使用对称键&&的SQL Server权限证书? [英] Sql server permissions to use symetric keys && certificates?

问题描述

我想在sql服务器上实现证书以加密数据.

I would like to implement certificates on my sql server in order to encrypt data.

用户需要具备打开对称密钥和使用证书的能力，才能对数据进行加密和解密.

Users need abilty to open symetric key and to use the certificate in order to encrypt and decrypt data.

我需要授予他们的最低权限是多少?

What the minimum permisdions i need to grant them ?

此外，在黑客获取了我的mdf文件的情况下，他可以对数据做些什么吗?(​​如果我放了你给我的权限)

Also, in a scenario where a hacker got my mdf file , can he do something with data ?( if i put the permissions you gave me)

推荐答案

我们遇到了同样的问题.我们通过授予用户(仅属于db_datareader和db_datawriter角色)的用户对证书的显式控制"权限和对对称密钥的显式引用"权限来解决此问题.我现在正在寻找用于显示这些显式权限的查询，因为sys.permissions表上的查询无法显示这些权限.

We had the same issue. We solved it by granting the user (who was only in the db_datareader and db_datawriter roles) explicit "Control" rights on the certificate and explicit "references" rights on the Symmetric key. I am looking now for a query to use to show these explicit rights as the query on sys.permissions table fails to show these rights.

如果黑客获得了您的mdf文件，他仍然无法解密您的密钥，除非他拥有数据库主密钥的密码，因为您需要打开数据库主密钥才能将其链接到服务器上的服务主密钥.新服务器，否则它将无法正常工作.

Also if a hacker got your mdf file, he still could not decrypt your key unless he had your password to the Database Master Key because you need to open the Database Master Key in order to link it to the Service Master key on the new server otherwise it won't work.

这篇关于使用对称键&&的SQL Server权限证书?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！