Encryption in SQL Server 2005

vbkris · Jul 5, 2006

hi,

my doubt is regarding protecting the password given to a key in SQL Server 2005. The password must be given in clear text format when decrypting the data.

How does one go about doing it?

In my current application I have to use ONLY SPs. therefore i am forced to pass the password as a parameter to the SP (so that encryption and decryption can happen).

This info is clearly getting recorded in the profiler!

What is the best way to go about doing this?

Known is handfull, Unknown is worldfull

vbkris · Jul 9, 2006

one more thing, the one user whose account we are using can hack into it right? any ideas there? let me look into the avenues here...

Known is handfull, Unknown is worldfull

mrdenny · Jul 10, 2006

Application roles, but this would require the developer to have access to the production application role password.

If you are using keys brute force still applies.

Denny
MCSA (2003) / MCDBA (SQL 2000) / MCTS (SQL 2005) / MCITP Database Administrator (SQL 2005)

--Anything is possible. All it takes is a little research. (Me)
[noevil]

http://www.mrdenny.com

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Encryption in SQL Server 2005

vbkris

Programmer

vbkris

Programmer

mrdenny

Programmer

Similar threads

Part and Inventory Search

Sponsor