RE: Views
From: Mingqing Cheng [MSFT] (v-mingqc_at_online.microsoft.com)
Date: 10/07/04
- Next message: Tibor Karaszi: "Re: Locking in SQL Server"
- Previous message: Steve Kass: "Re: SQL query produces deferent results randomly!!!"
- In reply to: Justin Drennan: "Views"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 07 Oct 2004 09:15:16 GMT
Hi Justin,
>From your descriptions and explanation clarifying this issue. I understood
you would like to encrypt data prevent it from being hacked and you still
want a better performance. You concerns are security of your data and its
transfer. Have I understood you? Correct me if I was wrong.
First of all, you must understand that SQL Server 2000 does not support
database data encryption as such. There are
some third party products available doing so. Use google.com to find more
detailed descriptions for those tools. ( BTW, SQL Server 2005 will have
column-level encryption :-)
Here is the link, with which you could get more basic information about SQL
Server encryption issues.
SQLSecurity FAQ
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=22
Secondly, it would be recommended that using your client ppplication
finishing encryption and decryption instead of letting SQL Server do it,
which will also make a big contribution to the performance of SQL Server.
If you are in fear of sniffering in the network, you could use the
following method in the KB below to enhance the security.
How to establish and enforce encrypted multiprotocol connections in SQL
Server 2000
http://support.microsoft.com/?id=841695
Thirdly, here are some documents for preventing yourself from possible SQL
Injections
Injection Protection
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsqlmag04/
html/InjectionProtection.asp
Stop SQL Injection Attacks Before They Stop You
http://msdn.microsoft.com/msdnmag/issues/04/09/SQLInjection/default.aspx
Chapter 18 - Securing Your Database Server
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/ht
ml/THCMCh18.asp
Last but not the least, please keep the step upgrading to the latest
patches for SQL Server 2000 as we will fix the possible critical weakness
for SQL Server. For example, here are the latest Security Patches for SQL
Server
SQL Server 2000 (32-bit) Security Patch MS03-031
http://www.microsoft.com/downloads/details.aspx?FamilyID=9814ae9d-bd44-40c5-
add3-b8c99618e68d&DisplayLang=en
SQL Server 2000 (64-bit) Security Patch MS03-031
http://www.microsoft.com/downloads/details.aspx?FamilyID=72336508-057a-4e86-
8f2e-cb1bd3a6a44b&DisplayLang=en
Thank you for your patience and corperation. If you have any questions or
concerns, don't hesitate to let me know. We are here to be of assistance!
Sincerely yours,
Mingqing Cheng
Online Partner Support Specialist
Partner Support Group
Microsoft Global Technical Support Center
---------------------------------------------------------------
Introduction to Yukon! - http://www.microsoft.com/sql/yukon
This posting is provided "as is" with no warranties and confers no rights.
Please reply to newsgroups only, many thanks!
This document contains references to a third party World Wide Web site.
Microsoft is providing this information as a convenience to you. Microsoft
does not control these sites and has not tested any software or information
found on these sites; therefore, Microsoft cannot make any representations
regarding the quality, safety, or suitability of any software or
information found there. There are inherent dangers in the use of any
software found on the Internet, and Microsoft cautions you to make sure
that you completely understand the risk before retrieving any software from
the Internet.
- Next message: Tibor Karaszi: "Re: Locking in SQL Server"
- Previous message: Steve Kass: "Re: SQL query produces deferent results randomly!!!"
- In reply to: Justin Drennan: "Views"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
