http://blogs.technet.com/b/andrew/archive/2007/11/29/sql-server-2008-transparent-data-encryption.aspxOne of the new things you can do in CTP5 of SQL Server 2008 is to encrypt your databases so that they are protected at rest and so are any backups made from them.&#160; So this prevents anybody from accessing a database without going through the serveren-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)http://blogs.technet.com/b/andrew/archive/2007/11/29/sql-server-2008-transparent-data-encryption.aspx#3483428Mon, 27 Feb 2012 19:40:28 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3483428Ashish<p>Is there any way to encrypt XML data within SQL Server 2008 R2 edition? Our client having such requirement so i am looking for help on that.</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3483428" width="1" height="1">http://blogs.technet.com/b/andrew/archive/2007/11/29/sql-server-2008-transparent-data-encryption.aspx#3309080Thu, 28 Jan 2010 17:49:20 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3309080Andrew.Fryer<p>I guess you mean so that only autorised people can see it or I would simply delete it!</p> <p>Seriously since sql server 2005 there has been support for encrypting values in the database for example credit card number as there isn't a real need to encrypt the whole database. &nbsp;These values have to be unencrypted in the application that accesses them. &nbsp;</p> <p>I would need to understand more about what you are trying to do or protect against to offe rmore help than this, so if you're in the UK perhaps we cna take this offline</p> <p>Andrew</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3309080" width="1" height="1">http://blogs.technet.com/b/andrew/archive/2007/11/29/sql-server-2008-transparent-data-encryption.aspx#3308947Thu, 28 Jan 2010 09:28:05 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3308947Kishore<p>How can we hide the actual data in TDE, so that no one can see ?</p><div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3308947" width="1" height="1">http://blogs.technet.com/b/andrew/archive/2007/11/29/sql-server-2008-transparent-data-encryption.aspx#3305528Wed, 13 Jan 2010 20:34:30 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3305528Jes<p>Andrew,</p> <p>Can we setup a LOGIN on a database with EXECUTION permission on store procedures and this LOGINcan not view or see what store procedures are coded?</p> <p>Thanks,</p> <p>Jes </p><div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3305528" width="1" height="1">http://blogs.technet.com/b/andrew/archive/2007/11/29/sql-server-2008-transparent-data-encryption.aspx#3304014Wed, 06 Jan 2010 12:53:57 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3304014Andrew.Fryer<p>Jes</p> <p>I don't understand what you mean by &quot;since Windows Authorization can do anything on database if they get in MSSQL server&quot; for example I can create a login Jes using windows authorisation that only has very limited access to a given database.</p> <p>If you mean that a winodws administrator has unlimited access then that's not the case either as I could remove them from the sysdmins role if I want to.</p> <p>I would also add that this has nothing to do with transparent data encryption</p> <p>Finally if you have a suggestion to improve any Microsoft product then you can go to <a rel="nofollow" target="_new" href="http://connect.microsoft.com">http://connect.microsoft.com</a> and put in your suggestion. &nbsp;at the very least you should get a reply fomr the product team</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3304014" width="1" height="1">http://blogs.technet.com/b/andrew/archive/2007/11/29/sql-server-2008-transparent-data-encryption.aspx#3303845Tue, 05 Jan 2010 17:53:52 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3303845Jes<p>Andrew,</p> <p>Can we ask MSSQL to do some kind of updates to prevent viewing WITH ENCRYPTION store procedures and functions and etc. ( Decrypt ) ? Otherwise it is too dangers for database security since Windows Authorization can do anything on database if they get in MSSQL server?</p> <p>Thx,</p> <p>Jes</p><div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3303845" width="1" height="1">http://blogs.technet.com/b/andrew/archive/2007/11/29/sql-server-2008-transparent-data-encryption.aspx#3303737Tue, 05 Jan 2010 07:55:55 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3303737Andrew.Fryer<p>Jes</p> <p>Your utility which might well be useful is nothing to do with Transparent Data Encryption in SQL Server 2008. &nbsp;If you give your users full access to your databases then I agree they can install ssms and export the entire database. &nbsp;However that's what schemas are for and you can also use the audit functions in SQL Sevrer 2008 to watch and alert for the kinds of queries theat are requesting sensitive data in bulk.</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3303737" width="1" height="1">http://blogs.technet.com/b/andrew/archive/2007/11/29/sql-server-2008-transparent-data-encryption.aspx#3303653Mon, 04 Jan 2010 20:04:48 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3303653Jes<p>Andrew,</p> <p>There are no security if you can't stop someone installing SSMS. People can create any SQL to get entire database scheme and export data by SSMS.</p> <p>What about some body using tool as in <a rel="nofollow" target="_new" href="http://www.devlib.net/decryptsql.htm?">http://www.devlib.net/decryptsql.htm?</a></p> <p>Thanks,</p> <p>Jes</p><div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3303653" width="1" height="1">http://blogs.technet.com/b/andrew/archive/2007/11/29/sql-server-2008-transparent-data-encryption.aspx#3303498Mon, 04 Jan 2010 08:40:16 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3303498Andrew.Fryer<p>Satya</p> <p>The data will be returned exactly as before, whether you run the query from an app, excel, or mamagement studio. </p> <p>TDE only prpotects the database 'at rest' and doesn't affect the queries yoiu run against it when it is in it's usual location. &nbsp;so TDE kicks in when you detach/attach or backup/restore in that you'll need the key to unlock the database if you restore or attach to a new instance virtual machine or physical server.</p> <p>Andrew</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3303498" width="1" height="1">http://blogs.technet.com/b/andrew/archive/2007/11/29/sql-server-2008-transparent-data-encryption.aspx#3302469Thu, 24 Dec 2009 23:54:42 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3302469Satya<p>Hi Andrew,</p> <p> &nbsp;I read about SQL Server 2008 TDE and I got a basic question.</p> <p>For example, if you have a table called users with userid, username and password as columns which returns the following data when you run a query against users tabel.</p> <p>SELECT * FROM users</p> <p>Userid &nbsp; Username &nbsp;Password</p> <p>1 &nbsp; &nbsp; &nbsp; &nbsp;John &nbsp; &nbsp; &nbsp;John345</p> <p>2 &nbsp; &nbsp; &nbsp; &nbsp;Paul &nbsp; &nbsp; &nbsp;Paul789 &nbsp; </p> <p>After you implement TDE for a specific database based on your steps described above, when you run the same &nbsp;query how does the data look like ?</p> <p>Does the result data is in encrypted form or normal form as above ?</p> <p>Thank you.</p> <p>Regards,</p> <p>Satya</p><div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3302469" width="1" height="1">