问题
I have a column "Amount" numeric(18,2) that I have made encrypted by using Encrypt Column wizard of SSMS v17. The column data is now encrypted.
However, I have a view that uses something like:
create SampleView
as
Select
*, Amount * Rate as TotalAmount
From
SampleTable
Where
Amount > 0
go
The column Rate is of type numeric(18,8).
I am unable to create this view. It gives data type incompatible error as one column is encrypted and the other side is plaintext. From various permutation I have tried, I see that the Where clause with > 0 is causing problem and also Amount*Rate in Select list is not working.
The error related to Amount*Rate is (I commented Where clause)
Operand type clash: numeric(18,2) encrypted with (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'SampleDB_CEK', column_encryption_key_database_name = 'SampleDB') is incompatible with numeric
The error related to Where Amount>0 is (I commented Amount*Rate in Select clause)
The data types numeric(18,2) encrypted with (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'SampleDB_CEK', column_encryption_key_database_name = 'SampleDB') and tinyint are incompatible in the greater than operator.
I tried these, but it didn't work as well:
Where Amount > cast(0 as numeric(18,2)
Select Amount * cast(Rate as numeric(18,2)
We cannot declare variables as it is view. And this view is getting used in many stored procedures.
Any ideas appreciated.
回答1:
Comparison and mathematical operations are not allowed in encrypted columns. Currently the only operation possible on encrypted columns is equality. The answer by bastos would not work because SQL Server does not have the key.
You might have to implement this logic in the client application.
From official documentation
Deterministic encryption always generates the same encrypted value for any given plain text value. Using deterministic encryption allows point lookups, equality joins, grouping and indexing on encrypted columns. However, but may also allow unauthorized users to guess information about encrypted values by examining patterns in the encrypted column, especially if there is a small set of possible encrypted values, such as True/False, or North/South/East/West region. Deterministic encryption must use a column collation with a binary2 sort order for character columns.
Randomized encryption uses a method that encrypts data in a less predictable manner. Randomized encryption is more secure, but prevents searching, grouping, indexing, and joining on encrypted columns.
来源:https://stackoverflow.com/questions/44182810/sql-server-2016-always-encrypted-comparison-and-calculated-expression-using-al