I'm new to database encryption. We have a requirement to encrypt some columns in various tables which show sensitive information. The problem we have is, the data should not be seen by anyone with access to the database or its certificate and symmetric keys (not even dbas), and only some users of the application which query the data in the database should see the information.
So we have come up with this:
- 1 symmetric key created for each table with encrypted columns
all the keys protected by a certificate, and stored procedures accessing these certificates are now defined with:
OPEN SYMMETRIC KEY Key_SalaryTable DECRYPTION BY CERTIFICATE SystemCertificate WITH PASSWORD = 'password';
(which means the password for the certificate which is used to open the Key_SalaryTable is hardcoded into the stored procedure)
But there is a problem, any database administrator can just view the stored procedure or call the stored procedure directly to know how to open the key to view the salary table
Even if we restrict each user's access to the stored procedure, a dba can easily override that and extract information before setting the restrictions back again and no one will know the information has been compromised.
Does anyone have a better solution?
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 够拽才男人 的文章《SQL Server: how to limit access to encrypted colum》','https://www.manongdao.com/article-920878.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}