Protection Levels

Please read the following carefully; it may save your time!

Easiest: Only Encryption, Maximum Transparency

In many cases there are only formal requirements to data protection. The easiest in this case would be to encrypt database files, but apply no additional access restriction. In this case application can use the database immediately after encryption. Take a look how to enable this mode.

Most secure: Encryption and Protecting Database Schema

The key feature of DbDefence, what makes it unique among other encryption tools is that it can protect schema and data from DBA. With this feature (enabled by default) the database becomes protected from all kinds of applications. No matter if it is a web service, replication or server admin with SQL Server Management Studio. You must take additional steps to allow access to your database. These steps may include:

  • Allowing certain SQL logins to access the database. More
  • Allowing certain applications to access the database. More
  • Adding unlocking SQL statements to your application. More

Unlocking modes

Unlocking mode Pros Cons
By Application
  • Fine-grained security.
  • Password is securely stored.
  • Password sent in encrypted form over the network.
  • Works with all kinds of applications without changes.
  • Software installation and configuration are required on each (!) client's computer.
  • Some hypervigilant AV software may interfere with the application.
  • Unlocking from the client adds some overhead per each connection.
By Login
  • No installation required on client's computer.
  • No encryption password is sent over the network.
  • Works with all kinds of applications and platforms without changes.
  • No connection overhead.
  • Very easy to setup.
  • Simplified security.
Programmatically (adding unlocking SQL statement to the application)
  • Only your application decides when to unlock the database.
  • Need to care about storing and transmitting password securely.
  • Requires changes in the application.
  • Unlocking from the client adds some overhead per each connection.