January 2008 - Posts

SQL Server 2005: How to debug errors in code that does encryption

Encryption builtin functions in SQL Server have no known issues and, if used properly, they will produce the expected results. However, if they are used incorrectly, it can be hard to figure out what exactly is the problem, so in this post I am going Read More...

Posted 31 January 08 12:36 by lcris | 0 Comments   
Filed under SQL Server - cryptography, SQL Server, encryption

SQL Server 2005: A great post by Aaron Morton about using MARS to access opened keys

Aaron Morton has a very interesting post and demo that show how MARS can be used to access keys temporarily opened by a procedure. This is a must-read for anyone that is interested in implementing custom restrictions around the use of encryption keys. Read More...

Posted 17 January 08 10:20 by lcris | 0 Comments   
Filed under SQL Server - cryptography, SQL Server, encryption

SQL Server 2005: Why you should not encrypt data with certificates

I often recommended to only encrypt data in SQL Server using symmetric keys and to reserve the use of asymmetric encryption for protection of symmetric keys and for signing. In this post, I will go in more detail about why asymmetric encryption is not Read More...

Posted 11 January 08 12:44 by lcris | 0 Comments   
Filed under SQL Server - cryptography, SQL Server, encryption

SQL Server 2005: How to determine the size of a column that will hold encrypted data

This issue has been addressed before on forums, but with the heavy traffic, it can be hard to find the proper post. So, I'll provide some explanations here as well. Note: This article is written with symmetric encryption in mind, but the actual technique Read More...

Posted 11 January 08 11:05 by lcris | 0 Comments   
Filed under SQL Server - cryptography, SQL Server, encryption

Search

This Blog

• Home
• About

Tags

• announcements
• basic SQL Server security concepts
• bing
• computer security
• encryption
• Microsoft products
• search engines
• software engineering
• SQL Server
• SQL Server - cryptography
• SQL Server - general
• SQL Server - security

Archives

• October 2009 (3)
• August 2009 (2)
• July 2009 (1)
• June 2009 (1)
• August 2008 (2)
• June 2008 (1)
• May 2008 (1)
• April 2008 (1)
• March 2008 (1)
• February 2008 (5)
• January 2008 (4)
• November 2007 (2)
• October 2007 (4)
• September 2007 (3)
• July 2007 (1)
• April 2007 (2)
• March 2007 (1)
• February 2007 (2)
• December 2006 (1)
• November 2006 (1)
• October 2006 (3)
• July 2006 (2)
• May 2006 (1)
• April 2006 (2)
• March 2006 (2)
• January 2006 (1)
• December 2005 (5)
• October 2005 (3)
• September 2005 (5)
• July 2005 (1)
• June 2005 (4)

Security related links

• NSA Security Configuration Guides
• Bruce Schneier's blog
• Bruce Schneier's Crypto-Gram newsletter
• RISKS Digest

Software engineering links

• Motley says

SQL Server security links

• Raul Garcia's blog (SQL Server Security)
• SQL Server Security Team blog
• SQL Server Security forum on MSDN
• SQL Injection Watch List

Useful Microsoft links

• Product Feedback site
• Microsoft Technical Forums
• Security Vulnerabilities reporting site
• Security Development Lifecycle blog
• Secure Windows Initiative blog
• Microsoft Security Advisories

Syndication

• RSS 2.0
• Atom 1.0