Tools to encrypt sql server database

Question

I don\'t want customers to be able to make backups of my sql server database and access the tables data etc.

I know there are some products that will encrypt the data in

Answer 1

Transparent Data Encryption will encrypt the database on disk, but is unencrypted in memory, so appropriate security would also be necessary to ensure unauthorised users cannot access the table. As it's an Enterprise-only feature, you can safely move away from it.

SQL Server 2005 and above have built-in encryption features - have a look at Books Online, and especially Chapter 5 - Encryption of Adam Machanic's Expert SQL Server 2005 Development book (technically, Lara Rubbelke wrote chapter 5 though).

Note that you'll only want to encrypt some columns - those that you'll never try to look up, as encrypted columns are pretty much useless for indexing. Adam Machanic's book suggests ways to solve this problem.

Answer 2

There is the 3rd party xp_crypt. It's been around for years. It's an extended stored proc (that is, DLL)

Answer 3

The problem with encrypting data inside the database is that as long as the database lives on the client's machine (as you indicated, they're running SQL 2008 Express, so I'm betting it lives on the client's desktops or laptops) then they can get into the data. They can set up security on the instance so that they have SA privileges, and from there, they can get the data, period. There's no way around that.

What you have to do is encrypt the data before it hits the database: encrypt it in your application. Inside the app, encrypt the data that you want to store in each sensitive field. As another poster indicated, you don't want to encrypt ID fields because those are used for indexing.

Answer 4

SQL Server 2008 supports database encryption natively. Check the documentation for Transparent Data Encryption (TDE).

Answer 5

Another solution for transparent SQL Server encryption is DbDefence Free for databases less than 77 MBs.

Answer 6

You can encrypt stored procedures, which can protect your logic.

TDE is available only Enterprise edition.

I can't find if it supports native sql encryption - but you could find this out with a little searching. But if it did you could probably set the database master key with your application and keep all of the decryption/encryption code in your application.

If it doesn't support native encryption, you might want to creat/find your own encryption functions in your application language and lock away the keys in your code.