SQL Server 2008 透明加密 TDE 相对于加密数据库备份有哪些优势?
SQL Server2008+ TDE(透明数据加密)相对于仅加密数据库备份文件(使用密码)有哪些优势?
更新:
抱歉 - 从这个问题中删除了 Oracle(SQL Server TDE 适用于整个数据库,加密数据存储在数据库中)。
尽管有很多 3d 方工具,但使用 C# 在没有 3d 方工具的情况下组织加密并不困难。
What are advantages of SQL Server2008+ TDE ( Transparent Data Encryption) over encrypting just database backup file (with a password)?
Update:
I am sorry - removed Oracle from this question (SQL Server TDE is for the whole database and encrypted data is stored in database).
Encrypting is not difficult to organize using C# without 3d-party tools, though there are plenty of 3d party tools.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我从未使用过这两个功能,但粗略地回顾一下 2008 年联机丛书文档可以清楚地看出,BACKUP DATABASE 命令的 PASSWORD 选项(我猜这就是您的意思?)不会加密任何内容:
显然你根本不应该使用它:
因此,无论您的安全要求如何,PASSWORD 都不太可能有用。 TDE 是否有用取决于您试图降低的风险,例如,它会加密磁盘上的数据,但不会在网络传输期间加密数据。如果您确实实施了某种形式的加密,请确保您针对各种情况制定了非常周密的计划和测试的备份/恢复过程。
I've never used either feature, but a cursory review of the 2008 Books Online documentation makes it clear that the PASSWORD option for the BACKUP DATABASE command (I'm guessing that's what you meant?) doesn't encrypt anything:
And apparently you shouldn't use it at all anyway:
So whatever your security requirements, PASSWORD is unlikely to be useful. Whether or not TDE is useful depends on the risk you're trying to mitigate, e.g. it encrypts data on disk but not during transmission over the network. If you do implement some form of encryption, make sure you have extremely well planned and tested backup/restore procedures for a range of scenarios.
SQL Server 中没有功能可以仅加密备份而不加密数据库。您需要使用第三方软件来做到这一点。 TDE 对数据库和备份进行加密。
There is no feature in SQL Server to encrypt just the backups without encrypting the database. You need to use third party software to do that. TDE encrypts both database and backups.
TDE 的优点:
TDE的缺点:
这里是 TDE 的精彩概述。
Advantages of TDE:
Disadvantages of TDE:
Here is a nice overview of TDE.