Hi jmh-ga,
What you are looking for is actually called a stored procedure in the
SQL Server 2000 environment. The idea behind stored procedures is that
they can be called upon during another operation (such as a trigger
definition in your case).
A company called Communications Horizons seems to have just the
procedures that you are looking for - they call it the NetLib
Encryptionizer API. Here is the description they have on their
website:
"You can perform dynamic column encryption in views, procedures and
triggers in SQL Server or MSDE (Microsoft Database Engine) with our
easy-to-use APIs. They are implemented as Extended Stored Procedures,
Stored Procedures, and User Defined Functions (UDF). These APIs extend
the functionality of Encryptionizer alone. They can be used in
addition to, or instead of whole-database encryption.
The primary use for the APIs is to apply column-level or table-level
encryption. However, there are many other uses. For example, you can
use them to encrypt miscellaneous non-database files on the server,
such as document and text files. You can use them to create encrypted
packets to transmit over the internet or WAN (the receiver must also
be using Encryptionizer for SQL Server or Encryptionizer DE). Yet
another use is to impose multiple passwords (e.g., use one password
for MDF files, another password for encrypting columns)."
http://www.netlib.com/sql_api.htm
There is also a diagram-aided description of how the APIs actually
work. Although they don't state whether or not their algorithms are
3DES, it seems very thorough:
http://www.netlib.com/sql_api_work.htm
Want a comparison of this product to Microsoft's Encrypted File
System? They've got that available as well:
http://www.netlib.com/sec_efs.htm
There is also a fairly in-depth discussion of how this product
protects credit card information. Of course the actual algorithm is
not provided :)
http://www.netlib.com/visa_cisp3.htm
As far as pricing is concerned, they don't give that information on
the website, but they do mention that several schemes are available
based on:
Per server
Per PC
Per site
Per company
EZ OEM (no reporting)
There is also a free 30 day evaluation so you can try it out:
http://www.netlib.com/sec_eval.htm
If you haven't made a decision already, here is a set of stored
procedures designed to provide encryption capability using various
encryption algorithms. Although it is geared towards T-SQL
(transact-SQL), it will work just as well under a SQL Server 2000
environment. This is a free product:
http://www.planet-source-code.com/xq/ASP/txtCodeId.536/lngWid.5/qx/vb/scripts/ShowCode.htm
(there are no breaks in this URL...take it as one line if it doesn't
display correctly)
Although you are increasing the security around your data by providing
some sort of encryption, it is important to realize that this does not
make your data completely secure. This message thread points out
several of the vulnerabilities present when using stored procedures:
http://cert.uni-stuttgart.de/archive/bugtraq/2001/12/msg00194.html
So it is also important that your server that is holding the DBMS be
physically secure, and that any information passing through it via a
network should be secured as well.
IF you have any problems understanding any of the above information
please feel free to post a clarification and I will respond promptly.
Cheers!
answerguru-ga |
