2

I have a requirement to use TDE for data protection and to prevent DBAs from seeing the data. Our current data access layer use LINQ to access SQL without TDE. If the database is converted to TDE with encrypted columns, we have to make LINQ produce queries like below:

OPEN SYMMETRIC KEY MyKey
DECRYPTION BY PASSWORD = 'mypassword';

SELECT CONVERT(VARCHAR(MAX), DECRYPTBYKEY(MyEncryptedCol))
FROM dbo.MyEncryptedTable;

CLOSE SYMMETRIC KEY MyKey;

What is the best way to convert our existing data layer with minimal effort? I prefer continue using LINQ.

Currently using SQL Server 2012, .Net 4.5, C#

Soner Gönül
  • 97,193
  • 102
  • 206
  • 364
frosty
  • 2,421
  • 6
  • 26
  • 47

1 Answers1

3

Nothing. You basically made sure you can not use easy LINQ and whoever came up with that should get a firing for that.

What you can do - best - dependso n the data layer. Yee, LINQ Is not a data access technology, it is C# integrated query, and the specifis depend on the provider (Linq2Sql, entity framework, NHibernate) and you make sure not to give any information.

Anyhow, your problem is that you need to add start and end sql commands - some providers can do that - as well as basically special SQL and that just wll not work.

Best chance would be taking an open source data access provider (NHibernate, Entity Framework) and extending it to allow this functionality.

Otherwise standing in front of the architect and telling him "hey, you wrote the specs- ever thought you have to acutally make sure they are fesible?" is the alternative. THis is really non standard SQL you need here and run of the mill ORM's will not support it without modification.

TomTom
  • 61,059
  • 10
  • 88
  • 148