One of the neat things in SQL Server 2005 is the downgrading of the importance of users / humans.
Its no longer necessary to have a big stupid login with a big stupid password just to get an execution context or control ownership of objects, see this post for examples of both techniques.
This week I found [...]
Following on from my previous post I’ve created a procedure to read encrypted data using the same principles: Executing the procedure in the context of a least privilege user and elevating the permissions using code signing as follows.
create procedure sales_api.usp_getCCTrans with execute as ‘lpu_code_context’ as begin begin try [...]
I’ve spent the last week or two looking at the encryption features of SQL Server 2005 and finally think I have a handle on how to use it to keep data secure. Its not the encryption or decryption thats the issue, its securing access to the keys that requires the effort.
At the moment I’ve only [...]