如何加密SQL Server 2008数据库

时间:2021-11-27 08:33:30

I have a database which currently is using by my application. I dodn't want to change anything in my application CORE. But I want to encrypt DATA and INFORMATION in which stored or is storing in database.

我的应用程序正在使用一个数据库。我不想改变我的应用程序核心中的任何东西。但我想加密存储或存储在数据库中的数据和信息。

SQL Server 2008 (or 2008 R2) should have an internal mechanism to encrypt and decrypt information which given and taken to application.

SQL Server 2008(或2008 R2)应该有一个内部机制来加密和解密提供给应用程序的信息。

How to get it to work? Encryption is needed for all of the fields in Database, numerics, strings, booleans, datetimes, etc.

如何让它工作?数据库、数字、字符串、布尔值、日期等所有字段都需要加密。

Any help is appriciated

任何帮助都是感激

5 个解决方案

#1


3  

If you want cell level Encryption you should do it yourself (using Triggers or any other wayes) if you want Encrypt Database file you can use Transparent Data Encryption (TDE)

如果你想加密单元级加密你应该自己做(使用触发器或其他任何方式)如果你想加密数据库文件你可以使用透明数据加密(TDE)

#2


2  

SQL 2008 has TDE or, Total Database Encryption. This encrypts the entire database and is transparent to any users of the database. The details of how to go about it can be found in these two Microsoft articles:

SQL 2008有TDE或,完全的数据库加密。这将对整个数据库进行加密,并且对数据库的任何用户都是透明的。关于如何着手的细节可以在这两篇微软的文章中找到:

http://msdn.microsoft.com/en-us/library/cc278098%28v=sql.100%29.aspx

http://msdn.microsoft.com/en-us/library/cc278098%28v=sql.100%29.aspx

http://msdn.microsoft.com/en-us/library/bb934049.aspx

http://msdn.microsoft.com/en-us/library/bb934049.aspx

#3


0  

You may substitute your real table with a VIEW add INSTEAD OF INSERT and INSTEAD OF UPDATE triggers, create several User Defined Functions. You'd probably need to modify your application slightly.

您可以使用视图添加代替实际的表,而不是插入,而不是更新触发器,创建几个用户定义的函数。您可能需要稍微修改一下您的应用程序。

Instead of that, consider using encryption on file level with schema protection. Such tools like DbDefence available in free edition for small databases and very moderate price for mid-size databases.

相反,可以考虑在文件级别上使用带有模式保护的加密。像DbDefence这样的工具对于小型数据库是免费的,而对于中型数据库则是非常适中的价格。

#4


0  

If you really encrypt everything by field, you will lose advantage with indexing and going to have enormous performance degradation.

如果真的按字段加密所有内容,那么索引将失去优势,性能将严重下降。

Free option: place database files on encrypted partition. This however will play no difference for DBA of course. He will be able to select as it would un-encrypted database.

免费选项:将数据库文件放在加密分区上。当然,这对DBA没有什么影响。他将能够选择,因为它将是未加密的数据库。

There is an inexpensive solution similar to Microsoft TDE called DbDefence (yes, I'm associated with that company)

有一种类似于微软TDE的廉价解决方案叫做DbDefence(是的,我和那家公司有关联)

As you might know, Microsoft is going to implement new encryption feature in SQL Server 2016 called "Always Encrypted". DbDefence has been using that method for SQL Servers since version 2005. It is really effective and you would not need to change anything in the application.

您可能知道,微软将在SQL Server 2016中实现新的加密功能,名为“始终加密”。自2005年版以来,DbDefence一直在SQL服务器上使用这种方法。它非常有效,您不需要在应用程序中更改任何内容。

#5


0  

Transparent Data Encryption (TDE)

透明数据加密(语音)

Transparent Data Encryption (TDE) is a technology developed by both Microsoft and Oracle to encrypt database files. It offers file level encryption and protects data at rest by encrypting databases both on the hard drive and backup media. It does not protect Data in transit or Data in use.

透明数据加密(TDE)是微软和甲骨文共同开发的一种加密数据库文件的技术。它提供了文件级别的加密,并通过对硬盘和备份媒体上的数据库进行加密来保护静止的数据。它不保护传输中的数据或使用中的数据。

The encryption will be completely transparent to the applications that access the database. It encrypts the data in the database's data file (.mdf) and log file (.ldf) using Advanced Encryption Standard or Triple DES encryption.

加密对于访问数据库的应用程序是完全透明的。它使用高级加密标准或三重DES加密对数据库数据文件(.mdf)和日志文件(.ldf)中的数据进行加密。

The same key can be used to encrypt all the columns in a table, regardless of the number of columns in the table that is to be encrypted. The database server master key provides encryption to these encryption keys and are stored in a dictionary table in the database.

可以使用相同的密钥加密表中的所有列,而不考虑要加密的表中的列的数量。数据库服务器主密钥为这些加密密钥提供加密,并存储在数据库中的dictionary表中。

For more info please refer the link How to implement TDE encrytion on SQL Server

有关更多信息,请参考如何在SQL Server上实现TDE加密的链接

#1


3  

If you want cell level Encryption you should do it yourself (using Triggers or any other wayes) if you want Encrypt Database file you can use Transparent Data Encryption (TDE)

如果你想加密单元级加密你应该自己做(使用触发器或其他任何方式)如果你想加密数据库文件你可以使用透明数据加密(TDE)

#2


2  

SQL 2008 has TDE or, Total Database Encryption. This encrypts the entire database and is transparent to any users of the database. The details of how to go about it can be found in these two Microsoft articles:

SQL 2008有TDE或,完全的数据库加密。这将对整个数据库进行加密,并且对数据库的任何用户都是透明的。关于如何着手的细节可以在这两篇微软的文章中找到:

http://msdn.microsoft.com/en-us/library/cc278098%28v=sql.100%29.aspx

http://msdn.microsoft.com/en-us/library/cc278098%28v=sql.100%29.aspx

http://msdn.microsoft.com/en-us/library/bb934049.aspx

http://msdn.microsoft.com/en-us/library/bb934049.aspx

#3


0  

You may substitute your real table with a VIEW add INSTEAD OF INSERT and INSTEAD OF UPDATE triggers, create several User Defined Functions. You'd probably need to modify your application slightly.

您可以使用视图添加代替实际的表,而不是插入,而不是更新触发器,创建几个用户定义的函数。您可能需要稍微修改一下您的应用程序。

Instead of that, consider using encryption on file level with schema protection. Such tools like DbDefence available in free edition for small databases and very moderate price for mid-size databases.

相反,可以考虑在文件级别上使用带有模式保护的加密。像DbDefence这样的工具对于小型数据库是免费的,而对于中型数据库则是非常适中的价格。

#4


0  

If you really encrypt everything by field, you will lose advantage with indexing and going to have enormous performance degradation.

如果真的按字段加密所有内容,那么索引将失去优势,性能将严重下降。

Free option: place database files on encrypted partition. This however will play no difference for DBA of course. He will be able to select as it would un-encrypted database.

免费选项:将数据库文件放在加密分区上。当然,这对DBA没有什么影响。他将能够选择,因为它将是未加密的数据库。

There is an inexpensive solution similar to Microsoft TDE called DbDefence (yes, I'm associated with that company)

有一种类似于微软TDE的廉价解决方案叫做DbDefence(是的,我和那家公司有关联)

As you might know, Microsoft is going to implement new encryption feature in SQL Server 2016 called "Always Encrypted". DbDefence has been using that method for SQL Servers since version 2005. It is really effective and you would not need to change anything in the application.

您可能知道,微软将在SQL Server 2016中实现新的加密功能,名为“始终加密”。自2005年版以来,DbDefence一直在SQL服务器上使用这种方法。它非常有效,您不需要在应用程序中更改任何内容。

#5


0  

Transparent Data Encryption (TDE)

透明数据加密(语音)

Transparent Data Encryption (TDE) is a technology developed by both Microsoft and Oracle to encrypt database files. It offers file level encryption and protects data at rest by encrypting databases both on the hard drive and backup media. It does not protect Data in transit or Data in use.

透明数据加密(TDE)是微软和甲骨文共同开发的一种加密数据库文件的技术。它提供了文件级别的加密,并通过对硬盘和备份媒体上的数据库进行加密来保护静止的数据。它不保护传输中的数据或使用中的数据。

The encryption will be completely transparent to the applications that access the database. It encrypts the data in the database's data file (.mdf) and log file (.ldf) using Advanced Encryption Standard or Triple DES encryption.

加密对于访问数据库的应用程序是完全透明的。它使用高级加密标准或三重DES加密对数据库数据文件(.mdf)和日志文件(.ldf)中的数据进行加密。

The same key can be used to encrypt all the columns in a table, regardless of the number of columns in the table that is to be encrypted. The database server master key provides encryption to these encryption keys and are stored in a dictionary table in the database.

可以使用相同的密钥加密表中的所有列,而不考虑要加密的表中的列的数量。数据库服务器主密钥为这些加密密钥提供加密,并存储在数据库中的dictionary表中。

For more info please refer the link How to implement TDE encrytion on SQL Server

有关更多信息,请参考如何在SQL Server上实现TDE加密的链接