Is Always Encrypted method Encrypts data's the before moving(inserting into) Azure Database

时间秒杀一切 提交于 2020-01-07 03:18:05

问题


I'm Just figuring is there any way to Encrypt the data before transmitting into the Azure SQL.

Actually I've developed a Azure Web App. I've have a requirement to encrypt the data's into Azure SQL DB in the App Server itself.

I can find some reference to encrypt the data's in AzureDB like Always Encryption , Symmetric Keys

But all the references leads to encrypt the Data's with in the SQL Server (In other words, the data's would be transmitting as a plain text from App Server to SQL server(through a Insert Query) then the Encryption would be takes place in the SQL Server)

So, I've want to make sure my data's should be encrypt before sending to the Sql Server.

This will ensures no attackers/hackers have no way to hack my data's through the transmission

UPDATE

I've already implemented the SSL Security which Secures the transmission between the UI and App Server. But here i want to secure the transmission between the App Server and Azure SQL Server

Look this Diagram for clear understanding:


回答1:


Always Encrypted feature in SQL server is a client side encryption technology, meaning it will encrypt the data in the driver of your client application. This means the data will be encrypted on the network between the client and SQL server, it is encrypted in the memory of SQL server and it is encrypted on disk. If implemented correctly, it can also protect the data from an intruder that gains admin privileges on SQL server (basically you will have to ensure that the encryption key is not stored on SQL Server and the intruder cannot get access to the encryption keys in any manner). I explain how to do this and the security guaranty provided by Always Encrypted here, in some detail. However, since SQL server cannot decrypt the data, there are some limitations on what operations you can perform on encrypted data. You can read more about those limitations here. You can learn more about always encrypted here.




回答2:


Encrypting your data in transit should be handled by SSL/TLS.

See: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-security-overview

Emphasis mine:

All connections to Azure SQL Database require encryption (SSL/TLS) at all times while data is "in transit" to and from the database. In your application's connection string, you must specify parameters to encrypt the connection and not to trust the server certificate (this is done for you if you copy your connection string out of the Azure Classic Portal), otherwise the connection will not verify the identity of the server and will be susceptible to "man-in-the-middle" attacks. For the ADO.NET driver, for instance, these connection string parameters are Encrypt=True and TrustServerCertificate=False.



来源:https://stackoverflow.com/questions/45040300/is-always-encrypted-method-encrypts-datas-the-before-movinginserting-into-azu

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!