What is DbDefence?

DbDefence - alternative transparent database encryption (TDE), masking and schema protection tool

DbDefence is an easy-to-use, affordable, and effective security solution for encrypting complete databases and protecting thier schema within MS SQL Server. It allows database administrators and developers to encrypt databases completely. Server-side encryption is used to allow you to encrypt and decrypt data securely without having to change your applications in any way. Our software works with all editions of SQL Server since SQL Server 2005.

The program is designed exclusively for Microsoft SQL Server. DbDefence may completely prevent access to a database. Even DBA can't access procetected tables, masked values or execute procedures.

How does encryption work ?

DbDefence works on the file and the SQL object level. This makes it very different from other SQL server encryption software. It can distinguish which object accessed and which denyed/allowed access. Compared to field level encryption software like XP_CRYPT DbDefence has advantages and disadvantages.

Workscheme 542x381


New: SQL Server 2022 support

This version is compatible with SQL Server 2022 including the Express edition.

Replication support

This version is compatible all 4 kinds of replication modes. Read more.

Profiler protection

Since version 2.8 DbDefence masks all SQL statements running in the context of the protected database. Profiler sees only the type of statement and never the compelte statement. Read more.

Effectively encrypts the entire database, log, FILESTREAM data and backup files

Existing 3rd party encryption solutions for SQL Server use extended procedures to call functions in DLLs. The call to external processes for SQL Server 2005 uses a lot of system resources. Additionally, any such procedures can't handle large binary types. Our solution uses a completely different approach. You do not need to call UDFs to encrypt values. Instead SQL Server encrypts all the information in the protected database. It does not matter which type or what table. It also does not matter if it is data or a stored procedure.

Works transparently

DbDefence does not use UDFs for encryption. As a result, you do not need to wrap any fields into UDF calls. Everything in the database is encrypted automatically. To unlock access to the database you need to execute one SQL statement with the correct password.

FIPS 140-2 Validated encryption

DbDefence is built using the OpenSSL FIPS 140-2 validated module. Read more.

Hides the schema of the database!

DbDefence also completely protects system tables, so you can't access the database or even browse it's catalog. It is also possible to encrypt databases for 3rd party applications too, for example,
where you have a 3rd party application and you do not have the source code or can't insert the unlocking SQL statement. In this case it is possible to intercept the database connection. After successful login to the protected database the whole application works as per normal. We are also interested in exploring the market better.

Passwords are not traceable with the Profiler

Currently, calls to any extended procedures of 3rd party encryption solutions can be traced with the Profiler and an Administrator can catch the password easily. DbDefence uses an OPEN MASTER KEY statement that is not displayed by the Profiler.

Supported platforms

DbDefence currently supports SQL Server 2005 and higher on X86 and X64 Platforms on all Windows OS.

Easy integration into existing projects.

To install DbDefence on the client side you need to copy dbdefence.dll, set one key in the registry and run a very short SQL script on the target SQL Server. These easy steps can be done from any of the main installer systems.

Secure database distribution

You can create the database, protect it and include it in your installer. In the installer, you install DbDefence and attach the protected database with a single CREATE DATABASE .. FOR ATTACH statement. The database schema and data are never exposed to DBA.

Affordable prices

There is no need to buy a license for each and every client application. Once you have bought one redistribution license, you may install DbDefence for all your clients with your application.