tags:

views:

73

answers:

2
+2  Q: 

security libraries for SQL Server

I have some extended classes (utilizing both HMAC and cryptographic tech), and I'm hoping to utilize them for a new product's database from said database's stored procedures (inclusive of time logging, user-event logging, etc.) under SQL Server.

Can anyone recommend a resource detailing the best ways to achieve this or optionally advise a more preferable approach to low-level, data-layer access-security that includes automated interaction logging?

+2  A: 

Do you have the option of encrypting at the application layer? This will ensure that it's encrypted going over the wire as well as ensuring that a nosy DBA doesn't see the unencrypted information using Profiler or a trace.

K. Brian Kelley  2009-05-14 14:01:08
And I say that as a DBA. :)
K. Brian Kelley  2009-05-14 14:01:28
yes I do -- do you recommend doing both?
Hardryv  2009-05-14 14:12:03
I would pick one layer and do the encryption at that layer only, if you can. Simpler is better.
K. Brian Kelley  2009-05-14 14:15:05
Even though you've convinced me the application layer is where I should focus security efforts, there are other potential libraries (XPath manipulation and such) I'd still like to manipulate within stored procedures, as I'm much more developer and much less DBA(DBAnthing), is there a way to accomlish that?
Hardryv  2009-05-14 14:35:34
Per my 'answer' below I'll be doing both now... encrypting at the application layer and decrypting at the stored procedure level -- perfect.
Hardryv  2009-05-27 17:40:54
+1  A: 

custom source libraries accessible to SQL Server... no problem says Microsoft... anything developed in C# / VB.NET can be taken via CIL / CLR directly into SQL Server to be used as a custom library, etc. within stored procedures, etc.

I'm off to finalize & test...

Hardryv  2009-05-27 17:39:41

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?