我们已经开发了一个应用程序,现在我们想要保护(加密\散列)数据库中的表列(MS SQL Server 2008)。这几列就像密码,信用卡号码,SSN等。MS SQL Server:确保列级别数据的安全
它是Java(1.5)基于应用程序,我们没有使用任何api的喜欢休眠。一切都从零开始。
我想以这样一种方式来保护这些数据,即对任何读者都无用。有人可以请教如何做到这一点(最佳实践),并在性能方面有什么缺点?
这可以在数据库级完成(我不是在谈论整个数据库加密)?
感谢
SQL服务器加密内置这里是我的书采取了一些示例代码有关安全性(SQL Server 2012的安全性食谱):
USE marketing ;
-- create the database master key
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'a very strong password';
-- a sample table
CREATE TABLE dbo.Customer (
CustomerId int NOT NULL IDENTITY(1,1) PRIMARY KEY,
Firstname varchar(50) NOT NULL,
Lastname varchar(50) NOT NULL,
CreditCardInfo varbinary(2000) NOT NULL
)
-- a certificate to protect the encryption key
CREATE CERTIFICATE KeyProtectionCert
WITH SUBJECT = 'to protect symmetric encryption keys';
-- the symmetric encryption key
CREATE SYMMETRIC KEY CreditCardSKey
WITH ALGORITHM = AES_256,
KEY_SOURCE = '4frT-7FGHFDfTh98#6erZ3dq#«',
IDENTITY_VALUE = 'l·Fg{([email protected]&4efVql'
ENCRYPTION BY CERTIFICATE KeyProtectionCert;
-- using the encryption key
OPEN SYMMETRIC KEY CreditCardSKey
DECRYPTION BY CERTIFICATE KeyProtectionCert;
INSERT INTO dbo.Customer (Firstname, LastName, CreditCardInfo)
VALUES ('Jim', 'Murphy',
EncryptByKey(Key_Guid('CreditCardSKey'), '1111222233334444;12/13,456', 1, 'JimMurphy')
);
CLOSE SYMMETRIC KEY CreditCardSKey;
--To read the data and get back the original unencrypted data (the plaintext), we use the DecryptByKey() function:
OPEN SYMMETRIC KEY CreditCardSKey DECRYPTION BY CERTIFICATE KeyProtectionCert;
SELECT Firstname, Lastname,
CAST(DecryptByKey(CreditCardInfo, 1, Firstname + Lastname) as varchar(50))
FROM dbo.Customer;
CLOSE SYMMETRIC KEY CreditCardSKey;
-- or without opening it :
SELECT Firstname, Lastname,
CAST(DecryptByKeyAutoCert(CERT_ID('KeyProtectionCert'), NULL, CreditCardInfo, 1, Firstname + Lastname) as varchar(50))
FROM dbo.Customer;