What is DbDefence?

DbDefence - alternative transparent database encryption (TDE)

DbDefence is an Easy-to-use, affordable, and effective security solution for encrypting complete databases and protecting it's schema within the MS SQL Server. It allows database administrators and developers to encrypt databases completely. Server side encryption is used to allow you to encrypt and decrypt data securely without having to change your applications in any way. Our software works in all editions of SQL Server since 2005.

The program designed exclusively for SQL Servers. It prevents access to the database tables completely until a specific SQL statement containing the password is run. Even DBA can't access tables or execute procedures. Each application which wants to access the database must execute the special statement with the correct password at least once once for the session to access the database. After the application has supplied the correct password everything is accessible as normal.

How does encryption work ?

DbDefence works on file AND on SQL object level. This makes it very different from other SQL Server encryption software. It can distinguish which object accessed and deny/allow access. Comparing to field level encryption software like XP_CRYPT DbDefence has as advantages and disadvantages.

Workscheme 542x381

Compare with field by field encryption software XP_CRYPT

Features\Program XP_CRYPT DbDefence
Encryption Level Field by field Whole database at once
Resides on server computer Yes Yes
Speed Acceptable (~ 10000 strings/sec) Significantly faster than XP_CRYPT
Can encrypt Large Binary Objects types (IMAGE, TEXT, NTEXT) No Yes
Can be included in 3rd party installer Yes Yes
Require changes in the app In most cases No, or less than 10 lines
Complete database encryption including LOG file No Yes
Schema protection No Yes
Can encrypt database without app. source code No Possible
Support of SQL Server 2000 Yes No
Support of SQL Server 2005 Yes Yes
Support of SQL Server 2008 Yes Yes
Support of SQL Server 2012 Yes Yes
Support of SQL Server 2014 Yes Yes
Support of SQL Server 2016 Yes Yes
Can hide password from Profiler
of SQL Server
No Yes

Features

New: SQL Server 2016 support

This version compatible with SQL Server 2016 including Express edition.

Replication support

This version compatible all 4 kinds of replication modes. Read more.

Profiler Protection

Sunce version 2.8 DbDefence masks all SQL statements running in the context of the protected database. Profiler see only type of statement and never the statement completely. Read more.

Effectively encrypts entire database, log and backup files

Existing 3rd party encryption solutions for SQL Server use extended procedures to call functions in DLLs. The call to external processes for SQL Server 2005 uses a lot of system resources. Additionally, any such procedures can't handle large binary types. Our solution uses a completely different approach. You do not need to call UDFs to encrypt values. Instead SQL Server encrypts all information in the protected database. It does not matter which type or what table. It also does not matter if it is data or a stored procedure.

Works transparently

DbDefence does not use UDFs for encryption. As a result, you do not need to wrap any fields into UDF calls. Everything in the database encrypted automatically. To unlock access to the database you need to execute one SQL statement with the correct password.

FIPS 140-2 Validated encryption

DbDefence is built using OpenSSL FIPS 140-2 validated module. Read more.

Hides schema of the database!

DbDefence completely protects system tables as well so you can't access database or even browse it's catalog. It is also possible to encrypt databases for 3rd party applications too. For example,
You have a 3rd party application and you do not have the source code or can't insert the unlocking SQL statement. In this case it is possible to intercept the database connection. After successful login to the protected database the whole application works as per normal. We are also interested in exploring the market better.

Passwords not traceable with the profiler

Currently, calls to any extended procedures of 3rd party encryption solutions can be traced with the Profiler and an Administrator can catch the password easily. DbDefence uses an OPEN MASTER KEY statement which is not displayed by the Profiler.

Supported Platforms

DbDefence currently supports SQL Server 2005 and higher on X86 and X64 Platforms on all Windows OS.

Easy integration into existing projects.

To install DbDefence on the client side you need to copy dbdefence.dll, set one key in the registry and run very short SQL script on the target SQL Server. These easy steps can be done from any of the main installer systems. Secure database distribution You can create the database, protect it and include in your installer. In the installer, you install DbDefence and attach protected database with a single CREATE DATABASE .. FOR ATTACH statement. Database schema and data are never exposed to DBA.

Affordable prices

There is no need to buy a license for each and every client application. Once you have bought One Redistribution license you may install DbDefence with your application for all your clients.