数据库加密

发布于 2024-07-21 17:37:15 字数 237 浏览 4 评论 0原文

我有一个桌面应用程序需要从数据库读取数据,这两个数据库都安装在客户端计算机上。

数据库中的数据必须加密,以拒绝客户端访问并保护数据。

我需要知道使用什么样的数据库可以支持加密,因为有些表的数据量会很大,我也需要效率。

我在网上读到了一些相关内容,也许 SQL Server Compact Edition 将是一个不错的选择。

有人可以帮我解决这一点吗?

谢谢

I have a desktop application that needs to read data from a database, both installed on client computer.

That data in database must be encrypted, to deny client access, and protect data.

I need to know what kind of database to use that can supports encryption, because the amount of data in some tables will be very huge, I will need efficiency too.

I read some about this on web and perhaps SQL Server Compact Edition will be a good choice.

Can someone help me with this point?

Thanks

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

沫尐诺 2024-07-28 17:37:15

SQL Server CE 不支持任何加密。 您最多可以使用主机操作系统加密工具来加密数据库文件。 文件级加密不适用于数据库,因为要读取文件中的第 X 页,必须解密所有第 1...X-1 页才能获得处于适当状态的加密密钥(达到正确的 CBC 块状态)。 另一方面,BitLocker 工作正常,因为它可以单独解密/加密文件中的页面。 但 BitLocker 是分区级别选项,而不是文件级别。 这些一般注意事项适用于加密整个数据库文件的任何计划,与所涉及的产品(SQL CE、SQL Express、MySQL、Access 等)无关。

SQL Server 具有数据库级加密。 最容易使用的是 TDE,透明数据加密,但这需要 Enterprise版。 另一种选择是使用加密函数并自行管理加密 。 不太容易使用,但可以在免费的 Express 版本中使用。

SQL Server CE has no support for encryption whatsoever. You can at best encrypt the database file using the host OS encryption facilities. The file level encryption does not work for databases because to read page X in the file one has to decrypt all pages 1...X-1 to get the encryption key in the appropriate state (reach the proper CBC block state). BitLocker on the other hand works fine as it can decrypt/encrypt pages in the file individually. But BitLocker is a partition level option, not file level. These general considerations apply to any plan to encrypt the entire database file, irrelevant of the product involved (SQL CE, SQL Express, MySQL, Access, anything).

SQL Server has database level encryption. The easiest to use is TDE, Transparent Data Encryption but this requires Enterprise Edition. The other option is to use the cryptographic functions and manage the encryption yourself. Hardly easy to use, but is available in the free Express edition.

零崎曲识 2024-07-28 17:37:15

SQLite 有一个加密扩展 (SEE),允许应用程序读取和写入加密的数据库文件: http://www.hwaci.com/sw/sqlite/see.html

该数据库可能非常适合桌面应用程序,并且被广泛使用。 例如,我相信 FireFox 在内部使用它。

SQLite has an Encryption Extension (SEE) that allows an application to read and write encrypted database files: http://www.hwaci.com/sw/sqlite/see.html

This DB may be a good fit for a desktop application, and is widely used. For example, I believe FireFox uses it internally.

浪推晚风 2024-07-28 17:37:15

您无法阻止坚定的攻击者访问解密密钥并访问数据库。 这实际上是一种复制保护方案,而且它们都被破坏了。


更新:问题指出,“数据库中的数据必须加密,拒绝客户端访问,并保护数据。” 如果客户端有权访问任何可以访问数据库的应用程序,那么他就有权访问该应用程序使用的密钥,并且可以绕过该应用程序直接访问数据库。

如果这种不可避免的逻辑没有吸引力,请考虑一下试图保护音乐、游戏和其他数字资产的复制保护计划失败的轶事证据。

You cannot prevent a determined attacker from accessing the decryption key and accessing the database. This is effectively a copy-protection scheme, and they are all broken.


Update: The question states, "That data in database must be encrypted, to deny client access, and protect data." If the client has access to any application that can access the database, he has access to the key used by the application, and can bypass the application to access the database directly.

If the inescapable logic has no appeal, consider the anecdotal evidence of failed copy-protection schemes attempted to protect music, games, and other digital assets.

随心而道 2024-07-28 17:37:15

SQL Server 2008 包含一个称为透明数据加密的功能,它可以满足您的需要。 不知道精简版有没有这个功能。 使用这些关键字进行一些谷歌搜索应该可以帮助您入门。 我通常不提倡使用 SQL Server,但在这种情况下,我不知道其他数据库供应商有任何类似的功能(但它们必须存在......)。

也就是说,您希望通过加密数据获得什么? 如果这完全是客户端的,那么客户端将拥有解密数据的密钥。 充其量,您只是为人们获取您的数据库内容设置了一个小小的障碍。 从任何有意义的定义来看,它都不安全。

SQL Server 2008 includes a feature called Transparent Data Encryption which may do what you need. I don't know if Compact Edition contains this feature. A little googling with those keywords should get you started. I don't normally advocate using SQL Server, but in this case I'm not aware of any similar features from other DB vendors (but they must exist...).

That said, what do you hope to gain by encrypting the data? If this is entirely client-side, then the client is going to have the key to decrypt the data. At best, you're making a slight hurdle for people to get at your database contents. It won't be secure by any meaningful definition.

征棹 2024-07-28 17:37:15

我可以推荐 SQLCipher 吗? 它是 SQLite 的免费开源实现,支持透明的页面级加密。 它与 SEE 类似,正在积极开发中,并且对许多不同的密码提供实验性支持,因为它使用 OpenSSL 进行某些实现。 完全披露:我是开发人员之一! 我们有在 iPhone 应用程序中使用它的教程这将使您对其工作原理有一个基本的了解,并且有一个评论线程扩展了一些相关主题。 显然,在 Visual Studio 中使用它与 XCode 略有不同,但您应该能够连接链接并在 Windows 环境中使用它。

Might I recommend SQLCipher? It's a free and open-source implementation of SQLite that supports transparent, page-level encryption. It's similar to SEE, it's under active development, and has experimental support for a number of different ciphers, as it uses OpenSSL for some of its implementation. Full disclosure: I'm one of the developers! We've got a tutorial on using it in iPhone applications that will give you a basic idea of how it works, and there's a comment thread that expands on some related topics. Obviously, using it in Visual Studio will be a tad different than XCode, but you should be able to hook up the linking and get it going in a Windows environment.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文