Protect sensitive information from the DBA in SQL

2020-02-29 18:34发布

问题:

Our client need to encrypt the MOSS content database so the content db should not be able to view by DBA or unauthorized people without the right encryption key. Seem the Transparent Data Encryption (TDE) in SQL Server 2008 cannot protect the sensitive information from DBA cause TDE is designed to protect data 'at rest'. Does anyone here faced this problem?

回答1:

It seems to me that a requirement to have sensitive data in a database is to trust the database admin.

Even if you could encrypt the data in a manner the dba isn't able to see it, he could sniff the connection where you pass the key (or the data!) or set up triggers to capture the data before encryption in case the scheme would allow that.

In short, getting a trusted DBA is an easier and better solution.



回答2:

If you can't trust the DBA, you can't trust the database itself. Your application should only communicate encrypted data to the database server.

Having said that, there is also the administrator of the server that runs your application. Encrypting your way out of trusting him will be next to impossible.

Agree with Vinko here, get a DBA you can trust, or who can pass the screening.



回答3:

Same problem here...

We are an mssql database hosting company, i can say for us it's not the question, trust the DBA or not. Our clients are banks, and insurance companies, Their requirements are: "the DBA can't read the database", because it contains very sensitive datas.

Currently we are looking for a solution.



回答4:

There is no way to do it so that the data would still be usable within DB.

You can do it so that the data is usable outside of DB. Simply encrypt it before CRUD operations with some method.

There are ways to do it "reasonably" harder for DBA to access the data, f.ex. you can store the key as inline data in sqlclr functions, but the binary code for them is still accessible by DBA. However this means replicating the key around, synchronizing and it pretty much thwarts effective security.



回答5:

Trust the DBAs?! Technically, if we allow a DBA to control security without any restriction, the whole system becomes vulnerable because if the DBA is compromised, the security of the whole system is compromised, which would be a disaster.



回答6:

Encrypting data at application level is way to go. you would need to store keys where DBA can't access it.

This is tried and tested solution nothing new.