question

PeterH avatar image
PeterH asked

What is best way to handle data encryption for data-at-rest in SQL Server/2008

I'm revising my original question based on the answer I rec'd below.

Assume for following that connection is secure.

  1. My table is shared by multiple customers and contains BLOB fields that need to be encrypted.

  2. The table contains a field "CustomerID" to identify the customer.

  3. I am using ASP.NET to insert records into the table. User supplies a password (encryption key) on the fly which is not stored. Each customer has their own password/key.

  4. Is it faster/better to use crypto namespace in .net and encrypt BLOB before transport? Or is it faster/better to use symemtric "Encrypt by Passphrase" functions in SQL/Server 2008 within INSERT statement? If so, why so? Or assuming it's on the same server makes no difference?

I have the same issue when decrypting on a SELECT statement -- can either use SQL/Server for this of .Net.

sql-server-2008security
10 |1200 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

0 Answers

· Write an Answer

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.