0

We have a project where the client would like their SQLServer2008 database to be encrypted. I understand that it is possible with SQL server 2008 to easily encrypt the database, but I don't really know how. Can anybody help me with this ?

Also, once this database is encrypted, how can we connect to it ? I can't seem to find any way in the connection strings found in ConnectionStrings.com to enter any information about the encryption key. If we can't connect to the database once it's encrypted, there is no incentive to encrypt it...

Thanks

Improve this question

2 Answers 2

Reset to default
1

Full documentation on encrypting a SQL Server 2008 database is here: http://msdn.microsoft.com/en-us/library/cc278098(v=sql.100).aspx#_Toc189384672

In a nutshell, the encryption can be transparently achieved either through an internal "TDE" mechanism or through encryption of the underlying database files using either Windows EFS or Bitlocker. The article neatly discusses the pros and cons of each approach.

It also points out that you'll want to consider encrypting the communication between the client and the database server with HTTPS.

On the client side, you'd encrypt the connection string. Details on doing this in a configuration file for a .NET application are here: http://msdn.microsoft.com/en-us/library/ff647398.aspx.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I'll have to check that out. I rarely use configuration file as we developed a tool to read and write an xml file that is encrypted using our own format, but I guess we could remodel it so that we write to a 'normal' .net config file. Do you know if by any chance, encrypt database can be read by Access, as long as you have the encryption key that is.
As far as I know Access uses the same communication mechanism as a .NET application, so yes, it should be possible.
0

Do you know what it is that you want encrypted? You can encrypt stored procedures so that they can't be (accidentally) opened or modified by anyone looking at the database with SSMS. In that case, the procedures are still executable but you can't see the logic without decrypting them.

Looks like you can also encrypt data in SQL Server 2008, although I've not tried it myself. There is a ton of reading on Technet and MSDN around the subject which seems like it should be good background!

Improve this answer

1 Comment

As far as I know, the database itself would need to be encrypted. So unless you have the encryption key, you can't read the table, check the Stored Proc, or do anything at all...

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.