|
|
SQL Server 2008引入透明數據加密(Transparent Data Encryption),即TDE,它允許你完全無需修改應用程序代碼而對整個數據庫加密。當一個用戶數據庫可用且已啟用TDE時,在寫入到磁盤時在頁級實現加密。在數據頁讀入內存時解密。如果數據庫文件或數據庫備份被盜,沒有用來加密的原始證書將無法訪問。這幾乎是SQL Server2008安全選項中最激動人心的功能了,有了它,我們至少可以將一些初級的惡意窺視拒之見外。
下面的兩個例子將展示如何啟用和維護透明數據加密。
示例一、啟用透明加密(TDE)
/********************TDE**************** 3w@live.cn ****************/USE Master
GO
--------刪除舊主密鑰**********************3w@live.cn
--------Drop master Key
--------go
--創建主密鑰**********************3w@live.cn
Create MASTER KEY ENCRYPTION
BY PASSWORD = 'B19ACE32-AB68-4589-81AE-010E9092FC6B'
GO
--創建證書,用于透明數據加密**********************3w@live.cn
CREATE CERTIFICATE TDE_Server_Certificate
WITH SUBJECT = 'Server-level cert for TDE'
GO
USE DB_Encrypt_Demo
GO
--第一步:現在開始透明加密**********************3w@live.cn
CREATE DATABASE ENCRYPTION KEY--創建數據庫加密密鑰
WITH ALGORITHM = TRIPLE_DES_3KEY--加密方式
ENCRYPTION BY SERVER CERTIFICATE TDE_Server_Certificate--使用服務器級證書加密
GO
/*
Warning: The certificate used for encrypting the database encryption key
has not been backed up.
You should immediately back up the certificate and the private key
associated with the certificate.
If the certificate ever becomes unavailable or
if you must restore or attach the database on another server,
you must have backups of both the certificate and the private key
or you will not be able to open the database.
*/
--第二步:打開加密開關**********************3w@live.cn
ALTER DATABASE DB_Encrypt_Demo
SET ENCRYPTION ON
GO
--查看數據庫是否加密
SELECT is_encrypted
FROM sys.databases
WHERE name = 'DB_Encrypt_Demo'
it知識庫:SQL Server 2008中的代碼安全(八):透明加密(TDE),轉載需保留來源!
鄭重聲明:本文版權歸原作者所有,轉載文章僅為傳播更多信息之目的,如作者信息標記有誤,請第一時間聯系我們修改或刪除,多謝。
