Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
kishoreg
Starting Member
11 Posts |
 Posted - 2010-01-28 : 03:57:43
|
| Hi,I have a database in sql server and i encrypted it using TDE. Now i restored the encrypted database in client system using certificates & keys. here the data can be scene by client in sqlserver.Now my question is how can i hide the actual data in client system's database. In column level the column data is encrypted, so he can't see. Like that how can we do in TDE |
|
|
GilaMonster
Master Smack Fu Yak Hacker
4507 Posts |
Posted - 2010-01-28 : 04:13:49
|
| TDE only protects the data at rest. So it's only there to prevent backups being stolen and restored elsewhere or the file copied and attached elsewhere. The data is encrypted on disk and decrypted in memory. Hence the reason it's called Transparent database encryption.If you want to encrypt values so that people cannot see them when they query the DB, you need column encryption.--Gail ShawSQL Server MVP |
 |
|
|
kishoreg
Starting Member
11 Posts |
Posted - 2010-01-28 : 04:24:39
|
| Is there any chance that client can backup the database with some other commands or with any other.....? |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2010-01-28 : 06:19:52
|
| I reckon so. They could just export the data, table by table, using ordinary select commands .... e.g. BCP |
|
|
|
GilaMonster
Master Smack Fu Yak Hacker
4507 Posts |
Posted - 2010-01-28 : 06:56:42
|
quote:
Originally posted by kishoreg
Is there any chance that client can backup the database with some other commands or with any other.....?
Backup, no. SQL backups will also be encrypted. If they have access to the DB then they can export whatever portions they have access to.TDE is for securing data at rest, ie data on the disk. Backups and the data files themselves. It is not intended as a complete protection against any illegal access. For that you need to include appropriate permissions, data access via stored procedure and column encryption as appropriate.--Gail ShawSQL Server MVP |
|
|
|
|
|
|
Database Encryption