Re: Secure data in SQL Server 2005 Mobile Edition
- From: "Ginny Caughey [MVP]" <ginny.caughey.online@xxxxxxxxxxxxxx>
- Date: Fri, 3 Aug 2007 07:05:56 -0400
Here's one link: http://www.pluralsight.com/blogs/jimw/archive/2007/07/31/48117.aspx
I'm expecting a Microsoft blog post too. Note that AES128 is on SSC 3.5 databases running on devices such as WM 5 and WM 6 that support it. SSC 3.5 is availaable as a beta now and is included with VS 2008 beta 2.
--
Ginny
"AimlessZombie" <AimlessZombie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:226DD937-A4EB-42B0-824D-B965B4B8B06A@xxxxxxxxxxxxxxxx
Hi Ginny,
Any luck on any links so far? Thanks in advance.
"Ginny Caughey [MVP]" wrote:
It turns out that the algorithm used depends on the version of SQL Compact
and also what platform it's running on as not all platforms capable of
running SQLce support the same encryption. I should have a link for you in a
few days.
--
Ginny
"AimlessZombie" <AimlessZombie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A3FDD5F1-5A27-4282-A607-D5D4D958AB5D@xxxxxxxxxxxxxxxx
> Yes, we just copied the file over.
>
> We tried again without checking the encrypt option and the error no > longer
> occurs. But we have a few burning questions:
>
> 1. Without checking the option, how can the database be encrypted with
> just
> the password?
>
> 2. What is the difference between encryption with and without the > encrypt
> option?
>
> 3. As it is customer's requirement to have AES-128, it is important > that
> we
> know what the encryption algorithm is. We have tried looking up
> information
> on this to no avail. Is there any way you could kindly help us on this
> (maybe
> by providing us some references or contacts)? Would greatly appreciate > it
> if
> possible.
>
> Thanks.
>
>
> "Ginny Caughey [MVP]" wrote:
>
>> You just copied the sdf file from the desktop to the device, right? >> Does
>> the
>> password have any accented characters in it or anything like that? One
>> other
>> thing to try is not checking the encrypt option - the database still >> gets
>> encrypted if you provide a password.
>>
>> I don't know which encryption algorithm is used for SQL Compact but >> I've
>> been told it's 128-bit.
>>
>> -- >> Ginny
>>
>>
>> "AimlessZombie" <AimlessZombie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
>> message
>> news:D9FE095C-A3F3-494C-B022-482C9254C29B@xxxxxxxxxxxxxxxx
>> > Hi,
>> >
>> > We have decided to go ahead with encrypted the entire database for >> > now,
>> > thus
>> > I am trying to encrypt a database on SQL Server 2005 on a desktop >> > and
>> > replicate this database on SQL Server Mobile Edition on a mobile
>> > device.
>> >
>> > I followed the "How to: Secure a Database (SQL Server Management
>> > Studio)"
>> > topic in the SQL Server 2005 Mobile Edition Books Online to set a
>> > password
>> > for my database connection string and checked the encrypt option. >> > But
>> > when
>> > I
>> > tried to access the database on the mobile device by opening a
>> > sqlceconnection, I got the following error:
>> >
>> > The specified password does not match the database password.
>> >
>> > I have ensured that my connection string is correct with the correct
>> > data
>> > source and correct password. I have even tried changing passwords >> > but I
>> > still
>> > got the same error.
>> >
>> > 1. Is this the correct way of encrypting a database? Am I doing >> > wrong
>> > or
>> > missing anything?
>> >
>> > 2. What is the encryption algorithm used by SQL Server Management
>> > Studio
>> > when the encrypt option is chosen?
>> >
>> > Thanks for the help.
>> >
>> > "Ginny Caughey [MVP]" wrote:
>> >
>> >> The size is the same whether it's encrypted or not. I used the
>> >> Northwind
>> >> database for my tests but the larger AdventureWorks one might also
>> >> make
>> >> an
>> >> interesting test.
>> >>
>> >> I think the best way to get answers for your specific case would be >> >> to
>> >> build
>> >> encrypted and non-encrypted databases with the schema you need and >> >> run
>> >> a
>> >> few
>> >> simple tests for yourself. Frankly the reason I didn't spend more >> >> time
>> >> doing
>> >> thorough testing was that I think if you need encryption, then you
>> >> neeed
>> >> it
>> >> and whatever the perf hit, well that's the price you pay. Still I >> >> was
>> >> pleased to find the hit was a small one in my tests.
>> >>
>> >> -- >> >> Ginny
>> >>
>> >>
>> >> "AimlessZombie" <AimlessZombie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
>> >> message
>> >> news:2B849C1A-0785-4C8B-BD52-9DFDB4359A80@xxxxxxxxxxxxxxxx
>> >> > What about the database size?
>> >> >
>> >> > "Ginny Caughey [MVP]" wrote:
>> >> >
>> >> >> I didn't test it with different schemas. The hit on the device >> >> >> was
>> >> >> between
>> >> >> 8-10% for most operations. On the desktop it was barely >> >> >> measurable.
>> >> >>
>> >> >> -- >> >> >> Ginny
>> >> >>
>> >> >>
>> >> >> "AimlessZombie" <AimlessZombie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote >> >> >> in
>> >> >> message
>> >> >> news:428B5E6D-B41C-428A-BC94-9BF040568FDE@xxxxxxxxxxxxxxxx
>> >> >> > Thanks for your reply.
>> >> >> >
>> >> >> > Not exactly that I wanted a more complicated encryption, but i
>> >> >> > was
>> >> >> > worried
>> >> >> > about the performance hit for encrypting the whole database.
>> >> >> >
>> >> >> > Can I ask what is the size of the database you tested with? >> >> >> > Also,
>> >> >> > would
>> >> >> > the
>> >> >> > performance hit be affected by the database schema?
>> >> >> >
>> >> >> > "Ginny Caughey [MVP]" wrote:
>> >> >> >
>> >> >> >> Encryption in SQL Mobile is at the database level only. In my
>> >> >> >> testing
>> >> >> >> the
>> >> >> >> performance hit for using encryption is quite low, and using >> >> >> >> an
>> >> >> >> encrypted
>> >> >> >> database is as easy as providing a password in the connection
>> >> >> >> string,
>> >> >> >> so
>> >> >> >> I'm
>> >> >> >> not sure why you'd want something more complicated than that.
>> >> >> >>
>> >> >> >> -- >> >> >> >> Ginny
>> >> >> >>
>> >> >> >>
>> >> >> >> "AimlessZombie" <AimlessZombie@xxxxxxxxxxxxxxxxxxxxxxxxx> >> >> >> >> wrote
>> >> >> >> in
>> >> >> >> message
>> >> >> >> news:721B8943-84FA-41DF-8AFB-633C0A85F1DA@xxxxxxxxxxxxxxxx
>> >> >> >> >I understand that it is possible to encrypt a database in >> >> >> >> >SQL
>> >> >> >> >Server
>> >> >> >> >2005
>> >> >> >> > Mobile Edition. But I do not want to encrypt the entire
>> >> >> >> > database.
>> >> >> >> > Instead
>> >> >> >> > I
>> >> >> >> > just want to encrypt only selected data in the database.
>> >> >> >> >
>> >> >> >> > Can this be done in Mobile Edition? If yes, how to do it >> >> >> >> > and
>> >> >> >> > is
>> >> >> >> > there
>> >> >> >> > any
>> >> >> >> > reference sites?
>> >> >> >> >
>> >> >> >> > Many thanks.
>> >> >> >>
>> >> >>
>> >>
>>
.
- Follow-Ups:
- Re: Secure data in SQL Server 2005 Mobile Edition
- From: AimlessZombie
- Re: Secure data in SQL Server 2005 Mobile Edition
- References:
- Re: Secure data in SQL Server 2005 Mobile Edition
- From: AimlessZombie
- Re: Secure data in SQL Server 2005 Mobile Edition
- Prev by Date: Re: Upgrading from cf v1 to v2 merge replication problem.
- Next by Date: Re: New to Merge/Replication
- Previous by thread: Re: Secure data in SQL Server 2005 Mobile Edition
- Next by thread: Re: Secure data in SQL Server 2005 Mobile Edition
- Index(es):
Relevant Pages
|
