I'm developing a software that makes a lot of access to a MS SQL
Server. All information in the data base is decrypted and encrypt upon
each read and write access -- this is causing a big overload of CPU in
my system. I'd like to implement something to make it faster so I
wondered if there is any MS SQL Server API that would make the
cryptography transparent for the application. Another solution would be
setting up an encrypted file system so I could unmount
the device when the application finishes. The last one is not optimal
though, since the encrypted device would have read access while
mounted.
So, I'd like to get some suggestions about tools, api's and probably
other better solutions. Any information would be of great help.
The software runs on Windows 2k, Windows XP, Windows 2k3, Windows NT
and probably would have to be ported to Vista.
thanks a lot in advance for any help,
sSav wrote:
Quote:
Originally Posted by
Hi,
>
I'm developing a software that makes a lot of access to a MS SQL
Server. All information in the data base is decrypted and encrypt upon
each read and write access -- this is causing a big overload of CPU in
my system. I'd like to implement something to make it faster so I
wondered if there is any MS SQL Server API that would make the
cryptography transparent for the application. Another solution would be
setting up an encrypted file system so I could unmount
the device when the application finishes. The last one is not optimal
though, since the encrypted device would have read access while
mounted.
>
So, I'd like to get some suggestions about tools, api's and probably
other better solutions. Any information would be of great help.
>
The software runs on Windows 2k, Windows XP, Windows 2k3, Windows NT
and probably would have to be ported to Vista.
Maybe try here:
http://msdn.microsoft.com/msdnmag/i...ty/default.aspx
HTH,
TC (MVP MSAccess)
http://tc2.atspace.com|||Sav wrote:
Quote:
Originally Posted by
Hi,
>
I'm developing a software that makes a lot of access to a MS SQL
Server. All information in the data base is decrypted and encrypt upon
each read and write access -- this is causing a big overload of CPU in
my system.
Do you need to encrypt at the row level? Do different rows have
different keys?
Quote:
Originally Posted by
I'd like to implement something to make it faster so I
wondered if there is any MS SQL Server API that would make the
cryptography transparent for the application.
Not natively I believe. If you're using SQL Server 2005 you could embed
an assembly in to the database. This assembly that could do the
encryption "closer" to the database and doing the encryption here would
probably allow greater throughput.
Quote:
Originally Posted by
Another solution would be
setting up an encrypted file system so I could unmount
the device when the application finishes. The last one is not optimal
though, since the encrypted device would have read access while
mounted.
By this do you mean that you worry that while the drive is open, some
other application could steal the database?
I'd personally modify something like Truecrypt so that only your
application can access the information. This is probably not for the
faint of heart.
Quote:
Originally Posted by
So, I'd like to get some suggestions about tools, api's and probably
other better solutions. Any information would be of great help.
I'd like to know more about your threat model. After all, assuming that
some user can enter and retrieve information, don't they already have
access to all the information anyway?
What assests are you trying to protect?
Simon|||Sav (sav.smb@.gmail.com) writes:
Quote:
Originally Posted by
I'm developing a software that makes a lot of access to a MS SQL
Server. All information in the data base is decrypted and encrypt upon
each read and write access -- this is causing a big overload of CPU in
my system. I'd like to implement something to make it faster so I
wondered if there is any MS SQL Server API that would make the
cryptography transparent for the application.
SQL Server 2005 has considerable additions in the encryption area, so
you can encrypt/decrypt in SQL Server. If you are using SQL 2000, you
should probably look into what SQL 2005 can give you.
But encryption of data, always means that things go slower. Not the least
if you encrypt everything, including the keys.
--
Erland Sommarskog, SQL Server MVP, esquel@.sommarskog.se
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/pr...oads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodin...ions/books.mspx|||Simon Johnson wrote:
Quote:
Originally Posted by
Sav wrote:
Quote:
Originally Posted by
Quote:
Originally Posted by
I'd like to implement something to make it faster so I
wondered if there is any MS SQL Server API that would make the
cryptography transparent for the application.
>
Not natively I believe. If you're using SQL Server 2005 you could embed
an assembly in to the database. This assembly that could do the
encryption "closer" to the database and doing the encryption here would
probably allow greater throughput.
The reference that I cited describes various things that are
implemented natively; eg. managing keys, creating certificates,
encrypting & decrypting fields, & so on. Why would you need an external
assembly?
TC (MVP MSAccess)
http://tc2.atspace.com|||You don't specify if you're using 4.21a, 6.0, 6.5, 7.0, SQL 2005 or SQL
2000. If SQL 2005, look into the built-in Transact-SQL encryption
functionality. If SQL 2000, look into this:
http://www.sqlservercentral.com/col...oolkitpart1.asp.
If SQL 7.0 or lower, upgrade ASAP.
"Sav" <sav.smb@.gmail.comwrote in message
news:1153412674.112270.128440@.i3g2000cwc.googlegro ups.com..
Quote:
Originally Posted by
Hi,
>
I'm developing a software that makes a lot of access to a MS SQL
Server. All information in the data base is decrypted and encrypt upon
each read and write access -- this is causing a big overload of CPU in
my system. I'd like to implement something to make it faster so I
wondered if there is any MS SQL Server API that would make the
cryptography transparent for the application. Another solution would be
setting up an encrypted file system so I could unmount
the device when the application finishes. The last one is not optimal
though, since the encrypted device would have read access while
mounted.
>
So, I'd like to get some suggestions about tools, api's and probably
other better solutions. Any information would be of great help.
>
The software runs on Windows 2k, Windows XP, Windows 2k3, Windows NT
and probably would have to be ported to Vista.
>
thanks a lot in advance for any help,
>
s
>
No comments:
Post a Comment