| Author |
Topic |
|
khalik
Constraint Violating Yak Guru
443 Posts |
 Posted - 2003-03-14 : 06:03:54
|
| i have a app done in vb i need my data is be encryption so that i can only read the data... is there a way of doing it... i have image , nvarchar,int,bit ... datatypes in my tables.. a tip can do the rest wrongly post some where... sorry .......for it======================================Ask to your self before u ask someone |
|
|
samsekar
Constraint Violating Yak Guru
437 Posts |
Posted - 2003-03-14 : 06:35:23
|
| http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=24515Sekar~~~~Success is not a destination that you ever reach. Success is the quality of your journey. |
 |
|
|
khalik
Constraint Violating Yak Guru
443 Posts |
Posted - 2003-03-15 : 03:48:55
|
| thanks samsekar for the link i have done the search in the forum... i found not much sure infact the link say abt the password...i need to encrypt the data... i need to encrypt the image data alsosome help need...======================================Ask to your self before u ask someone |
|
|
|
mohdowais
Sheikh of Yak Knowledge
1456 Posts |
Posted - 2003-03-15 : 08:13:35
|
| Ok, obvious question here, but why do you want to encrypt all the data in a table? Isnt the native security provided by SQL Server adequate? Do some shady characters on your network have access to the SQL Server? Can you use other techniques such as denying SELECT permission on that table to all logins except the one used by your application. Since you are using a VB application, you could hard-code the username and password inside the application (not a very good idea, but much better than the choices we get with ASP)OS |
|
|
|
robvolk
Most Valuable Yak
15732 Posts |
Posted - 2003-03-15 : 08:50:54
|
| I agree 100% with mohdowais, you are far better off using proper security measures and permissions than encryption. Encryption adds the extra burdens of encrypting and decrypting data, and if you're worried that someone might be able to read a column, then your security is not adequate and encryption won't solve that problem anyway. |
|
|
|
khalik
Constraint Violating Yak Guru
443 Posts |
Posted - 2003-04-12 : 02:57:45
|
| thanks guys...my app is storing file in the database and in my app i have a feature by which the data can be exported and import option from and to access file this feature allow the user to copy a set of data by any change the user can copy the data and make few changes and get back and updat back my database.. which i want to avoid...the data in my database shd be access by only by my app no other app can access the data or understand...i hope i made it clear======================================Ask to your self before u ask someone |
|
|
|
aiken
Aged Yak Warrior
525 Posts |
Posted - 2003-04-12 : 14:26:57
|
mohdowais, robvolk: I can't speak for khalik's application, however I can say from first hand experience that there are times when the functional spec requires encryption. For instance, in order to get a credit card merchant account these days, you have to agree that any credit card numbers stored in a database will be stored in encrypted form.The idea is that security best practices are all well and good, but the impact of a security breach that exposes hundreds / thousands / hundreds of thousands of credit card numbers is dramatic enough that one extra step is mandated.Yes, 99% of the time, if there's a severe security breach, the intruder will be able to get the app source code and the key(s) necessary to decrypt the cc data. Regardless, if you're building a cc processing system today, it's just something you have to do. (Ask me how I know  ).FYI-bEdited by - aiken on 04/12/2003 14:27:38 |
|
|
|
robvolk
Most Valuable Yak
15732 Posts |
Posted - 2003-04-12 : 23:14:45
|
| I understand what you mean, but I don't think Khalik is just encrypting credit card numbers (image columns? bit columns? how do you encrypt a bit column anyway? why would you encrypt an image?) There was no clear need for encryption like the one you provided. If it's simply to encrypt data for no purpose other than to encrypt it, and without applying full security on top of that, then there's no point. If someone can come into your house and steal your computer, what difference does it make if the computer is locked with a password?The real issue here is to control access, and if that is access to files/file contents, then the best way to do that is to NOT store the files in the database, but rather AS FILES on a server somewhere. You can assert a great deal of control over file access that you cannot do if they are stored in the database itself. Take a look here for some more suggestions:http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=21839 |
|
|
|
mohdowais
Sheikh of Yak Knowledge
1456 Posts |
Posted - 2003-04-13 : 01:25:01
|
| khalik, now I dont even see what encryption has to do with your problem. If you are exporting data into an Access file, and you are afraid that somebody might change the data in that file, and import it back into the system, why not just disable the import function? Are you talking about encrypting the data in the Access file itself? Then, you might consider putting a password on the Access file, or making it read-only (which is a weak option).Or are you concerned that the user might simply use linked tables from Access or copy and paste the code into SQL Server? In that case you need to tighten the security of your server. I think this needs a little more explanation from your side.OS |
|
|
|
khalik
Constraint Violating Yak Guru
443 Posts |
Posted - 2003-04-23 : 02:12:02
|
| well mohdowais, robvolk and aiken thanks a lot and sorry i was not able put the problem clearly.... i will try again. According to design my App shares data from different clients.. the data is transform to a access file and then imported to the application. say a company has several branches. each branch data can be imported into the central database and can be exported for any reason. so disableing import/export is not acceptable. my requiment is that the data created in my app can only be read by my app. no other app can understand the data. u can say its security or by law that i need to encryption the data import and export to access is only a feature to share the data.. the design team has done there part i need some suggestion abt encryption it... guys please dont design the system i cannot help in it...======================================Ask to your self before u ask someone |
|
|
|
mohdowais
Sheikh of Yak Knowledge
1456 Posts |
Posted - 2003-04-23 : 09:29:02
|
| hmmm...khalik, have you considered putting a password on the Access file? The Jet Engine provides a way to secure an Access file by locking it with a password (this works independent of the operating system). So only your application can open the Access file, by providing the password in the Connection String it uses while connecting to the file. As for encryption, I dont think I can help you much with that...but the above idea is something to think about short of encryptionOS |
|
|
|
jsmith8858
Dr. Cross Join
7423 Posts |
Posted - 2003-04-23 : 10:12:53
|
| Access DOES have security, much like SQL sever's with users, groups, passwords, differnet levels for different DB objects (read, modify, design, select, update, etc).Read up on Access security. You will then need to distribute a Workgroup file (MDW) along with your MDB file and users will need to make sure that when they launch Access they launch it using the correct workgroup, which will require that they log in with a valid username and password.It's probably not perfect security, but it works and it is certainly not trivial (though probably possible) to hack into a secure Access DB.- Jeff |
|
|
|
|
table data encryption