0

I am developing an intranet application that contains a few connection strings in a database table with passwords (the previous developer did this - I know it is bad practice). The plan was to upgrade from SQL Server 2005 to SQL Server 2008, so I was going to wait for this and then use TDE (Transparent Data Encryption) as no changes are required to code even when the data is encrypted.

I have now discovered that we are not upgrading to SQL Server 2008. What other options do I have to minimise changes required to the application? I thought of using the encryption facility in the web.config but I believe a lot of changes will be required. What other options do I have? There are two client applications that connect to it i.e. VB6 and VB.NT.

4

1 回答 1

0

我能想到您可以采取的三种选择。首先是让您的系统管理员从活动目录提供服务帐户,授予与 sql 帐户相同的权限,然后在 IIS 应用程序池的高级设置中配置应用程序标识属性。然后,您将能够从配置字符串中删除用户名和密码,并将其替换为属性“trusted_connection=true”。

其次,您可以应用列级加密来加密存储在数据库中的连接字符串。无需对 Intranet 应用程序进行任何代码更改即可完成此操作。您将需要重命名表,使用包含函数decryptautokeybycert 的旧表名创建一个视图。我将在帖子末尾发布一个示例。

第三,您可以让 DBA 配置服务器以强制使用 SSL\TLS 加密所有连接。

use master
go
create database EncryptedData
go
use EncryptedData
create master key encryption by password='P@ssw0rd!'

create certificate KeyProtection with subject='Key Protection'

create symmetric key ColumnKey 
    with algorithm=AES_256 
    encryption by certificate KeyProtection

create table SecretMessages(Ciphertext varbinary(4000))
go
create view dbo.MessageRecords 
as
select 
    cast(DECRYPTBYKEYAUTOCERT( cert_id('KeyProtection'), null,Ciphertext) as varchar(max)) MessageRecord
from dbo.SecretMessages
go 

open symmetric key ColumnKey decryption by certificate KeyProtection

insert into SecretMessages(Ciphertext) values (ENCRYPTBYKEY(key_guid('ColumnKey'),'Hello world 1'))
insert into SecretMessages(Ciphertext) values (ENCRYPTBYKEY(key_guid('ColumnKey'),'Hello world 2'))
insert into SecretMessages(Ciphertext) values (ENCRYPTBYKEY(key_guid('ColumnKey'),'Hello world 3'))
insert into SecretMessages(Ciphertext) values (ENCRYPTBYKEY(key_guid('ColumnKey'),'Hello world 4'))
insert into SecretMessages(Ciphertext) values (ENCRYPTBYKEY(key_guid('ColumnKey'),'Hello world 5'))
close symmetric key ColumnKey


select * from MessageRecords
于 2016-07-22T23:20:50.413 回答