SQL database encryption and examples (rpm)

Others 2019-09-27 14:16:34 views: null

SQL database encryption and examples

December 12, 2016 09:50:22 number 9366 read more
Category Column: VSphere Vcenter
 

 From 2005 provides data encryption and decryption database level. This is achieved mainly in the following:

1, by using CONVERT to change the encoding:

Using this function to convert data into text or VARBINARY. But this way does not have the ability to protect data, prevent data only view of the process can be seen in the role of sensitive data directly.

2, using a symmetric key:

With EncryptByKey data encryption. Use DecryptByKey decrypt function. It's more suitable for large amounts of data. Because of the less symmetric key resource-intensive process.

3, the use of asymmetric keys:

With EncryptByAsymKey data encryption. Use DecryptByAsymKey decrypt function. Higher level of security for encryption and decryption of data. Because the consumption of resources called more.

4, the use of vouchers way:

EncryptByCert DecryptByCert with encryption and decryption functions. Comparative similar asymmetric key.

5, using the passphrase way:

With EncryptBypassPhrase encryption, decryption function using DecryptByPassPhrase. You can use a meaningful phrase or other data lines, as encryption, decryption key, more suitable for general data encryption and decryption.

 

Case:

1, Convert ways:

[sql]  view plain  copy
 
  1. a)  USE tempdb  
  2. b)  GO  
  3. c)  CREATETABLE d)      (  
  4. e)        userID INT f)        userName VARCHAR g)        userSalary FLOAT h)        cyberalary NVARCHAR(MAX i)      ) ;  
  5. j)    
  6. k)   INSERT INTO l) (user name, userSalary)  
  7. m)   the VALUES 'taici' n-) (  'Hailong' O) (  'Meiyuan' P)   --ALTER TABLE Test Q)   --add userNewSalary VARBINARY (512) R & lt)   - uses the conversion function to convert data into varbinary, change the encoding the way. S)   the SELECT T)           the CONVERT U)   the FROM V)   - to convert data int, and can restore the original encoding W)   the SELECT X)           CONVERTINT Y)   the FROM2, the symmetric key:
[sql]  view plain  copy
 
  1. - Create a symmetric key b) USE AdventureWorks  
  2. c)  GO  
  3. d)  CREATEKEY e)  WITHBYPASSWORD'P@ssw0rd' f)  GO  
  4. G)   - Note: When enabled, you need to OPEN SYMMETRIC KEY key with password, otherwise the resulting data will be the null value. And requires a function used Key_GUID H)   - Open the symmetric key I)   the OPEN KEY BY PASSWORD'P ssw0rd @ ' J)   - Data Encryption K)   the SELECT ' SymKey123'CONVERTVARCHARmax L)   the FROM m)    
  5. n-)   - After checking the length of the encrypted using DATALENGTH () function O)   the SELECT 'SymKey123'CONVERTVARCHARMAX P)   the FROM Q) the GO  
  6. R & lt)   - the updated encrypted data on another column of the original S)   the UPDATE T)   the SET 'SymKey123'CONVERTVARCHARmax U)   - decryption: the decryption process also requires OPEN SYMMETRIC KEY, and the need to use DECRYPTBYKEY CONVERT functions and V)   the OPEN KEY BY PASSWORD'P ssw0rd @ ' W)    
  7. x)  SELECTCONVERTVARCHARMAXCONVERTVARCHARMAX y)  FROM3, asymmetric key:
    [sql]  view plain  copy
     
    1. - asymmetric key using two different keys, the encryption is not needed to enter the pin, but it is necessary to decrypt b) USE AdventureWorks  
    2. c)  GO  
    3. d)  CREATEKEYWITHBYPASSWORD'P@ssw0rd' e)  GO  
    4. f)    
    5. G)   - Add a new data column stores an encrypted H)   the ALTER TABLE the ADD MAX I) the GO  
    6. J)   - encrypting K)   the SELECT 'AsymKey123'CONVERTVARCHARMAX L)   the FROM m) the GO  
    7. n)    
    8. O)   - the update data to a new column P)   the UPDATE Q)   the SET 'AsymKey123'CONVERTVARCHARMAX R & lt)    
    9. s)    
    10. t)  SELECT--addressline3 u)  FROM v)    
    11. W)   - decryption: this process must be used to decrypt the password, here to the same type of encryption, such as when using varchar encryption, and here it is not a nvarchar decrypted. X)   the SELECT the TOP CONVERTVARCHARMAXCONVERT VARCHARMAX 'AsymKey123''P @ ssw0rd' the AS Y)   the FROM4, certificate encryption:
      [sql]  view plain  copy
       
      1. - Certificate Encryption: Firstly certificate (Certificate) B)   the CREATE - certificate name C) the ENCRYPTION  BY PASSWORD'P ssw0rd @ ' - Password D)   the WITH ' the Address Certificate '- certificate described E) = START_DATE ' 2012/06 / 18 '- certificate commencement F) EXPIRY_DATE = ' 2013/06/18 ' - certificate expiry date g) GO  
      2. H)   - encrypted using a certificate I)   the SELECT 'certKey123'CONVERT VARCHARMAX J)   the FROM K)        
      3. L)   - Add a new row to store the encrypted data m)   the ALTER TABLE the ADD MAX n-)    
      4. O)   - encrypted data into the new column P)   the UPDATE Q)   the SET 'certKey123'CONVERT VARCHARMAX R & lt)    
      5. s)  --解密 t)  SELECTCONVERTVARCHARMAXCONVERTVARCHARMAX'certKey123''P@ssw0rd' u)  FROM5, encryption phrase:
        [sql]  view plain  copy
         
        1. - the phrase Encryption: The process is simple, just use EncryptByPassPhrase function, the use of the phrase encryption, data referenced navigation can not be changed, otherwise the decryption fails. B)   the SELECT 'P @ ssw0rd'CONVERT C)   the FROM D)    
        2. E)   - Add a new row to store data, note, ENCRYPTBYPASSPHRASE function returns VARBINARY type F)   the ALTER TABLE the ADD G)    
        3. H)   - The data update process using P @ ssw0rd and data lines as AddressID passphrase i)    
        4. j)  UPDATE k)  SET'P@ssw0rd'CONVERT l)    
        5. m)  SELECTFROMSecond problem: how to protect the database object definitions, to avoid excessive exposure to the occurrence of sensitive information?

                 General protective measures is subject to the encrypted using WITH ENCRYPTION when you create an object, so you can not view the definition. But the problem is that it became a problem for maintenance, backup and restore when it is part of the object will be lost.

                 One solution is to put the object definition statement extended attributes [] to save, this can solve the above problem.

          Below is an example  copy

           
           

           

           

          1. - 1, establishing an encrypted stored procedures  
          2. USE AdventureWorks  
          3. GO  
          4. CREATE PROC test  
          5.     WITH ENCRYPTION  
          6. AS   
          7.     SELECT  SUSER_SNAME() ,  
          8.             USER_NAME()  
          9. GO  
          10. --2, removing the contents of the above definition, the phrase using encryption with an encryption function EncryptByPassPhrase, then with sys.sp_addextendedproperty stored procedure, specify a name extension.  
          11. USE AdventureWorks  
          12. GO  
          13. DECLARE @sql VARCHAR(MAX)  
          14. SET @sql = 'CREATE PROC Test WITH ENCRYPTION AS SELECT suer_sname(),user_name() GO'  
          15.   
          16. --3, converted to encrypted content data type sql_variant  
          17. DECLARE @bsql SQL_VARIANT  
          18. SET @bsql = ( SELECT    CONVERT(SQL_VARIANT, ENCRYPTBYPASSPHRASE('P@ssw0rd',  
          19.                                                               CONVERT(VARCHAR(MAX), @sql)))  
          20.             )  
          21.   
          22. --4, added to the extended attribute specifies the stored procedure:  
          23. EXEC sys.sp_addextendedproperty @name = N'test定义', @value = N'System.Byte[]',  
          24.     @level0type = N'SCHEMA', @level0name = N'dbo', @level1type = N'PROCEDURE',  
          25.     @level1name = N'test'  
          26. GO  
          27. @ Sys.sp_addextendedproperty EXEC name = N 'Code Contents'  
          28.     @value = N'CREATE PROC Test WITH ENCRYPTION AS SELECT suer_sname(),user_name() GO',  
          29.     @level0type = N'SCHEMA', @level0name = N'dbo', @level1type = N'PROCEDURE',  
          30.     @level1name = N'test'  
          31. GO  
          32.   
          33. --5, reduction  
          34. DECLARE @pwd VARCHAR(100)= 'P@ssw0rd'  
          35. - passphrase  
          36.   
          37. DECLARE @proc VARCHAR(100)= 'test'  
          38. - stored procedure name  
          39.   
          40. @ExName NVARCHAR the DECLARE (100) =  "Code Contents'  
          41. - extended attribute name  
          42.   
          43.   
          44. - the results of the original query  
          45. SELECT  value  
          46. FROM    sys.all_objects AS sp  
          47.         INNER JOIN sys.extended_properties AS P ON P.major_id = sp.object_id  
          48.                                                    AND P.minor_id = 0  
          49.                                                    AND P.class = 1  
          50. WHERE   ( P.name = @exName )  
          51.         AND ( ( sp.type = N'p'  
          52.                 OR sp.type = N'rf'  
          53.                 OR sp.type = 'pc'  
          54.               )  
          55.               AND ( sp.name = @proc  
          56.                     AND SCHEMA_NAME(sp.schema_id) = N'dbo'  
          57.                   )  
          58.             )  

Guess you like

Origin www.cnblogs.com/LiZhongZhongY/p/11595719.html
Recommended
微软回应中国区AI团队“打包赴美”传闻
Ranking
How to use ChatGPT to write 100,000+ hot articles for public accounts (includes prompt words)
sudo echo command execution Permission denied
ADO: Using Transactions to Operate Oracle Database
[Java] [Class and Object] equals, hashCode, clone methods
Linux virtual host function
Порт управления rabbitmq открыт
on,where
jQuery WeUI
How can there be a weed pilot in Hangzhou?
tcp / ip model four
Daily
More
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)

Code World

© 2018 codetd.com