite sells versions of the library that utilize encrypted database backends: http://www.hwaci.com/sw/sqlite/prosupport.html#crypto.

dongola7  2008-11-11 17:55:05
+3  A: 

MS SQL Server 2008 definitely supports it. Not so sure about older versions.

Brian Knoblauch  2008-11-11 17:55:34
+2  A: 

Both Microsoft SQL Server and Oracle have support for database encryption. SQL Server 2008 adds Transparent Data Encryption which did not exist in SQL Server 2005 which only supported cell level encryption.

nrl  2008-11-11 17:59:01
+1  A: 

Sybase SQL Anywhere supports both 128-bit and 256-bit AES encryption.

Graeme Perrow  2008-11-11 18:01:33
+2  A: 

Oracle has support for something called Transparent Encryption and it works with a wallet.

Perhaps due to our implementation, we did not have success with it. We ran into issues where once ANY credentialed user (ie. one with the wallet entry) accessed the data, it was open for all those that had access to the table. If your concern is only for encryption at rest, this might work for you (you would want to verify in Oracle's documentation that it does encrypt at rest) - if you need encrypted transmission in/out of the DB, I'm not certain this is what you're after.

All that said - I think going with a solution such as the hard drive-level encryption suggested in another post is probably more up your alley, given your question.

Disclaimer: I am not a DBA by trade, so I can only offer this from the experience we had with the Oracle technology. I work at a Fortune 500 company, and we certainly had the right types of people looking at it.

agartzke  2008-11-11 18:03:57
FYI, that is the intended behavior. TDE is designed only to encrypt data at rest so that attackers that get your data files cannot see the data. It is designed to transparently decrypt the data when an authorized user (i.e. a user with SELECT access) tries to read the data.
Justin Cave  2008-11-12 05:32:09
+1  A: 

If you are looking for a good embedded database that supports encryption, I'd recommend SQLCipher*, which is a version of SQLite that provides transparent database encryption under an open source license. The obvious use case is in mobile and stand-alone applications.

*Full disclosure: I'm on the dev team.

Billy Gray  2009-09-30 17:54:53

related questions

What language do you use for Postgresql triggers and stored procedures?
Are Multiple DataContext classes ever appropriate?
Which tools do people use to create Data Dictionaries?
Any experiences with Protocol Buffers?
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
How do I index a database field
How does database indexing work?
How do I connect to a database and loop over a recordset in C#?
Editing database records by multiple users
Object Oriented vs Relational Databases
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
Embedded Database for .net that can run off a network
Connect PHP to an AS/400
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
.NET Migrations Engine
Is there a version control system for database structure changes?
SQLite and XSD
How do I version my MS SQL database in SVN?
XSD DataSets and ignoring foreign keys
Flat File Databases in PHP
Throw Error In MySQL Trigger
Binary Data in MySQL