Following on from my previous post I’ve created a procedure to read encrypted data using the same principles: Executing the procedure in the context of a least privilege user and elevating the permissions using code signing as follows.
create procedure sales_api.usp_getCCTrans with execute as ‘lpu_code_context’ as begin begin try [...]
I’ve spent the last week or two looking at the encryption features of SQL Server 2005 and finally think I have a handle on how to use it to keep data secure. Its not the encryption or decryption thats the issue, its securing access to the keys that requires the effort.
At the moment I’ve only [...]
The CREATE SYMMETRIC KEY statement in MS SQL 2005 allows for session temporary keys to be created by prefixing the name with ‘#’, the same as session temporary tables. After I read this I spent a couple of days wondering why this would be useful, after all the EncryptByPassPhrase function is there and does a [...]