DbEncrypt protects databases at the column level

DbEncrypt allows you to apply column-level encryption in your SQL Server database and assign view permissions to different users. Whether for obscuring credit card numbers, social security numbers, personal patient information, or financial data, being able to encrypt specific elements in a database is becoming more important as companies increasingly share records across departments or with outside organizations.

Installing DbEncrypt 2.5.0 is relatively easy. You install a client on your workstation, then connect to the database through the client to install the server-side objects that perform the encryption. The encryption mechanisms offered by DbEncrypt are very powerful; it has 11 encryption algorithms including AES (Advanced Encryption Standard), RC4, DES, and RSA encryption. DbEncrypt also comes with code samples for all 11 encryption types, as well as sign/verify, hash, and encode/decode, to add encryption directly to your applications.

The audit trail feature allows authorized users to view information about encryption and decryption activity in the database as well as all administrative activities. The audit log may be viewed only through the DbEncrypt client utility and won't mesh with an enterprise-level auditing solution -- it audits only activity in DbEncrypt.

DbEncrypt also manages its own security. By mapping database log-ins directly to DbEncrypt log-ins, administrators can define who can and can't use encryption and view encrypted data, all the way down to the column level. Defining encryption schemes and assigning permissions for a column or for an entire table couldn't be easier.

Although log-ins are mapped to encryption mechanisms in DbEncrypt, they don't give the user automatic access to the data; a separate password must also be used to log in to DbEncrypt. The unfortunate side effect of having a separate password is not only do your users have to remember two passwords just to log in to the database, it also opens up another hole on your server that's susceptible to brute-force attacks.

One caveat with this program is its extremely invasive nature. The invasiveness can't really be avoided, because the only way to get the kind of security that DbEncrypt offers is to permeate code throughout the database.

Here's what it does: DbEncrypt has a series of .dlls on the server that it uses to control the encryption and user access to the encrypted columns. But to accomplish the level of security desired, it must rename the base table and create two views. The highest-level view is given the same name as the original table. This could potentially cause a huge problem because, although views are updatable, DbEncrypt requires you to remove any constraints or indexes on the columns before encrypting. This extra step could affect performance and possibly the integrity of your database.

DbEncrypt is a powerful encryption tool that allows administrators to easily secure sensitive data. However, when Microsoft SQL Server 2005 is released next year, it will make DbEncrypt unnecessary for Microsoft shops. SQL Server 2005 promises built-in encryption that will be fairly accessible to admins with just a few lines of code.