SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-29-2008, 04:27 AM
| ||||
| ||||
 Hiding Data Hi, I am intetrested to know if there is a way to hide the information in a specific column in my table. SQLServer 200. Something like a password protection were you only see *****. I have a DBA but want to hide salary information from him that is stored in the database. Any suggestions Thanks Elmo      |
|
02-29-2008, 04:27 AM
| |||
| |||
| Re: Hiding Data "elmo" <elmo@delphisure.com> wrote in message news:hvKdnVvTd7D5Dv_cRVn-tg@is.co.za... > Hi, > > I am intetrested to know if there is a way to hide the information in a > specific column in my table. SQLServer 200. Something like a password > protection were you only see *****. I have a DBA but want to hide salary > information from him that is stored in the database. > > Any suggestions > Thanks > Elmo > > This isn't possible - a member of the sysadmin role can access all data in all databases. You can encrypt/decrypt the sensitive information in your client application using whatever encryption API is available, then just store the encrypted value in the database table: http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=22 Simon |
|
02-29-2008, 04:28 AM
| ||||
| ||||
| Re: Hiding Data "Praim Sankar" <praimnath.sankar@cogeco.com> wrote in message news:329c4589.0410051245.41ad320b@posting.google.c om... >I have exactly the same issue. > Our security person wants an audit on all 'select' on 4 tables > containing sensitive data. > > Any idea how we can manage to do this??? One way would be to run a trace, filtered on object name and SELECT. Or there are commercial products for auditing purposes, such as this one (which I've never used): http://www.lumigent.com/products/entegra_sql.html However, it would be extremely difficult to prevent a determined administrator from viewing the data - he can disable auditing briefly, restore a backup to another server without auditing etc. So any technical solution needs a 'human' part too, ie. good staff, and a clear policy on data access. Simon |
Linear Mode
