Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
Author |
Topic |
snowbunny
Starting Member
5 Posts |
Posted - 2009-08-26 : 12:54:24
|
Hi,I need to encrypt the data in a database to protect as a last line of defence. I'm looking at the different methods of using symmetric and asymmetric methods. However, what I would like to know is, is there any way of protecting this data even from myself, the demon dev?Basically, the database will be containing customers' sensitive information and no-one, except the customer themselves, and including the dev team, should be able to read it.Thanks for your guidance. |
|
YellowBug
Aged Yak Warrior
616 Posts |
Posted - 2009-08-30 : 10:14:14
|
Why does the dev team need access to the production data? Do they also do support?One option, is to create separate support accounts for each member of the dev team. This account is only enabled on request (from some approved persons / process).And then only active for 24 hours (or some fixed period). This way the access is controlled and limited.Also you can enable auditing - so there is a record of what was changed when and by whom.Obviously, the best method would be to not permission developers in production - but you know that. |
|
|
snowbunny
Starting Member
5 Posts |
Posted - 2009-08-30 : 14:21:57
|
Hullo there,Basically, we are a small company, I am a partner and the main dev. It's easy enough to secure the data from the rest of the team, I agree, but in an ideal world, no-one, except the end client, would have access to the data. Not even myself. It's a data protection issue... not because I am untrustworthy (ask my mom), but because no-one should *have* to trust me.Cheers! |
|
|
|
|
|
|
|