Does SQL Server TDE require changes in code or is it transparent like it says

Question

If I start using SQL Server Transparent Data Encryption (TDE), will I need to modify the code of my ASP.Net application in C#? Or is it completely transparent just like we encrypt connection string in web.config using aspnet_regiis

What if I am using Entity Framework?

It's even more transparent - you don't have to modify even the connection string. TDE encrypts the data saved on disk though, it doesn't encrypt the data sent to the client. If you want the data to be only visible to the client application, preventing even DBAs from looking at it, you need [Always Encrypted](https://learn.microsoft.com/en-us/sql/connect/ado-net/sql/sqlclient-support-always-encrypted?view=sql-server-ver16) which requires a recent SQL Server Client package — Panagiotis Kanavos, Jul 04 '23 at 19:02
Hmmm...yeah I think AE is what I am looking for. Will need to make a test application to see how much changes it require because the article is not clear. — Frank Martin, Jul 04 '23 at 19:09
Always Encrypted requires you to pass all comparison values to the server as parameters, you cannot compare literals. And you can't do inequality (range) comparisons unless it's set up with deterministic encryption, which is less secure. As far as TDE is concerned, it's probably not worth it if you have your own on-prem server, as you can just switch on BitLocker encryption, which achieves the same thing. — Charlieface, Jul 05 '23 at 00:54
Encryption requires a certificate and uses TLS to perform the encryption. TLS is performed before the actual HTTP connection is made to the database. So it should be transparent except if a different port is used for encryption. The certificate also have to be loaded in both the client and server. The OS also needs to be able to support the encryption mode in the certificate. Old OS may not work. — jdweng, Jul 05 '23 at 03:07

Does SQL Server TDE require changes in code or is it transparent like it says

0 Answers0