Encryption By Passphrase
May 16, 2006
I am investigating methods of encrypting data in a large number of databases. It seems to me that encrypting by passphrase would be optimum because it would prevent me from having to create all those database and symmetric keys on the various databases (there wil lbe dozens of them). Can anyone give me any advice as whether or not using encryption by passphrase is a good secure method of encrypting sensitive data in a large-scale production environment? I would most likely create a unique passphrase for each database and pass it to a stored procedure as an imput parameter.
Thanks,
Al
View 19 Replies
ADVERTISEMENT
Nov 9, 2006
Hi,
My school is runnnig SQL Server 2005 and i want to connect to it using authetication (userid & passphrase). As i coded the windows application i used localhost as my own computer and IntegratedSecurity shown below. I'm new in C# and SQL. I would appriciate if someone could help me out.
using System;
using System.Data;
using System.Data.SqlClient;
using System.Text;
namespace Personregister
{
class DBManager
{
SqlConnection conn;
SqlConnectionStringBuilder builder;
public DBManager()
{
builder = new SqlConnectionStringBuilder();
builder.DataSource="localhost";
builder.InitialCatalog = "Personregister";
builder.IntegratedSecurity = true;
conn = new SqlConnection(builder.ToString());
}
// more code fallows ......
}
}
Best Regards,
View 1 Replies
View Related
Mar 13, 2008
I have two tables - gift_cards and history - each related by a field called "card_number". This field is encrypted in the history table but not in the gift_cards table. Let's say the passphrase is 'mypassphrase'. The following query takes about 1 second to execute with a fairly large amount of data in both tables:
SELECT max([history].[date_of_wash]) AS LastUse
FROM gift_cards AS gc LEFT JOIN history
ON gc.card_number=CAST(DecryptByPassPhrase('mypassphrase', HISTORY.CARD_NUMBER) AS VARCHAR(50))
GROUP BY gc.card_number
When I use a declared variable to contain the passphrase, the same query takes over 40 seconds. For example,
declare @vchPassphrase as nvarchar(20)
select @vchPassphrase = 'mypassphrase'
SELECT max([history].[date_of_wash]) AS LastUse
FROM gift_cards AS gc LEFT JOIN history
ON gc.card_number=CAST(DecryptByPassPhrase(@vchPassphrase, HISTORY.CARD_NUMBER) AS VARCHAR(50))
GROUP BY gc.card_number
This query is part of a stored procedure and, for security reasons, I can't embed the passphrase in it. Can anyone explain the discrepancy between execution times and suggest a way to make the second query execute faster?
Thanks,
SJonesy
View 4 Replies
View Related
Oct 7, 2015
I have created two user defined functions for encryption and decryption using passphrase mechanism. When I call encryption function, each time I am getting the different values for the same input. While I searching a particular value, it takes long time to retrieve due to calling decryption function for each row.
best way to encrypt and decrypt using user defined functions.Below is the query which is taking long time.
SELECT ID FROM table WITH (NOLOCK)
WHERE dbo.DecodeFunction(column) = 'value'
When I try to use symetric or asymetric encryption, I am not able to put "OPEN SYMETRIC KEY" code in a function. So, I am using PassPhrase mechanism.
View 3 Replies
View Related
Aug 4, 2000
I was wondering if anyone out there knows if it is possible to encrypt a particular field in a table, or encrypt a whole table. The info would remain on my database and not be sent out anywhere, but I just want an extra level of security against anyone who might try to break into the database.
View 2 Replies
View Related
Feb 23, 2000
Is there a function that can encryp the data in a table(or certain column)?
So if the table or column was query the person would see something like " !#)&%^#@ ". suggestion are welcome.
Kevin
View 1 Replies
View Related
Jun 19, 2002
Hello,
Is there a way to encrypt the data ( I mean actual data stored
in a table)in a SQLServer.
I know how to encrypt procedures, views, Net-libraries ......
Please help!!!!
Thanks.
View 1 Replies
View Related
Aug 23, 2002
How to get the encryption of certain characters, such as '12345' or 'hello'. Is any function to take regular characters and return the encryption form of those characters?
Please help.
View 1 Replies
View Related
Nov 6, 2005
My client requested that the password field of a login table be encrypted using H5 Encryption. I've been searching throughout the net and MSDN for the function or procedure and can't find it. Does anybody know how?
View 1 Replies
View Related
Apr 23, 2008
I developed a small VB6 application VB6 that get data from SAP sql database
Now they want that the users logon to this small app using the same username & password that they used in SAP
I can read the users' table, I can get the username
But the password is encrypted
Probably with a Function
Anybody know how can I encrypt the typed password so I can compare with the saved password
I don't want to view or modify them, just compare with the password typed by the user
Thanks
JG
View 1 Replies
View Related
Jul 7, 2005
Hello,
I am needing to migrate an Access database to Sql Server
Express. This database will be distributed as part of a
VB 6 application. This database will have some of the
columns encrypted. My understanding is that SQL Server
Express supports encryption. We will need to be able to
run queries on encrypted data like this, with
LastName being an encrypted column in the database.
Select LastName from Account where LastName = 'Smith'
Select LastName from Account where LastName Like 'Sm%'
Update Account Set where LastName = sLastName
Can this be done using SQL Server 2005 Express and VB 6?
Thanks!
View 1 Replies
View Related
Apr 4, 2007
hi all,
ive download some application, but they encrypt their Stored Proc and some Views..
1.how to encrypt SP?
2.is it possible to decrypt whateva that encrypted?
~~~Focus on problem, not solution~~~
View 19 Replies
View Related
Oct 3, 2007
Hai
I am new to SQL server and working on Encryption.I just want to know whether it is better to encrpt a data in database or in the code itself.I want to encrypt a number and not a text.which one would u suggest RC4 algorithm or pwdencrypt..any one plz reply soon..
View 13 Replies
View Related
Oct 3, 2007
Hi. Im new to SQLserver. I need to encrypt a column of datatype decimal. Which is better RC4 Algorithm or PWDencrypt() and PWDcompare().
Sundaresan.R
View 5 Replies
View Related
Feb 28, 2008
how i can open encrypted stored procedure
View 3 Replies
View Related
Apr 12, 2007
Hi,
i was wondering if the whole table can be encrypted using MS SQL Server 2005. This at present can be done using third party softwares.
Performance won't be an issue.
Thanks and regards,
Chandrachurh
View 6 Replies
View Related
Jan 11, 2008
I am using server 2005 running on a windows server 2003 platform. I am trying to do field encryption using symmetric key implemented by the AES algorithm. I created an AES key and apparently it encrypts the data with no problem, however when I try to retrieve the data after decryption the field is always null. I tried using the same process while using the DES or RC2 algorithm and I could both encrypt and decrypt information, however it does not decrypt for any of the AES algorithm i.e. AES_128, AES_192 and AES_256. Attached is a simple query I used to test it.
create symmetric key CCardKeys
with algorithm = aes_192
encryption by password = 'P@s$w0rD'
open symmetric key CCardKeys
decryption by password = 'P@s$w0rD'
declare @Id varchar(50)
set @Id = encryptbykey(key_guid('CCardKeys'),'Test')
select convert(varchar(50),decryptbykey(@Id))
close symmetric key CCardKeys
Is there something I'm missing with AES.
Thanks for taking the time to help me.
View 3 Replies
View Related
Apr 19, 2007
Here is my goal please let me know if it is possible.
I have installed sql express on clients machines. I don't want them to be able to view the sp's or the functions. I would like to go as far as not allowing them to see the tables. I tried with encrption but this is still breakable by the user using the DAC.
Thanks
View 15 Replies
View Related
Mar 5, 2007
I have a user table with Fields:
UID, name, SSN, phone,address. I need to encrypt all the fields except UID. My company recently moved to sql server 2005 and I have to encrypt old data. We do perform query search based on username and SSN
I have very shallow knowledge of encryption and indexes. I did looked at one of the articles on encrypting data on existing application but could not understand the indexing part(:()
Do i have to define new fields with varbinary as datatype(for ssn, name,phone number) ? I am asking this because in the demo only ssn_index has varbinary and the ssn field is still nvarchar?
Any help will be appreciated.
Thanks,
K
View 11 Replies
View Related
Sep 4, 2006
I have tried to encrypt by certificate and by symmetric key. In all cases the decryption comes back as null. Any ideas why?
I have used the code from a learnin tree course and the encryption works OK. I have also added a grant to the certificate to the login
View 1 Replies
View Related
Apr 19, 2007
I am trying to create a encrypted row in my database Everything here worked except that when i run the final query to decrypt the data It just comes up with null for each row. Even if i do a query to show me the rows that are not null It's like it is saying yeah there is data here but I am only going to show you null instead of what I am supposed to decrypt.Here is what I tried from start to finish Create Certificate
TestCert
Encryption By Password = 'Password'
With Subject = 'SQLCert',
Expiry_Date = '12/01/2050';
declare @Test nvarchar(50)
set @Test='123456789'
insert into testenc (testencry)
Values
(encryptbyCert(Cert_ID('TestCert'),@Test ))
select convert (Nvarchar(50),
DecryptByCert(Cert_ID('TestCert'),
testencry,N'Password')) As Test
from testenc
View 2 Replies
View Related
Jul 20, 2007
i have to encrypt my data in sql2005 database using assymetric key encryption which i have done properly.But i have a doubt that while writing stored procedure i have to provide key information in it , that will be visible to everyone then whats the use of taht encryption. Can anyone tell me how can i write stored procedure without providing key information in it.
Divya
View 7 Replies
View Related
Aug 2, 2007
Hi,
i am trying to encrypt my database using dbEncrypt software.The encryption provides role based access ot the database.In that case developer can not call any stored procedure of that database. These two are conflicting things. Can anyone suggest me a way so that i can access the stored procedure through my code by checking the roles from the front end. is it possible??
Please reply soon.
View 1 Replies
View Related
Sep 12, 2007
Hi all Im used to work on mysql and in that Db you can call the password function to encrypt password, so that people browsing directly the db can't see others password.
What is the best way to do this in sqlserver ?
View 4 Replies
View Related
Apr 30, 2008
Does SQL Server 2005 not have a built in encryption function. I'm trying to INSERT and store passwords as an encrypted value in my table. Any help appreciated. Thanks.
View 1 Replies
View Related
Nov 29, 2003
Hello everyone,
i need an advice in encryption in sql server 2000
which is better, to encrypt the password in asp.net and send it to the sql server already encrypt it, or to encrypt the password in the sqlserver ???
and also does anybody know if there is a tutorial about security in sql server i can use to secure my application.
Kind Regards
Mahmoud Manasrah
View 1 Replies
View Related
May 29, 2001
Hi,
I have created a DTS package on my SQL 7.0 SP3 server which simply reads a table on another SQL 7.0 server and populates a local table with the information that has been read.
Whenever I try to execute the DTS package (via Run or scheduling it) I get the following error:
-------------------------------------------------------------------------
... DTSRun: Executing... DTSRun OnStart: Delete from Table [AfterSalesAccessories].[dbo].[model_derivative] Step DTSRun OnError: Delete from Table [AfterSalesAccessories].[dbo].[model_derivative] Step, Error = -2147217887 (80040E21) Error string: The property 'Use Encryption for Data' is not supported. Error source: Microsoft Data Transformation Services (DTS) Package
-------------------------------------------------------------------------
I have not selected the encryption option and can't see what I'm doing wrong.
Has anybone else seen this ? I've looked on Technet but no joy.
Thanks,
Tim
View 2 Replies
View Related
Jun 14, 2001
I am 99% sure SQL Server 7.0 cannot encrypt data in an individual column. Can anyone tell me whether I am right or wrong?
View 1 Replies
View Related
Jul 12, 2001
How do we Encrypt a field values of a table in SQL Server 7.0
Bye
Amar
View 1 Replies
View Related
May 3, 2000
Does anybody know how can I implement data encryption on the sql7.0 database?
I need to do this with some of the fields, like credit card number. My sql server acts as backend database server for IIS servers.
Your help is greatly appreciated!
Donald Ye
View 1 Replies
View Related
Sep 29, 2000
Hi,
In my SQL server 7.0, I have got 250 store procedures in each database.
Before using them for my application, I want to ecyption all.
I must add "WITH ENCRYPTION" string in each SP in all database and it'll take me a long time. Is there fastest way to encryption all SPs in all DBs? Have anyone got an utility SP ( or anyway else) to do this?
Thanks in advance.
View 1 Replies
View Related
Nov 7, 2001
Can someone tell me how to encrypt my sa password when using this in a
DTS package?
Thanks,
View 4 Replies
View Related
Feb 23, 2001
Hi,
I've recently started to get the following error on DTS packages that have been newly written and have been scheduled to run:
DTSRun: Loading... DTSRun: Executing... DTSRun OnStart: DTSStep_DTSExecuteSQLTask_1 DTSRun OnError: DTSStep_DTSExecuteSQLTask_1, Error = -2147217887 (80040E21) Error string: The property 'Use Encryption for Data' is not supported.
No passwords have been used to save the paskages nor am I aware of setting any encryption options.
I'm running SQL server 7.0 Sp3.
Any ideas
Thanks
Rob Walker
View 2 Replies
View Related