In the classic asymmetric encryption tiered-server scenario, the front-end (or middle tier) application would have...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
access to the public key and use this to encrypt the data. Then, a second system (presumably more secure) would have access to the private key for accessing this data (such as the SSN info). In this way, if the front end was compromised and the data was extracted from the database, the data would be useless without the private key. Since it does not exist on the front end nor the database, the attacker would still need to find this "secure" server with the private key in order to access the data.
Dig Deeper on SQL Server Security
Related Q&A from Steven Andres
Learn how to set a SQL Server password to an SA login and why you can not set this account for access to separate SQL Server databases.continue reading
When encrypting SQL tables that have joins in SQL Server 2000, learn about possible problems that may arise with different data values in those ...continue reading
Get the code to connect SQL Server version 7.0 to Visual Basic 6.0.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.