Geek Answers Handbook

How to store sensitive information in SQL Server 2008?

I need to store some sensitive information in a table in SQL Server 2008. The data is a string, and I do not want it to be in humanoid format to anyone who accesses the database.

What I mean by confidential information is a database of dirty / dirty words. I need to make sure that they do not float in tables and SQL files. At the same time, I have to do operations like "=" and "how" in strings.

So far I can think of two options; will these work or what is the best option?

  • Save string (varchar) as binary data (BLOB)
  • Store in some encrypted format, for example, we usually use passwords.
+4
source share
2 answers

The third option, which may be most appropriate, is simply not to store these values ​​in a specific database at all. I would say that it is probably more convenient to store them in another place, since you are probably not going to join the table of sensitive words.

Otherwise, you probably want to use the Conrad Frix offer of SQL Server built-in encryption support.

The reason I say this is because you say that = = and LIKE should work with your data. When you use a string using hash-algo, for example SHA / MD5 / etc., the Results will not correspond to the semantics of the LIKE language.

If exact equality (=) is enough (that is, you really don't need to make LIKE requests), you can use the cryptographic function to protect the text. But keep in mind that a one-way hash function will prevent you from getting a list of "un-hashed" strings - if you need to do this, you need to use an encryption algorithm where decryption is possible, such as AES.

+2
source

If you use rot13 , you can still use = and LIKE. This also applies to any storage method other than the SQL database if it is important to prevent random / random submissions (including search engine indexing if the list is public).

+1
source

More articles:


All Articles