How the novice should prevent the database from being stolen

Strictly speaking, a database is a warehouse that organizes, stores, and manages data according to data structures. In the daily work of economic management, it is often necessary to put some relevant data into such "warehouse" and deal with it according to the need of management. For example, the personnel departments of enterprises or institutions often have to put the basic situation of the staff of the Unit (employee number, name, age, sex, place of origin, salary, resume, etc.) in the table, this table can be considered as a database.

&http://www.aliyun.com/zixun/aggregation/37954.html ">nbsp; With this "Data Warehouse" we can at any time to inquire about the basic situation of a worker, you can also query wages in a certain extent, the number of workers and so on. If all this work can be done automatically on the computer, our personnel management can reach the very high level. In addition, in the financial management, warehouse management, production management also need to establish a large number of such "database", so that it can use the computer to achieve financial, warehouse, production automation management.

J.Martin gives the database a more complete definition: A database is a collection of related data that is stored together, structured, harmless or unnecessary, and serves a variety of applications; The data is stored independently of the program that uses it; Insert new data into the database The original data can be modified and retrieved in a common and controllable manner. When there are several databases that are structurally separate on a system, the system contains a collection of databases.

To prevent someone with ulterior motives from accessing the database from outside, stealing the names, passwords, credit card numbers, and other important information in the database, when we create a database-driven solution, the first design decision we need to consider is how to encrypt the stored data to keep it safe from being spying by others.

What kind of support in SQL Server can be used to encrypt objects and data? Discuss from the outset what SQL Server lacks is sensible, or what you should not do with the encryption part of SQL Server.

First, SQL Server has two built-in cryptographic functions-that is, Pwdencrypt () and Pwdcompare (). At the same time, there are two functions that SQL Server does not formally record to manage password hashes: Pwdencrypt () stores the password after hashing it; Pwdcompare () compares the supplied string to the hash string. Unfortunately, this hash function is not very secure, and it can be cracked by the dictionary attack algorithm (similar to a command-line application!).

These functions are constantly being modified as the version of SQL Server progresses, which is another reason not to use them. The hash of the password by earlier versions of SQL Server. Cannot be decrypted in later versions, so if you rely on a function in one version, all your encrypted data will be useless when you upgrade, unless you can decrypt it first-which violates the original purpose of encryption.

Second, you may try to create a homemade encryption solution for your database, but there are three reasons why you should not:

Unless you're an encryption expert, a random encryption system will only provide very low-level protection. What's new is that one-way cipher hashes or "rotx" forms of encryption can be easily defeated without any trouble.

If encryption is cracked because of your lack of ability, your data is screwed. You need to have all the things unencrypted, right? (Even if you encrypt, is there a security breach?)

When it comes to providing professional-level, industrial-intensity encryption solutions, you're not worth the time to do it yourself. Use your time to build a good, solid database instead of reinventing the wheel.