我们已经开发了一个应用程序,现在我们想要保护(加密\哈希)数据库中的表列( MS SQL Server 2008 )。这几列就像密码,信用卡号,SSN等。
基于 Java (1.5)的应用程序,我们没有使用像hibernate这样的api。一切都是从零开始做的。
我希望以这样一种方式保护这些数据,使其对任何阅读它的人都没用。有人可以建议如何做(最佳实践)以及在性能方面有哪些缺点?
这可以在数据库级别完成(我不是在谈论整个数据库加密)?
由于
答案 0 :(得分:1)
SQL Server内置了加密。以下是我的书中有关安全性的一些示例代码(SQL Server 2012安全手册):
USE marketing ;
-- create the database master key
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'a very strong password';
-- a sample table
CREATE TABLE dbo.Customer (
CustomerId int NOT NULL IDENTITY(1,1) PRIMARY KEY,
Firstname varchar(50) NOT NULL,
Lastname varchar(50) NOT NULL,
CreditCardInfo varbinary(2000) NOT NULL
)
-- a certificate to protect the encryption key
CREATE CERTIFICATE KeyProtectionCert
WITH SUBJECT = 'to protect symmetric encryption keys';
-- the symmetric encryption key
CREATE SYMMETRIC KEY CreditCardSKey
WITH ALGORITHM = AES_256,
KEY_SOURCE = '4frT-7FGHFDfTh98#6erZ3dq#«',
IDENTITY_VALUE = 'l·Fg{(ZEfd@23fz4fqeRHY&4efVql'
ENCRYPTION BY CERTIFICATE KeyProtectionCert;
-- using the encryption key
OPEN SYMMETRIC KEY CreditCardSKey
DECRYPTION BY CERTIFICATE KeyProtectionCert;
INSERT INTO dbo.Customer (Firstname, LastName, CreditCardInfo)
VALUES ('Jim', 'Murphy',
EncryptByKey(Key_Guid('CreditCardSKey'), '1111222233334444;12/13,456', 1, 'JimMurphy')
);
CLOSE SYMMETRIC KEY CreditCardSKey;
--To read the data and get back the original unencrypted data (the plaintext), we use the DecryptByKey() function:
OPEN SYMMETRIC KEY CreditCardSKey DECRYPTION BY CERTIFICATE KeyProtectionCert;
SELECT Firstname, Lastname,
CAST(DecryptByKey(CreditCardInfo, 1, Firstname + Lastname) as varchar(50))
FROM dbo.Customer;
CLOSE SYMMETRIC KEY CreditCardSKey;
-- or without opening it :
SELECT Firstname, Lastname,
CAST(DecryptByKeyAutoCert(CERT_ID('KeyProtectionCert'), NULL, CreditCardInfo, 1, Firstname + Lastname) as varchar(50))
FROM dbo.Customer;