Cryptography API for MS SQL Server

S

Sav

Hi,

I'm developing a software that makes a lot of access to a MS SQL
Server. All information in the data base is decrypted and encrypt upon
each read and write access -- this is causing a big overload of CPU in
my system. I'd like to implement something to make it faster so I
wondered if there is any MS SQL Server API that would make the
cryptography transparent for the application. Another solution would be
setting up an encrypted file system so I could unmount
the device when the application finishes. The last one is not optimal
though, since the encrypted device would have read access while
mounted.

So, I'd like to get some suggestions about tools, api's and probably
other better solutions. Any information would be of great help.

The software runs on Windows 2k, Windows XP, Windows 2k3, Windows NT
and probably would have to be ported to Vista.

thanks a lot in advance for any help,

s
 
T

TC

Sav said:
Hi,

I'm developing a software that makes a lot of access to a MS SQL
Server. All information in the data base is decrypted and encrypt upon
each read and write access -- this is causing a big overload of CPU in
my system. I'd like to implement something to make it faster so I
wondered if there is any MS SQL Server API that would make the
cryptography transparent for the application. Another solution would be
setting up an encrypted file system so I could unmount
the device when the application finishes. The last one is not optimal
though, since the encrypted device would have read access while
mounted.

So, I'd like to get some suggestions about tools, api's and probably
other better solutions. Any information would be of great help.

The software runs on Windows 2k, Windows XP, Windows 2k3, Windows NT
and probably would have to be ported to Vista.
Click to expand...

Maybe try here:
http://msdn.microsoft.com/msdnmag/issues/05/06/SQLServerSecurity/default.aspx

HTH,
TC (MVP MSAccess)
http://tc2.atspace.com
 
S

Simon Johnson

Sav said:
Hi,

I'm developing a software that makes a lot of access to a MS SQL
Server. All information in the data base is decrypted and encrypt upon
each read and write access -- this is causing a big overload of CPU in
my system.
Click to expand...

Do you need to encrypt at the row level? Do different rows have
different keys?
I'd like to implement something to make it faster so I
wondered if there is any MS SQL Server API that would make the
cryptography transparent for the application.
Click to expand...

Not natively I believe. If you're using SQL Server 2005 you could embed
an assembly in to the database. This assembly that could do the
encryption "closer" to the database and doing the encryption here would
probably allow greater throughput.
Another solution would be
setting up an encrypted file system so I could unmount
the device when the application finishes. The last one is not optimal
though, since the encrypted device would have read access while
mounted.
Click to expand...

By this do you mean that you worry that while the drive is open, some
other application could steal the database?

I'd personally modify something like Truecrypt so that only your
application can access the information. This is probably not for the
faint of heart.
So, I'd like to get some suggestions about tools, api's and probably
other better solutions. Any information would be of great help.
Click to expand...

I'd like to know more about your threat model. After all, assuming that
some user can enter and retrieve information, don't they already have
access to all the information anyway?

What assests are you trying to protect?

Simon
 
E

Erland Sommarskog

Sav said:
I'm developing a software that makes a lot of access to a MS SQL
Server. All information in the data base is decrypted and encrypt upon
each read and write access -- this is causing a big overload of CPU in
my system. I'd like to implement something to make it faster so I
wondered if there is any MS SQL Server API that would make the
cryptography transparent for the application.
Click to expand...

SQL Server 2005 has considerable additions in the encryption area, so
you can encrypt/decrypt in SQL Server. If you are using SQL 2000, you
should probably look into what SQL 2005 can give you.

But encryption of data, always means that things go slower. Not the least
if you encrypt everything, including the keys.



--
Erland Sommarskog, SQL Server MVP, (e-mail address removed)

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
 
T

TC

Simon said:
Sav wrote:


Not natively I believe. If you're using SQL Server 2005 you could embed
an assembly in to the database. This assembly that could do the
encryption "closer" to the database and doing the encryption here would
probably allow greater throughput.
Click to expand...

The reference that I cited describes various things that are
implemented natively; eg. managing keys, creating certificates,
encrypting & decrypting fields, & so on. Why would you need an external
assembly?

TC (MVP MSAccess)
http://tc2.atspace.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Managing MS SQL Server via MS Access 6
encrypted communication between Access and SQL Server 1
Encrypting privacy information in MS Access fields 1
MS Access and Sql Server 8
MBSA complains about SQL Server Authentication Mode / Can't Fix BC 0
MS Access 2010 Web Application with SQL server 0
Migration to SQL Server 3
Access and SQL Server 7

Top