|
|
SQL Server 2008引入透明數(shù)據(jù)加密(Transparent Data Encryption),即TDE,它允許你完全無(wú)需修改應(yīng)用程序代碼而對(duì)整個(gè)數(shù)據(jù)庫(kù)加密。當(dāng)一個(gè)用戶(hù)數(shù)據(jù)庫(kù)可用且已啟用TDE時(shí),在寫(xiě)入到磁盤(pán)時(shí)在頁(yè)級(jí)實(shí)現(xiàn)加密。在數(shù)據(jù)頁(yè)讀入內(nèi)存時(shí)解密。如果數(shù)據(jù)庫(kù)文件或數(shù)據(jù)庫(kù)備份被盜,沒(méi)有用來(lái)加密的原始證書(shū)將無(wú)法訪(fǎng)問(wèn)。這幾乎是SQL Server2008安全選項(xiàng)中最激動(dòng)人心的功能了,有了它,我們至少可以將一些初級(jí)的惡意窺視拒之見(jiàn)外。
下面的兩個(gè)例子將展示如何啟用和維護(hù)透明數(shù)據(jù)加密。
示例一、啟用透明加密(TDE)
/********************TDE**************** 3w@live.cn ****************/USE Master
GO
--------刪除舊主密鑰**********************3w@live.cn
--------Drop master Key
--------go
--創(chuàng)建主密鑰**********************3w@live.cn
Create MASTER KEY ENCRYPTION
BY PASSWORD = 'B19ACE32-AB68-4589-81AE-010E9092FC6B'
GO
--創(chuàng)建證書(shū),用于透明數(shù)據(jù)加密**********************3w@live.cn
CREATE CERTIFICATE TDE_Server_Certificate
WITH SUBJECT = 'Server-level cert for TDE'
GO
USE DB_Encrypt_Demo
GO
--第一步:現(xiàn)在開(kāi)始透明加密**********************3w@live.cn
CREATE DATABASE ENCRYPTION KEY--創(chuàng)建數(shù)據(jù)庫(kù)加密密鑰
WITH ALGORITHM = TRIPLE_DES_3KEY--加密方式
ENCRYPTION BY SERVER CERTIFICATE TDE_Server_Certificate--使用服務(wù)器級(jí)證書(shū)加密
GO
/*
Warning: The certificate used for encrypting the database encryption key
has not been backed up.
You should immediately back up the certificate and the private key
associated with the certificate.
If the certificate ever becomes unavailable or
if you must restore or attach the database on another server,
you must have backups of both the certificate and the private key
or you will not be able to open the database.
*/
--第二步:打開(kāi)加密開(kāi)關(guān)**********************3w@live.cn
ALTER DATABASE DB_Encrypt_Demo
SET ENCRYPTION ON
GO
--查看數(shù)據(jù)庫(kù)是否加密
SELECT is_encrypted
FROM sys.databases
WHERE name = 'DB_Encrypt_Demo'
it知識(shí)庫(kù):SQL Server 2008中的代碼安全(八):透明加密(TDE),轉(zhuǎn)載需保留來(lái)源!
鄭重聲明:本文版權(quán)歸原作者所有,轉(zhuǎn)載文章僅為傳播更多信息之目的,如作者信息標(biāo)記有誤,請(qǐng)第一時(shí)間聯(lián)系我們修改或刪除,多謝。
