SQL Server中的机密数据 - 让管理员无法查看数据 [英] Confidential data in SQL server - keep admin from viewing data

问题描述

我的客户是职业体育联盟的顾问，负责对球员保密的事宜。他现在想将我们在本地维护的SQL Server数据库移动到由联盟控制的服务器。我们被告知，一旦它在他们的服务器上，我们唯一的访问将通过Web服务，或者，当我们想要更改架构或存储过程时，通过我们提交给他们的更改脚本。



我想我们可以接受这个，除了我的客户坚持认为联盟无法读取数据，我不知道这是否可行。我的网络搜索已证明毫无结果。



我们可以这样设置吗？我需要搜索哪些搜索字词？



谢谢



我尝试过的内容：



a各种谷歌搜索。简要地看一下SQL Server加密，但我读到的是令人困惑的

My client is a consultant to a professional sports league on matters that are confidential to the players. He now wants to move a SQL Server database that we've maintained locally to a server controlled by the league. We've been told that, once it's on their server, our only access will be via web services or, when we want to change the schema or the stored procedures, via change scripts we submit to them.

I suppose we could live with that, except my client is adamant that the league not be able to read the data, and I have no idea if that's possible. My web searches have proven fruitless.

Can we set it up that way? What search terms would I need to google?

Thanks

What I have tried:

a variety of google searches. Looked briefly at SQL Server encryption, but what I read was confusing

推荐答案

一种方法是使用数据库引擎的始终加密功能。这样，只有客户端应用程序知道解密数据的密钥。请查看始终加密（数据库引擎） [ ^ ]并从更大的角度来看：数据安全，SQL Server 2016和您的业务| SQL Server博客 [ ^ ]。



正如an0ther1所指出的，加密所有内容可能不切实际，只是真正需要保护的数据。



应该实施的另一个方面是审计，以便能够看到谁（或已经尝试过）做什么。在安全的环境中，尽可能保护数据并收集有关潜在滥用的信息非常重要。看一下 SQL Server Audit（数据库引擎） [ ^ ]

One way is to use Always Encrypted feature of the database engine. This way only client application is aware of the key to decrypt the data. Have a look at Always Encrypted (Database Engine)[^] and from a larger point of view: Data security, SQL Server 2016, and your business | SQL Server Blog[^].

As an0ther1 pointed out, it may not be practical to encrypt everything, just the data that really needs to be protected.

Another aspect which should be implemented is auditing, to be able to see who does (or has tried) what. In a secure environment it's important to try to protect the data as well as possible but also to gather information about potential misuses. Have a look at SQL Server Audit (Database Engine)[^]

这篇关于SQL Server中的机密数据 - 让管理员无法查看数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！