programming4us
         
 
 
SQL Server

Protecting SQL Server Data : CELL-LEVEL ENCRYPTION - Views and Stored Procedures (part 2) - Creating the Stored Procedures

- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
3/29/2012 4:12:50 PM

Creating the Stored Procedures

Requirement 1 dictates that only members of the Sensitive_high database role can execute INSERT and UPDATE methods on a table that contains columns with the sensitivity classification of "High". We have already established that the Borrower_Identification table contains one of these columns.

In addition, Requirement 2 dictates that all interaction with tables is to be performed through views and stored procedures. Requirement 6 dictates that all data modifications occur through stored procedures. In compliance with these requirements we will create two stored procedures.

The first stored procedure, named Update_Borrower_Identification, will perform the following:

  • Open the HighSymKey1 symmetric key with the MyHighCert certificate through the OPEN SYMMETRIC KEY method.

  • Execute the UPDATE method while using the EncryptByKey method to encrypt the value that is passed in the @Identification_Value argument. This encryption includes the use of the @Borrower_ID argument as the authenticator.

  • Catch the occurrence of an error so that the stored procedure fails gracefully. This is accomplished by the use of the TRY...CATCH method.

  • Check the HighSymKey1 symmetric key to determine if it is open before attempting to close it through the sys.openkeys catalog view. If it is open, the key is closed using the CLOSESYMMETRICKEY method.

Listing 4 shows the full code for the stored procedure.

Listing 4. The stored procedure through which authorized users can update sensitive data.

The second stored procedure, named Insert_Borrower_Identification, will perform the following:

  • Open the HighSymKey1 symmetric key with the MyHighCert certificate through the OPEN SYMMETRIC KEY method.

  • Execute the INSERT method while using the EncryptByKey method to encrypt the value that is passed in the @Identification_Value argument. This encryption includes the use of the @Borrower_ID argument as the authenticator.

  • Capture the new Borrower_Identification_ID of the inserted record, which is referenced through the use of @@IDENTITY, and returns it as the result of the stored procedure.

  • Catch the occurrence of an error so that the stored procedure fails gracefully. This is accomplished by the use of the TRY...CATCH method.

  • Check the HighSymKey1 symmetric key to determine if it is open before attempting to close it through the sys.openkeys catalog view. If it is open, the key is closed using the CLOSE SYMMETRIC KEY method.

Listing 5 shows the full code for the stored procedure.

Listing 5. The stored procured through which authorized users can insert sensitive data.

The final step in implementing these stored procedures is to grant the appropriate permissions to them. Requirement 6 allows the INSERT or UPDATE methods to be executed, if an encrypted column exists; only when the database role that performs the INSERT or UPDATE method has permissions granted to the key that performs the encryption.

The encrypted column in the Borrower_Information table, Information_Value_E, is encrypted by the HighSymKey1 symmetric key to which only the Sensitive_high database role has permissions to utilize; therefore, we will grant EXECUTE permissions to our two stored procedures only to the members of the Sensitive_high database role, as shown in Listing 6.

Listing 6. Granting, to the sensitive_high role, permission to execute the two stored procedures.
Other -----------------
- Protecting SQL Server Data : Implementing Cell-Level Encryption
- Protecting SQL Server Data : Preparing for Cell-Level Encryption
- Microsoft SQL Server 2008 R2 : Monitoring Replication (part 2) - New and Improved Peer-to-Peer Replication
- Microsoft SQL Server 2008 R2 : Monitoring Replication (part 1) - Replication Monitoring SQL Statements
- Microsoft SQL Server 2008 R2 : Scripting Replication
- Processing and Storing Data in SQL Server 2005 : Data Migration from One Data Store to Another Data Store
- Processing and Storing Data in SQL Server 2005 : Implementing the Record Failure Code
- Processing and Storing Data in SQL Server 2005 : Data Tracking Validation
- Processing and Storing Data in SQL Server 2005 : Updating the FileWorker Class
- Microsoft SQL Server 2008 R2 : Setting Up Replication (part 4) - Creating Subscriptions
- Microsoft SQL Server 2008 R2 : Setting Up Replication (part 3) - Horizontal and Vertical Filtering
- Microsoft SQL Server 2008 R2 : Setting Up Replication (part 2) - Creating a Publication
- Microsoft SQL Server 2008 R2 : Setting Up Replication (part 1) - Creating a Distributor and Enabling Publishing
- SQL Server 2008 R2 : Basing the Replication Design on User Requirements
- SQL Server 2008 R2 : Planning for SQL Server Data Replication & SQL Server Replication Types
- SQL Server 2008 R2 : Replication Agents
- SQL Server 2008 : Replication - Subscriptions
- SQL Server 2008 : Replication Scenarios
- Protecting SQL Server Data : CELL-LEVEL ENCRYPTION - Special Considerations
- Protecting SQL Server Data : SCHEMA ARCHITECTURE STRATEGIES - Harnessing Linked Servers
 
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
programming4us programming4us
Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS
Celebrity Style, Fashion Trends, Beauty and Makeup Tips.