Protection Level

Please read the following carefully; it may save your time!

Encrypt and Protect, Hide Database Schema

The key feature of DbDefence, what makes it unique among other encryption tools is that it can protect schema and data from DBA. With this feature (enabled by default) the database becomes protected from all kinds of applications. No matter if it is a web service, replication or server admin with SQL Server Management Studio. You must take additional steps to allow access to your database. These steps may include:

  • Allowing certain SQL logins to access database transparently. More
  • Allowing certain applications to access database transparently. More
  • Programmatically add unlocking SQL statements to your application. More

Only Encryption, Maximum Transparency

In many cases there are only formal requirements to data protection. The easiest in this case would be to encrypt database files, but apply no additional access restriction. In this case application can use the database immediately after encryption. Take a look how to enable this mode.

Unlocking modes

Unlocking mode Pros Cons
By Application
  • Fine-grained security.
  • Password is securely stored.
  • Password sent in encrypted form over the network.
  • Works with all kinds of applications without changes.
  • Software installation and configuration required on each (!) client's computer.
  • Some hypervigilant AV software may interfere with the application.
  • Unlocking from the client adds some overhead per each connection.
By Login
  • No installation required on client's computer.
  • No encryption password is sent over the network.
  • Works with all kinds of applications and platforms without changes.
  • No connection overhead.
  • Very easy to setup.
  • Simplified security.
Programmatically (adding unlocking SQL statement to the application)
  • Only your application decides when to unlock the database.
  • Need to care about storing and transmitting password securely.
  • Requires changes in the application.