Home > Ask the SQL Server Experts > Archive: Security Questions & Answers > Could a join of encrypted SQL Server data have a problem?
Ask The SQL Server Expert: Questions & Answers
EMAIL THIS

Could a join of encrypted SQL Server data have a problem?

Steven Andres EXPERT RESPONSE FROM: Steven Andres

Pose a Question
Other SQL Server Categories
Meet all SQL Server Experts
Become an Expert for this site


Expert advice on database administration
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 31 December 2007
We are in the process of encrypting various pieces of sensitive information in our SQL Server 2000 tables. For many fields, we are using Blowfish 448 encryption and a concern has arisen about inline SQL statements that contain joins in our ASP scripts. Have you run across any scenarios where there's been a problem with a join of encrypted data? Could there ever be an instance where the encrypted field (encrypted by Blowfish) in one table would be different from the field in another table given the same initial string, which upon executing the join would cause the join to fail?

To be clearer, here is a quick example:

Table A has an encrypted account number column. Table B also has an encrypted account number column (same data). If we have a SQL statement that performs a join on the account number columns in the two tables, is there any possibility that the join will fail because the Blowfish encryption somehow yielded a different value?

>
From what you have described, it does not appear that there should be any issues with the join. If you are using symmetric encryption with the same key (passphrase), the resultant ciphertext should be identical. It would also help to check with the manufacturer of the encryption tool (I don't know if you're using SQL Server 2005 for this or one of the fine third party encryption products).

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



RELATED CONTENT
SQL Server Security
Meet compliance requirements with improved database security practices
Hardening the network and OS for SQL Server security
Securing the server and database in SQL Server
SQL Server security made simple and sensible
Blog: Protect your databases from the internal threat
Setting up SQL Server Service Broker for secure communication
The keys to database backup protection for SQL Server
Understanding transparent data encryption in SQL Server 2008
The fine line between not encrypting your databases and breach notification
Securing SQL Server with access control, login monitoring and DDL triggers

Archive: Security
Creating a SQL Server user authentication schema
SQL Server connection lost when SA password is changed
Code to connect SQL Server 7.0 to Visual Basic 6.0
How to set SQL Server password for SA login
Creating a login in SQL Server 2000 Enterprise Manager
Set SQL Server password on database in version 7.0
Solve SQL Server permissions and authentication problems
Create username and password for new SQL Server database
Recover password in SQL Server 2000
Protect against SQL Injection by whitelisting

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
data corruption  (SearchSQLServer.com)
data hiding  (SearchSQLServer.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



SQL Solutions - SQL Database Design
HomeNewsTopicsITKnowledge ExchangeTipsAsk the ExpertsMultimediaWhite PapersIT Downloads
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2005 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts