By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
457,864 Members | 1,242 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 457,864 IT Pros & Developers. It's quick & easy.

Encrypting mdf files

P: n/a
rsm
Hi,

We want to encrypt MS Sql Server data files - .mdf and .ldf with
logged in user certificate and make sure that MS Sql Server service
(running as Local System Account) can decrypt it.

Is it possible to encrypt data files with a certificate that resides
in logged in user's
cert store and also MS SQL Server Service 'service account's cert
store?

You can access 'service account's cert store through mmc -
>Certificates Snap-in -Service account
Thanks,
rsm
-------

Feb 16 '07 #1
Share this Question
Share on Google+
4 Replies


P: n/a
rsm (pr************@yahoo.com) writes:
We want to encrypt MS Sql Server data files - .mdf and .ldf with
logged in user certificate and make sure that MS Sql Server service
(running as Local System Account) can decrypt it.

Is it possible to encrypt data files with a certificate that resides
in logged in user's
cert store and also MS SQL Server Service 'service account's cert
store?
No.

If you are using SQL 2005, there are encryption routines builtin,
so that you encrypt some columns. Keep in mind that encrypting key
columns will have a very serious impact on performance.

--
Erland Sommarskog, SQL Server MVP, es****@sommarskog.se

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/pro...ads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinf...ons/books.mspx
Feb 16 '07 #2

P: n/a
On 16 Feb, 04:16, "rsm" <prakandapan...@yahoo.comwrote:
Hi,

We want to encrypt MS Sql Server data files - .mdf and .ldf with
logged in user certificate and make sure that MS Sql Server service
(running as Local System Account) can decrypt it.

Is it possible to encrypt data files with a certificate that resides
in logged in user's
cert store and also MS SQL Server Service 'service account's cert
store?
No. Assuming you are using SQL Server 2005 you should read the
encryption topics in Books Online.

It is in principle possible to encrypt every bit of user data in a
database, but I can't think of any good reasons for wanting to do that
- and there are many good reasons why NOT to do it. Could you explain
a bit more about your requirements.

--
David Portas, SQL Server MVP

Whenever possible please post enough code to reproduce your problem.
Including CREATE TABLE and INSERT statements usually helps.
State what version of SQL Server you are using and specify the content
of any error messages.

SQL Server Books Online:
http://msdn2.microsoft.com/library/m...S,SQL.90).aspx
--

Feb 19 '07 #3

P: n/a
rsm
We are using SQL Server 2000.

We are trying to provide an encryption solution for SQL Server
database. ldf and mdf files are some thing we want to encrypt.

Problem is that if we encrypt using user cert, we need to run SQL
Server service as that user which works fine until user changes his
password. In this case, we have to some how automatically change SQL
Server service 'run as' user password. I was wondering if there is a
way to install user cert as service cert so SQL Server can decrypt the
ldf files on its own.

Feb 22 '07 #4

P: n/a
"rsm" <pr************@yahoo.comwrote in message
news:11**********************@t69g2000cwt.googlegr oups.com...
We are using SQL Server 2000.

We are trying to provide an encryption solution for SQL Server
database. ldf and mdf files are some thing we want to encrypt.

Problem is that if we encrypt using user cert, we need to run SQL
Server service as that user which works fine until user changes his
password. In this case, we have to some how automatically change SQL
Server service 'run as' user password. I was wondering if there is a
way to install user cert as service cert so SQL Server can decrypt the
ldf files on its own.

There is no built-in encryption in SQL 2000, so I'm 99% sure the answer is
no.

Simple answer; the user SQL Server runs under shouldn't be changing its
password often and when it does, should go through a normal change
procedure.

--
Greg Moore
SQL Server DBA Consulting
sql (at) greenms.com http://www.greenms.com
Feb 22 '07 #5

This discussion thread is closed

Replies have been disabled for this discussion.