Protecting Data in SQL Server by Digital Signing

Lets dive into one of the amazing features of SQL Server regarding data protection and security. So far the data protection is mostly handled by the application layer, developers create login page/window for users to login and manipulate their own data and records. At the other hand, all the data stored in the back end database which DBAs can view and manipulate all the data or other users can hijack each others credentials (Username/Password) to do some illegal data manipulation on behalf.
How to find out illegal data manipulation was not done by the data owner? Or how to find out illegal data manipulation straight away?

Scenario: There is a real estate company which has its own sales system, this sales system has a function called ‘Contract Store’ which users can enter contract’s key information such as the real estate price, commission percentage, and also the sales person name. In this company there is a sales person which is trying to own the new contracts sealed by other sales persons by hacking the database system and update the records manually!

In SQL Server we can protect data by digital signing, which bounds the data to the real owner. Signing data can be accomplished by private key of either certificate or asymmetric key. The private key must be only in hands of the signer and the signature can be verified by anybody that has public key. Below figure illustrates the differences between encryption and signature.

SQL Server Database Administrators can sign the data by following the below steps.

  1. The certificate and the owner must be bound together.
  2. Revoke control permission of the certificate from public role.
  3. Sign the data by SignByCert() function.
  4. Verify the signature by VerifySignedByCert() function.

Below codes show the steps of the signing data.

 

Author: Hamid Jabarpour Fard

Share This Story

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp

Share Your Comments

About The Author

Search Articles

Categories

Follow Fard Solutions

Share Your Comments

Fard Solutions Sdn. Bhd. Company was established in 2012 in Kuala Lumpur. We are engaged in development, implementation, integration and maintenance of the most advanced database solutions and IT research & development (innovation).

(+60) 03 8994 6788

info@fard-solutions.com

Fard Technology Corp.
700-1199 West Hastings Street,
Vancouver, British Colombia,
V6E 3T5 Canada.

Fard Solutions Sdn. Bhd.
1-1C & 1-2C Incubator 1,
Technology Park Malaysia,
Bukit Jalil, 57000
Kuala Lumpur, Malaysia.

  • Copyrights © 2020 Fard Solutions Sdn. Bhd. , All rights reserved.
  • Privacy Policy
  • Terms of Service
  • A Project By Website Artisan