We have recently implemented Transparent Data Encryption in SQL Server 2008 for local databases on our developers laptops to keep them protected in the case a laptop is stolen or lost. This works fine. Now we are trying to figure out a way to have the certificate expire everyday, forcing an automated process (a script at logon maybe) t...
Our client need to encrypt the MOSS content database so the content db should not be able to view by DBA or unauthorized people without the right encryption key. Seem the Transparent Data Encryption (TDE) in SQL Server 2008 cannot protect the sensitive information from DBA cause TDE is designed to protect data 'at rest'. Does anyone her...
Is it possible to take a database that is using TDE and create a backup file that is not encrypted? I know that I could create a backup, import into another database (using the key and certificate), turn off TDE and create a backup. I'm wondering if there is a more straight forward approach. ...
USE MyDatabase GO CREATE DATABASE ENCRYPTION KEY WITH ENCRYPTION ALGORITHM = AES_256 BY SERVER CERTIFICATE TDECert GO when i execute this statement in SQL Server 2008 I get the error: Msg 156, Level 15, State 1, Line 1 Incorrect syntax near the keyword 'KEY'. Msg 319, Level 15, State 1, Line 2 Incorrect syntax near the key...
My question is a duplicate of - http://stackoverflow.com/questions/2230189/oracle-transparent-data-encryption-undecrypted-access - but for SQL Server 2008. Can I set up a SQL Server 2008 database in a way that all of the following statements are true? a) certain columns, potentially all columns are encrypted, so that direct file acce...
With respect to Oracle Database 11g transparent data encryption (TDE) with HSM, I understand that the following command is used to set the master encryption key. However, why does a user_Id have to be specified when the PKCS#11 library for the corresponding HSM only requires a PIN? SQL> ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "use...
I have looked through the whole set of "Oracle Database 11g Release 2 (11.2) Documentation" searching for the details of the master encryption key used for transparent data encryption (TDE) with HSM. There was only a single insignificant line out of the whole set of documentation that says it makes use of AES. What surprised me was that...
When you need to store sensitive data such as CCs or SSNs, do you: 1) Build your own encryption routine within the application, define a secret key somewhere in a config file, and then manually encrypt/decrypt data going to the database. 2) Push all the problem to the database, using the built in DB capabilities (I think most vendors c...