始终加密的方法在移动(插入)Azure数据库之前对数据进行加密 [英] Is Always Encrypted method Encrypts data's the before moving(inserting into) Azure Database
问题描述
我只是想知道在传输到Azure SQL之前,有什么方法可以加密数据。
实际上我已经开发了一个Azure Web App。我需要将数据加密到App Server本身中的Azure SQL DB中。
我可以找到一些引用来加密AzureDB中的数据,例如
SQL Server中始终加密的功能是客户端加密技术,这意味着它将加密客户端应用程序驱动程序中的数据。这意味着数据将在客户端和SQL Server之间的网络上进行加密,在SQL Server的内存中进行加密,并在磁盘上进行加密。如果实施正确,它还可以保护数据免受入侵者的侵害,该入侵者在SQL Server上获得管理员特权(基本上,您必须确保加密密钥未存储在SQL Server上,并且入侵者无法以任何方式访问该加密密钥)。我将在此处详细解释如何执行此操作以及安全性保证。但是,由于SQL Server无法解密数据,因此您可以对加密数据执行哪些操作有一些限制。您可以阅读有关这些限制的更多信息这里。您可以了解有关始终加密的更多信息这里。
I'm Just figuring is there any way to Encrypt the data before transmitting into the Azure SQL.
Actually I've developed a Azure Web App. I've have a requirement to encrypt the data's into Azure SQL DB in the App Server itself.
I can find some reference to encrypt the data's in AzureDB like Always Encryption , Symmetric Keys
But all the references leads to encrypt the Data's with in the SQL Server (In other words, the data's would be transmitting as a plain text from App Server to SQL server(through a Insert Query) then the Encryption would be takes place in the SQL Server)
So, I've want to make sure my data's should be encrypt before sending to the Sql Server.
This will ensures no attackers/hackers have no way to hack my data's through the transmission
UPDATE
I've already implemented the SSL Security which Secures the transmission between the UI and App Server. But here i want to secure the transmission between the App Server and Azure SQL Server
Look this Diagram for clear understanding:
Always Encrypted feature in SQL server is a client side encryption technology, meaning it will encrypt the data in the driver of your client application. This means the data will be encrypted on the network between the client and SQL server, it is encrypted in the memory of SQL server and it is encrypted on disk. If implemented correctly, it can also protect the data from an intruder that gains admin privileges on SQL server (basically you will have to ensure that the encryption key is not stored on SQL Server and the intruder cannot get access to the encryption keys in any manner). I explain how to do this and the security guaranty provided by Always Encrypted here, in some detail. However, since SQL server cannot decrypt the data, there are some limitations on what operations you can perform on encrypted data. You can read more about those limitations here. You can learn more about always encrypted here.
这篇关于始终加密的方法在移动(插入)Azure数据库之前对数据进行加密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
