Page 97 - DCAP508_DATABASE_ADMINISTRATION
P. 97

Unit 6: SQL Server Authentication




               Allows users to connect from unknown or untrusted domains. For instance, an application  Notes
               where established customers connect with assigned SQL Server logins to receive the status
               of their orders.
               Allows SQL Server to support Web-based applications where users create their own
               identities.

               Allows software developers to distribute their applications by using a complex permission
               hierarchy based on known, preset SQL Server logins.




             Notes  Using SQL Server Authentication does not limit the permissions of local
             administrators on the computer where SQL Server is installed.

          6.5 SQL Server Encryption

          Encryption is the process of obfuscating data by the use of a key or password. This can make the
          data useless without the corresponding decryption key or password. Encryption does not solve
          access control problems. However, it enhances security by limiting data loss even if access
          controls are bypassed. For example, if the database host computer is misconfigured and a hacker
          obtains sensitive data, that stolen information might be useless if it is encrypted.
          You can use encryption in SQL Server for connections, data, and stored procedures. The following
          table contains more information about encryption in SQL Server.

          Important

          Although encryption is a valuable tool to help ensure security, it should not be considered for
          all data or connections. When you are deciding whether to implement encryption, consider how
          users will access data. If users access data over a public network, data encryption might be
          required to increase security. However, if all access involves a secure intranet configuration,
          encryption might not be required. Any use of encryption should also include a maintenance
          strategy for passwords, keys, and certificates.

          6.5.1 Encryption Hierarchy

          SQL Server encrypts data with a hierarchical encryption and key management infrastructure.
          Each layer encrypts the layer below it by using a combination of certificates, asymmetric keys,
          and symmetric keys. Asymmetric keys and symmetric keys can be stored outside of SQL Server
          in an Extensible Key Management (EKM) module.
          The following illustration shows that each layer of the encryption hierarchy encrypts the layer
          beneath it, and displays the most common encryption configurations. The access to the start of
          the hierarchy is usually protected by a password.

















                                           LOVELY PROFESSIONAL UNIVERSITY                                   91
   92   93   94   95   96   97   98   99   100   101   102