Home > Articles > Data > SQL Server

📄 Contents

  1. SQL Server Reference Guide
  2. Introduction
  3. SQL Server Reference Guide Overview
  4. Table of Contents
  5. Microsoft SQL Server Defined
  6. SQL Server Editions
  7. SQL Server Access
  8. Informit Articles and Sample Chapters
  9. Online Resources
  10. Microsoft SQL Server Features
  11. SQL Server Books Online
  12. Clustering Services
  13. Data Transformation Services (DTS) Overview
  14. Replication Services
  15. Database Mirroring
  16. Natural Language Processing (NLP)
  17. Analysis Services
  18. Microsot SQL Server Reporting Services
  19. XML Overview
  20. Notification Services for the DBA
  21. Full-Text Search
  22. SQL Server 2005 - Service Broker
  23. Using SQL Server as a Web Service
  24. SQL Server Encryption Options Overview
  25. SQL Server 2008 Overview
  26. SQL Server 2008 R2 Overview
  27. SQL Azure
  28. The Utility Control Point and Data Application Component, Part 1
  29. The Utility Control Point and Data Application Component, Part 2
  30. Microsoft SQL Server Administration
  31. The DBA Survival Guide: The 10 Minute SQL Server Overview
  32. Preparing (or Tuning) a Windows System for SQL Server, Part 1
  33. Preparing (or Tuning) a Windows System for SQL Server, Part 2
  34. Installing SQL Server
  35. Upgrading SQL Server
  36. SQL Server 2000 Management Tools
  37. SQL Server 2005 Management Tools
  38. SQL Server 2008 Management Tools
  39. SQL Azure Tools
  40. Automating Tasks with SQL Server Agent
  41. Run Operating System Commands in SQL Agent using PowerShell
  42. Automating Tasks Without SQL Server Agent
  43. Storage – SQL Server I/O
  44. Service Packs, Hotfixes and Cumulative Upgrades
  45. Tracking SQL Server Information with Error and Event Logs
  46. Change Management
  47. SQL Server Metadata, Part One
  48. SQL Server Meta-Data, Part Two
  49. Monitoring - SQL Server 2005 Dynamic Views and Functions
  50. Monitoring - Performance Monitor
  51. Unattended Performance Monitoring for SQL Server
  52. Monitoring - User-Defined Performance Counters
  53. Monitoring: SQL Server Activity Monitor
  54. SQL Server Instances
  55. DBCC Commands
  56. SQL Server and Mail
  57. Database Maintenance Checklist
  58. The Maintenance Wizard: SQL Server 2000 and Earlier
  59. The Maintenance Wizard: SQL Server 2005 (SP2) and Later
  60. The Web Assistant Wizard
  61. Creating Web Pages from SQL Server
  62. SQL Server Security
  63. Securing the SQL Server Platform, Part 1
  64. Securing the SQL Server Platform, Part 2
  65. SQL Server Security: Users and other Principals
  66. SQL Server Security – Roles
  67. SQL Server Security: Objects (Securables)
  68. Security: Using the Command Line
  69. SQL Server Security - Encrypting Connections
  70. SQL Server Security: Encrypting Data
  71. SQL Server Security Audit
  72. High Availability - SQL Server Clustering
  73. SQL Server Configuration, Part 1
  74. SQL Server Configuration, Part 2
  75. Database Configuration Options
  76. 32- vs 64-bit Computing for SQL Server
  77. SQL Server and Memory
  78. Performance Tuning: Introduction to Indexes
  79. Statistical Indexes
  80. Backup and Recovery
  81. Backup and Recovery Examples, Part One
  82. Backup and Recovery Examples, Part Two: Transferring Databases to Another System (Even Without Backups)
  83. SQL Profiler - Reverse Engineering An Application
  84. SQL Trace
  85. SQL Server Alerts
  86. Files and Filegroups
  87. Partitioning
  88. Full-Text Indexes
  89. Read-Only Data
  90. SQL Server Locks
  91. Monitoring Locking and Deadlocking
  92. Controlling Locks in SQL Server
  93. SQL Server Policy-Based Management, Part One
  94. SQL Server Policy-Based Management, Part Two
  95. SQL Server Policy-Based Management, Part Three
  96. Microsoft SQL Server Programming
  97. An Outline for Development
  98. Database
  99. Database Services
  100. Database Objects: Databases
  101. Database Objects: Tables
  102. Database Objects: Table Relationships
  103. Database Objects: Keys
  104. Database Objects: Constraints
  105. Database Objects: Data Types
  106. Database Objects: Views
  107. Database Objects: Stored Procedures
  108. Database Objects: Indexes
  109. Database Objects: User Defined Functions
  110. Database Objects: Triggers
  111. Database Design: Requirements, Entities, and Attributes
  112. Business Process Model Notation (BPMN) and the Data Professional
  113. Business Questions for Database Design, Part One
  114. Business Questions for Database Design, Part Two
  115. Database Design: Finalizing Requirements and Defining Relationships
  116. Database Design: Creating an Entity Relationship Diagram
  117. Database Design: The Logical ERD
  118. Database Design: Adjusting The Model
  119. Database Design: Normalizing the Model
  120. Creating The Physical Model
  121. Database Design: Changing Attributes to Columns
  122. Database Design: Creating The Physical Database
  123. Database Design Example: Curriculum Vitae
  124. NULLs
  125. The SQL Server Sample Databases
  126. The SQL Server Sample Databases: pubs
  127. The SQL Server Sample Databases: NorthWind
  128. The SQL Server Sample Databases: AdventureWorks
  129. The SQL Server Sample Databases: Adventureworks Derivatives
  130. UniversalDB: The Demo and Testing Database, Part 1
  131. UniversalDB: The Demo and Testing Database, Part 2
  132. UniversalDB: The Demo and Testing Database, Part 3
  133. UniversalDB: The Demo and Testing Database, Part 4
  134. Getting Started with Transact-SQL
  135. Transact-SQL: Data Definition Language (DDL) Basics
  136. Transact-SQL: Limiting Results
  137. Transact-SQL: More Operators
  138. Transact-SQL: Ordering and Aggregating Data
  139. Transact-SQL: Subqueries
  140. Transact-SQL: Joins
  141. Transact-SQL: Complex Joins - Building a View with Multiple JOINs
  142. Transact-SQL: Inserts, Updates, and Deletes
  143. An Introduction to the CLR in SQL Server 2005
  144. Design Elements Part 1: Programming Flow Overview, Code Format and Commenting your Code
  145. Design Elements Part 2: Controlling SQL's Scope
  146. Design Elements Part 3: Error Handling
  147. Design Elements Part 4: Variables
  148. Design Elements Part 5: Where Does The Code Live?
  149. Design Elements Part 6: Math Operators and Functions
  150. Design Elements Part 7: Statistical Functions
  151. Design Elements Part 8: Summarization Statistical Algorithms
  152. Design Elements Part 9:Representing Data with Statistical Algorithms
  153. Design Elements Part 10: Interpreting the Data—Regression
  154. Design Elements Part 11: String Manipulation
  155. Design Elements Part 12: Loops
  156. Design Elements Part 13: Recursion
  157. Design Elements Part 14: Arrays
  158. Design Elements Part 15: Event-Driven Programming Vs. Scheduled Processes
  159. Design Elements Part 16: Event-Driven Programming
  160. Design Elements Part 17: Program Flow
  161. Forming Queries Part 1: Design
  162. Forming Queries Part 2: Query Basics
  163. Forming Queries Part 3: Query Optimization
  164. Forming Queries Part 4: SET Options
  165. Forming Queries Part 5: Table Optimization Hints
  166. Using SQL Server Templates
  167. Transact-SQL Unit Testing
  168. Index Tuning Wizard
  169. Unicode and SQL Server
  170. SQL Server Development Tools
  171. The SQL Server Transact-SQL Debugger
  172. The Transact-SQL Debugger, Part 2
  173. Basic Troubleshooting for Transact-SQL Code
  174. An Introduction to Spatial Data in SQL Server 2008
  175. Performance Tuning
  176. Performance Tuning SQL Server: Tools and Processes
  177. Performance Tuning SQL Server: Tools Overview
  178. Creating a Performance Tuning Audit - Defining Components
  179. Creating a Performance Tuning Audit - Evaluation Part One
  180. Creating a Performance Tuning Audit - Evaluation Part Two
  181. Creating a Performance Tuning Audit - Interpretation
  182. Creating a Performance Tuning Audit - Developing an Action Plan
  183. Understanding SQL Server Query Plans
  184. Performance Tuning: Implementing Indexes
  185. Performance Monitoring Tools: Windows 2008 (and Higher) Server Utilities, Part 1
  186. Performance Monitoring Tools: Windows 2008 (and Higher) Server Utilities, Part 2
  187. Performance Monitoring Tools: Windows System Monitor
  188. Performance Monitoring Tools: Logging with System Monitor
  189. Performance Monitoring Tools: User Defined Counters
  190. General Transact-SQL (T-SQL) Performance Tuning, Part 1
  191. General Transact-SQL (T-SQL) Performance Tuning, Part 2
  192. General Transact-SQL (T-SQL) Performance Tuning, Part 3
  193. Performance Monitoring Tools: An Introduction to SQL Profiler
  194. Performance Tuning: Introduction to Indexes
  195. Performance Monitoring Tools: SQL Server 2000 Index Tuning Wizard
  196. Performance Monitoring Tools: SQL Server 2005 Database Tuning Advisor
  197. Performance Monitoring Tools: SQL Server Management Studio Reports
  198. Performance Monitoring Tools: SQL Server 2008 Activity Monitor
  199. The SQL Server 2008 Management Data Warehouse and Data Collector
  200. Performance Monitoring Tools: Evaluating Wait States with PowerShell and Excel
  201. Practical Applications
  202. Choosing the Back End
  203. The DBA's Toolbox, Part 1
  204. The DBA's Toolbox, Part 2
  205. Scripting Solutions for SQL Server
  206. Building a SQL Server Lab
  207. Using Graphics Files with SQL Server
  208. Enterprise Resource Planning
  209. Customer Relationship Management (CRM)
  210. Building a Reporting Data Server
  211. Building a Database Documenter, Part 1
  212. Building a Database Documenter, Part 2
  213. Data Management Objects
  214. Data Management Objects: The Server Object
  215. Data Management Objects: Server Object Methods
  216. Data Management Objects: Collections and the Database Object
  217. Data Management Objects: Database Information
  218. Data Management Objects: Database Control
  219. Data Management Objects: Database Maintenance
  220. Data Management Objects: Logging the Process
  221. Data Management Objects: Running SQL Statements
  222. Data Management Objects: Multiple Row Returns
  223. Data Management Objects: Other Database Objects
  224. Data Management Objects: Security
  225. Data Management Objects: Scripting
  226. Powershell and SQL Server - Overview
  227. PowerShell and SQL Server - Objects and Providers
  228. Powershell and SQL Server - A Script Framework
  229. Powershell and SQL Server - Logging the Process
  230. Powershell and SQL Server - Reading a Control File
  231. Powershell and SQL Server - SQL Server Access
  232. Powershell and SQL Server - Web Pages from a SQL Query
  233. Powershell and SQL Server - Scrubbing the Event Logs
  234. SQL Server 2008 PowerShell Provider
  235. SQL Server I/O: Importing and Exporting Data
  236. SQL Server I/O: XML in Database Terms
  237. SQL Server I/O: Creating XML Output
  238. SQL Server I/O: Reading XML Documents
  239. SQL Server I/O: Using XML Control Mechanisms
  240. SQL Server I/O: Creating Hierarchies
  241. SQL Server I/O: Using HTTP with SQL Server XML
  242. SQL Server I/O: Using HTTP with SQL Server XML Templates
  243. SQL Server I/O: Remote Queries
  244. SQL Server I/O: Working with Text Files
  245. Using Microsoft SQL Server on Handheld Devices
  246. Front-Ends 101: Microsoft Access
  247. Comparing Two SQL Server Databases
  248. English Query - Part 1
  249. English Query - Part 2
  250. English Query - Part 3
  251. English Query - Part 4
  252. English Query - Part 5
  253. RSS Feeds from SQL Server
  254. Using SQL Server Agent to Monitor Backups
  255. Reporting Services - Creating a Maintenance Report
  256. SQL Server Chargeback Strategies, Part 1
  257. SQL Server Chargeback Strategies, Part 2
  258. SQL Server Replication Example
  259. Creating a Master Agent and Alert Server
  260. The SQL Server Central Management System: Definition
  261. The SQL Server Central Management System: Base Tables
  262. The SQL Server Central Management System: Execution of Server Information (Part 1)
  263. The SQL Server Central Management System: Execution of Server Information (Part 2)
  264. The SQL Server Central Management System: Collecting Performance Metrics
  265. The SQL Server Central Management System: Centralizing Agent Jobs, Events and Scripts
  266. The SQL Server Central Management System: Reporting the Data and Project Summary
  267. Time Tracking for SQL Server Operations
  268. Migrating Departmental Data Stores to SQL Server
  269. Migrating Departmental Data Stores to SQL Server: Model the System
  270. Migrating Departmental Data Stores to SQL Server: Model the System, Continued
  271. Migrating Departmental Data Stores to SQL Server: Decide on the Destination
  272. Migrating Departmental Data Stores to SQL Server: Design the ETL
  273. Migrating Departmental Data Stores to SQL Server: Design the ETL, Continued
  274. Migrating Departmental Data Stores to SQL Server: Attach the Front End, Test, and Monitor
  275. Tracking SQL Server Timed Events, Part 1
  276. Tracking SQL Server Timed Events, Part 2
  277. Patterns and Practices for the Data Professional
  278. Managing Vendor Databases
  279. Consolidation Options
  280. Connecting to a SQL Azure Database from Microsoft Access
  281. SharePoint 2007 and SQL Server, Part One
  282. SharePoint 2007 and SQL Server, Part Two
  283. SharePoint 2007 and SQL Server, Part Three
  284. Querying Multiple Data Sources from a Single Location (Distributed Queries)
  285. Importing and Exporting Data for SQL Azure
  286. Working on Distributed Teams
  287. Professional Development
  288. Becoming a DBA
  289. Certification
  290. DBA Levels
  291. Becoming a Data Professional
  292. SQL Server Professional Development Plan, Part 1
  293. SQL Server Professional Development Plan, Part 2
  294. SQL Server Professional Development Plan, Part 3
  295. Evaluating Technical Options
  296. System Sizing
  297. Creating a Disaster Recovery Plan
  298. Anatomy of a Disaster (Response Plan)
  299. Database Troubleshooting
  300. Conducting an Effective Code Review
  301. Developing an Exit Strategy
  302. Data Retention Strategy
  303. Keeping Your DBA/Developer Job in Troubled Times
  304. The SQL Server Runbook
  305. Creating and Maintaining a SQL Server Configuration History, Part 1
  306. Creating and Maintaining a SQL Server Configuration History, Part 2
  307. Creating an Application Profile, Part 1
  308. Creating an Application Profile, Part 2
  309. How to Attend a Technical Conference
  310. Tips for Maximizing Your IT Budget This Year
  311. The Importance of Blue-Sky Planning
  312. Application Architecture Assessments
  313. Transact-SQL Code Reviews, Part One
  314. Transact-SQL Code Reviews, Part Two
  315. Cloud Computing (Distributed Computing) Paradigms
  316. NoSQL for the SQL Server Professional, Part One
  317. NoSQL for the SQL Server Professional, Part Two
  318. Object-Role Modeling (ORM) for the Database Professional
  319. Business Intelligence
  320. BI Explained
  321. Developing a Data Dictionary
  322. BI Security
  323. Gathering BI Requirements
  324. Source System Extracts and Transforms
  325. ETL Mechanisms
  326. Business Intelligence Landscapes
  327. Business Intelligence Layouts and the Build or Buy Decision
  328. A Single Version of the Truth
  329. The Operational Data Store (ODS)
  330. Data Marts – Combining and Transforming Data
  331. Designing Data Elements
  332. The Enterprise Data Warehouse — Aggregations and the Star Schema
  333. On-Line Analytical Processing (OLAP)
  334. Data Mining
  335. Key Performance Indicators
  336. BI Presentation - Client Tools
  337. BI Presentation - Portals
  338. Implementing ETL - Introduction to SQL Server 2005 Integration Services
  339. Building a Business Intelligence Solution, Part 1
  340. Building a Business Intelligence Solution, Part 2
  341. Building a Business Intelligence Solution, Part 3
  342. Tips and Troubleshooting
  343. SQL Server and Microsoft Excel Integration
  344. Tips for the SQL Server Tools: SQL Server 2000
  345. Tips for the SQL Server Tools – SQL Server 2005
  346. Transaction Log Troubles
  347. SQL Server Connection Problems
  348. Orphaned Database Users
  349. Additional Resources
  350. Tools and Downloads
  351. Utilities (Free)
  352. Tool Review (Free): DBDesignerFork
  353. Aqua Data Studio
  354. Microsoft SQL Server Best Practices Analyzer
  355. Utilities (Cost)
  356. Quest Software's TOAD for SQL Server
  357. Quest Software's Spotlight on SQL Server
  358. SQL Server on Microsoft's Virtual PC
  359. Red Gate SQL Bundle
  360. Microsoft's Visio for Database Folks
  361. Quest Capacity Manager
  362. SQL Server Help
  363. Visual Studio Team Edition for Database Professionals
  364. Microsoft Assessment and Planning Solution Accelerator
  365. Aggregating Server Data from the MAPS Tool

High security requirements exist in more places than you might think. The headlines are rife with examples of careless government and commercial employees that have left laptops unprotected, ruining the credit and privacy of hundreds of thousands of people that trusted them with their private data. Even if you don’t think you store personal or private data, you should understand the options you have for protecting this kind of data, since at some point you’ll want to do so.

Private or sensitive data should absolutely never be removed from a protected environment. When companies (and the government) decide to do this, they put us all at risk. There are, however, certain exceptions. The police need instant access to data to find out if the bad guys in the building have a past record. The fire department needs to know where the dangerous chemicals are, and medical personnel need access to your records to make sure they don't cause a dangerous drug interaction. For data that will be "at rest", or located on a device, encryption might be the right thing to do.

NOTE

In this tutorial I’ll focus on data at rest. For data in-flight you can use encrypted connections, which I've explain in another tutorial.

Security for your data involves not just the techniques I’ll describe in this tutorial, but a comprehensive security plan. I’ve got a series on that starting here, so make sure you pay attention to physical security, settings, Service Packs and the other areas that make up a secure system. Again, I’m focusing on protecting the data itself, should someone gain access to it.

There are two basic ways to protect data within the database: hashing, and encryption. Hashing data involves taking the data and putting it through a formula, giving a result. For instance, assume you have my social security number (SSN) in a database. You could multiply each number in my SSN by, say, 2:

My SSN: 123456789

New value: 24681012141618

Now take that and divide it by, say 26: 949269697754.53846153846153846154

So to “hash” my SSN, we did this: f(x) = ((x of each N)*2)/26

This is the number you store on both “sides” of the transaction you want to make, so the other system never stores the original number, but verifies that it’s the same thing. It’s a one-way operation, meaning that there is no way to get back to my SSN, since you’re sending neither the original value or even the formula to the other system. This is how passwords work in many operating systems.

Of course, since this is a one-way transaction, it wouldn’t be very useful to use in a single database, since at some point you do actually want to get the original value back. For that, you need encryption.

Encryption (literally, “to bury”) is the process of applying a formula on data that you can reverse in some way. It takes the original value in, stores another value and “knows” the formula to unlock it again. SQL Server 2005 (and higher) has functions to help you do this, and that’s the focus of this tutorial.

In this tutorial I'll explain how encryption is used in SQL Server version 2005 and higher. If you have high demands for security, you should immediately switch from SQL Server 2000 to the later versions anyway, since there are several security improvements in the later versions — and the small fact that SQL Server 2000 is now out of primary support. If you have to use SQL Server 2000, you'll need to use Application Programming Interfaces (API's) to call an encryption function, or you can buy a package that will encrypt data for you. Keep in mind, with that version out of support, you won’t have the security updates needed to keep it safe.

The encryption I'll describe in this tutorial deals with columns of data, not the entire database. It's rare that you need to encrypt the entire database, but normally only one or more columns of particularly sensitive data. This brings up an important point. Before you start encrypting data, you should think about a proper design. If an application is designed and implemented properly, you may not need to encrypt data at all. Let's take a look at a concrete example.

Assume that your organization approaches you and tells you that the requirements for a new application they are developing involve storing a client's name along with their Social Security Number. They also want the field agents to have copy of a subset of this data on their laptops.

Your first step should be to ask if it is absolutely necessary to have this information on a remote database. You should explain the financial and personal impacts if this data is compromised, and you should point out recent high-profile cases as backup. If the name and number are required for identity verification (a common practice, although illegal), then you should ask if only a portion of the number can be used. You can then create a practice of removing all but a few of the numbers that would be stored remotely, lessening your risk. Or perhaps you could set up a hash for the data for those remote systems.

But let's assume that your firm (foolishly) requires the number to be stored in these laptop databases. The next thing you should do is work with the broader IT department and ensure that the laptops have an encrypted directory for the data, that they have strong passwords, and a "wipe when stolen" mechanism. You should also brief each laptop user about how dangerous it is to have this data, and that they will be held responsible for its loss. After all that, you'll need to develop the processes to encrypt and decrypt the data.

Encryption Background

Encryption is simply changing one form of text (plaintext) into another (ciphertext) by passing it through a formula (encryption algorithm), which includes a number or string that is known by one or more people (key). A simple form of encryption is letter substitution, where one letter stands for another. Of course this kind of encryption is quite easy to break, because you can study the distribution of letters and begin to make guesses about what letters are standing in for others, simply because most languages have certain letters that are used more often.

But a more robust form of encryption does the character substitution according to rather lengthy formulas that shift the substitution around quite frequently. While this is far more secure, you would have to have a separate formula for each use. To get around that, some of the parts of the formula involve a number or string that is changed for each person or organization. Now you can reuse the formula that a lot of people know, because each one will have their own "key" that is substituted in the formula.

There are two types of encryption keys. One is called symmetric, and the other is called asymmetric. A symmetric key is the same to encrypt the data (change it from plaintext to ciphertext) that you use to decrypt the data (change it back from ciphertext to plaintext). Creating a simple password on a file and then telling someone the password is an example of using a symmetric key. The same password encrypts the file and decrypts it.

An asymmetric key has two parts. One key is known to someone else (called the public key), and they can use it to encrypt data. The other half of the key (called the private key) is used along with the public key to decrypt the data. An asymmetric key is also called a public/private key pair.

You can use either kind of key to encrypt data by inserting the data through a function. I'll discuss the options and mechanisms in a moment.

SQL Server uses encryption by leveraging the Windows operating system. The operating system has an encryption mechanism called the Data Protection API (or DAPI) built right in. When you install SQL Server, it uses this DAPI to create the main key that SQL Server users, called the Service Master Key. This key is generated automatically, without any input from you. Your only job is to back up that key, using the command BACKUP SERVICE MASTER KEY — a VERY important step that you should take right now, if you’ve never done so.

For you to encrypt data, you'll also need for the database to have a key. I'll show you how to create that in a moment. That key is then used in all of the encryption routines.

Asymmetric Certificates and Keys

As I mentioned earlier, there are two types of keys, symmetric and asymmetric. There are two kinds of asymmetric mechanisms: certificates and keys. They are both used the same way, and are the same strength. You can create a new asymmetric key with this command:

CREATE ASYMMETRIC KEY MyNewAsymmetricKey 
  WITH ALGORITHM = RSA_512
  ENCRYPTION BY PASSWORD = ’NeedAReallyStrongPasswordHere!’; 
GO

I'll show you how you can use this key in a moment. For the full syntax of this command and all its options, check this reference.

Certificates are just files that have keys in them, and they work the same way. In fact we used them in my tutorial on encrypting connections. I talk about them more in that tutorial. To create a certificate, use the CREATE CERTIFICATE command. You can find out more about that in this reference.

You might wonder why I'm not spending a lot of time on those commands. The reason is that you may not want to use asymmetric methods for data encryption. Asymmetric encryption is inherently slower than symmetric encryption, and has some limitations on how much data can be encrypted. Not only that, asymmetric encryption is really more useful when you want someone to know how to encrypt data (using the public key) but not decrypt it (you do that with the private key). In my example, I want the remote laptop to be able to both encrypt and decrypt the data, so I'll focus on the symmetric keys in this tutorial. If you’d like to learn more about asymmetric keys in general, there’s a great “Video Mentor” download here.

Symmetric Keys

Interestingly enough, you can create a symmetric key (and this holds true for asymmetric keys as well) by using certificates, passwords, and even other keys. I'll keep it simple in this example and use a password, but you should give this some thought. You're going to have to give that key to someone (like the developer), so a certificate might be a good choice.

I'll use the CREATE SYMMETRIC KEY command, and you can find the full syntax for that here. I'll explain the parts we need as I go.

Make sure you're following along on a test system, and on test data. You can really hurt yourself if you lose your keys or forget your password. In that case you can't get your data back, or replace the key. You're just out of luck. So make sure you're using a test system for this exercise.

First, if you want to follow along, set up a database to work with — on your test system, of course. Open Management Studio, and connect to your test server. Then open a query in the master database, and type the following command:

CREATE DATABASE EncryptionTest;
GO
USE EncryptionTest;
GO

That creates a simple database, with all the defaults. We'll get rid of it at the end of this exercise. Next, you need a table to work with. For this simple exercise, we'll create only two columns: one to hold the name and the other to hold the identification number. Let me say again how bad of an idea this is, since we shouldn't store an ID remotely no matter what. But here is the syntax to create the table nonetheless:

CREATE TABLE SensitiveData
(FullName VARCHAR(255)
, IDNumber varbinary(128));
GO

You can see that I've made the ID a large variable binary number, even though it will be a human-readable string. That's because the encrypted data will be in binary format.

Now let's get started on the encryption. Before you do anything else, you need to get some basic maintenance out of the way. We need to back up the server Service Master Key — again, this is for your test server, not production. You should have an entirely different place to store that key!

Here are the commands for your test server:

BACKUP SERVICE MASTER KEY 
TO FILE = ’c:\temp\SMK.buf’ 
ENCRYPTION BY PASSWORD = ’UseAStrongPassword!1231’;
GO

This example sends the Service Master Key to a file in a “temp” directory, and secured that with a password, which is required. Make sure you pick something strong, and then store that backup file somewhere.

Now you need the database master key, since that isn't created automatically, and back it up right away as well:

USE EncryptionTest;
GO
CREATE MASTER KEY 
ENCRYPTION BY PASSWORD = ’UseAStrongPassword!1232’;
GO
BACKUP MASTER KEY 
TO FILE = ’c:\temp\DBMK.buf’ 
ENCRYPTION BY PASSWORD = ’UseAStrongPassword!1233’;
GO

Now you're ready to create a symmetric key. Here's the command script, which creates the key, sets it to use a password, using the DES level of strength (more on that here in this reference for the syntax) and a password. No, you can't back this one up:

CREATE SYMMETRIC KEY SymmetricKeyTest
WITH ALGORITHM = DES
ENCRYPTION BY PASSWORD = ’UseAStrongPassword!1234’;
GO

With the key in place, now you can use a function to insert data into your table, encrypting only the ID along the way. The process is to open the key, and then use it to encrypt the data. I'll show you how to insert the data first, and then I'll explain what you're doing here:

OPEN SYMMETRIC KEY SymmetricKeyTest 
DECRYPTION BY PASSWORD = ’UseAStrongPassword!1234’;
GO
INSERT INTO SensitiveData
VALUES 
(
’Buck Woody’
, EncryptByKey(Key_GUID(’SymmetricKeyTest’), ’1234567890’)
);
GO

Here’s the breakdown of what you just typed. The first thing you need to do is open the key so you can use it, with the same password. That's the symmetric part.

The next thing you need to do is insert the data. The first field is easy, since it's a simple insert for character data. The more interesting part is the EncryptByKey() function. It needs a key number, so you use yet another function to find that, called Key_GUID(). Then you give it the key name, and the value you want to encrypt. That's all there is to it.

Now assume the laptop with the database is stolen, and the criminal that finds it wants to take a look at the data. He (or she) opens the database, and issues the following query:

SELECT * 
FROM SensitiveData;
GO

What does the perpetrator get back? Not much:

Buck Woody	0x0036CB777A989E4FB0215F2F2828179201000000FB39971B4C90A681936573137522
              56467621B07BC5A12D716EEEE699E275E318

Which of course isn't terribly useful. But assume you haven't lost the laptop. You now need to see the data. You can use a corresponding function to read the encrypted data:

OPEN SYMMETRIC KEY SymmetricKeyTest 
DECRYPTION BY PASSWORD = ’UseAStrongPassword!1234’
SELECT FullName
, CAST(DecryptByKey(IDNumber) AS VARCHAR)
FROM SensitiveData;
GO

And there you have it. Now let's clean all this up:

USE master;
GO
DROP DATABASE EncryptionTest;
GO

Careful with that Data

All this being said, you shouldn't enter into a decision to encrypt data lightly. Unless you carefully create and implement your plan, you can lock yourself out of your data. The keys and certificates that you can use to encrypt your data require special maintenance and backup, in excess of the regular maintenance your system requires. The backup for a key is potentially more sensitive than the database backups you take. If you lose an unprotected database backup, only that data is compromised. If you lose the database key, any data encrypted with it is at risk. So be careful with this powerful tool.

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020