Using SQL commands

DbDefence encrypts database and allows access only for authorized connections. By default, we primarily designed DbDefence to allow access only to CONNECTIONS that successfully execute the command OPEN SYMMETRIC KEY DBDX DECRYPTION BY PASSWORD = 'yourpassword'

Access is allowed only for the connection that has successfully executed the OPEN SYMMETRIC KEY statement. In the case of a reconnection, you will need to re-open the key again. This is the most secure way of accessing an encrypted database compared to the other two options listed below. You can explicitly call a CLOSE SYMMETRIC KEY statement to close access at any time after opening a connection. The key is closed automatically when the connection is closed.

Example how to execute statement from

C#

SqlCommand cmd = new SqlCommand("open symmetric key dbdx decryption by password='MyPassword'", objConnection);
cmd.ExecuteNonQuery();

VB.NET

Dim command As New SqlCommand("open symmetric key dbdx decryption by password='MyPassword'", connection)
command.ExecuteNonQuery()

Classic ASP

Set Cmd=Server.CreateObject("ADODB.Command")
Cmd.ActiveConnection = Conn
Cmd.CommandText = "open symmetric key dbdx decryption by password='MyPassword'"
Cmd.Execute


3 restriction levels
:

Single Connection

Access is allowed only for the connection that has successfully executed the OPEN SYMMETRIC KEY statement. In the case of a reconnection, you will need to re-open the key again. This is the most secure way of accessing an encrypted database compared to the other two options listed below. You can explicitly call a CLOSE SYMMETRIC KEY statement to close access at any time after opening a connection. The key is closed automatically when the connection is closed.

Host+Process

Access is allowed for all connections from the host and processes which successfully executed an OPEN SYMMETRIC KEY statement. This is useful when your application consists of many DLLs, which have to make their own connections to the database, and you do not want to modify them. Also, this access level can be used for web applications. To allow this level of access to host applications, you need to get access to the database first and then call the following function:

exec dbd_unlock_for_host

To close access to the applications, you need to explicitly call the function:

exec dbd_lock_for_host

When the original connection is closed, access will be denied automatically for all connections with closed keys. Those two functions are automatically created in the protected database.

Host

Access is allowed for all connections from the host that successfully executes the OPEN SYMMETRIC KEY statement. For better security, we recommend to use it for debugging only. For example, if you want to have temporary access from SQL Server Management Studio to edit the database. To allow such access you need to get access to the database first and then call the function:

exec dbd_unlock_for_host @proc=0

To close access, you need to explicitly call the function:

call exec dbd_lock_for_host @proc=0

When the original connection is closed, access will be denied automatically for all connections with closed keys. Those two functions are automatically created in the protected database.