What is DbDefence?
DbDefebce - alternative transparent database encryption (TDE)
DbDefence is an Easy-to-use, affordable, and effective security solution for encrypting complete databases and protecting it's schema within the MS SQL Server. It allows database administrators and developers to encrypt databases completely. Server side encryption is used to allow you to encrypt and decrypt data securely without having to change your applications in any way. Our software works in all editions of SQL Server since 2005.
The program designed exclusively for SQL Servers. It prevents access to the database tables completely until a specific SQL statement containing the password is run. Even DBA can't access tables or execute procedures. Each application which wants to access the database must execute the special statement with the correct password at least once once for the session to access the database. After the application has supplied the correct password everything is accessible as normal.
How does encryption work ?
DbDefence works on file AND on SQL object level. This makes it very different from other SQL Server encryption software. It can distinguish which object accessed and deny/allow access. Comparing to field level encryption software like XP_CRYPT DbDefence has as advantages and disadvantages.
Compare with field by field encryption software XP_CRYPT
|Encryption Level||Field by field||Whole database at once|
|Resides on server computer||Yes||Yes|
|Speed||Acceptable (~ 10000 strings/sec)||Significantly faster than XP_CRYPT|
|Can encrypt Large Binary Objects types (IMAGE, TEXT, NTEXT)||No||Yes|
|Can be included in 3rd party installer||Yes||Yes|
|Require changes in the app||In most cases||No, or less than 10 lines|
|Complete database encryption including LOG file||No||Yes|
|Can encrypt database without app. source code||No||Possible|
|Support of SQL Server 2000||Yes||No|
|Support of SQL Server 2005||Yes||Yes|
|Support of SQL Server 2008||Yes||Yes|
|Support of SQL Server 2012||Yes||Yes|
|Support of SQL Server 2014||Yes||Yes|
|Support of SQL Server 2016||Yes||Yes|
Can hide password from Profiler
of SQL Server
New: SQL Server 2016 support
This version compatible with SQL Server 2016 including Express edition.
This version compatible all 4 kinds of replication modes. Read more.
Sunce version 2.8 DbDefence masks all SQL statements running in the context of the protected database. Profiler see only type of statement and never the statement completely. Read more.
Effectively encrypts entire database, log and backup files
Existing 3rd party encryption solutions for SQL Server use extended procedures to call functions in DLLs. The call to external processes for SQL Server 2005 uses a lot of system resources. Additionally, any such procedures can't handle large binary types. Our solution uses a completely different approach. You do not need to call UDFs to encrypt values. Instead SQL Server encrypts all information in the protected database. It does not matter which type or what table. It also does not matter if it is data or a stored procedure.
DbDefence does not use UDFs for encryption. As a result, you do not need to wrap any fields into UDF calls. Everything in the database encrypted automatically. To unlock access to the database you need to execute one SQL statement with the correct password.
FIPS 140-2 Validated encryption
DbDefence is built using OpenSSL FIPS 140-2 validated module. Read more.
Hides schema of the database!
DbDefence completely protects system tables as well so you can't
access database or even browse it's catalog. It is also possible to
encrypt databases for 3rd party applications too. For
You have a 3rd party application and you do not have the source code or can't insert the unlocking SQL statement. In this case it is possible to intercept the database connection. After successful login to the protected database the whole application works as per normal. We are also interested in exploring the market better.
Passwords not traceable with the profiler
Currently, calls to any extended procedures of 3rd party encryption solutions can be traced with the Profiler and an Administrator can catch the password easily. DbDefence uses an OPEN MASTER KEY statement which is not displayed by the Profiler.
DbDefence currently supports SQL Server 2005 and higher on X86 and X64 Platforms on all Windows OS.
Easy integration into existing projects.
To install DbDefence on the client side you need to copy dbdefence.dll, set one key in the registry and run very short SQL script on the target SQL Server. These easy steps can be done from any of the main installer systems. Secure database distribution You can create the database, protect it and include in your installer. In the installer, you install DbDefence and attach protected database with a single CREATE DATABASE .. FOR ATTACH statement. Database schema and data are never exposed to DBA.
There is no need to buy a license for each and every client application. Once you have bought One Redistribution license you may install DbDefence with your application for all your clients.