2008 Enterprise vs Standard - TDE Eval RRS feed

  • Question

  • We are looking at upgrading from 2005 to 2008.  We currently use 2005 Standard addition.  We were looking at upgrading to 2008 Enterprise with one being the Transparent Data Encryption.  Our biggest road block is the pricing for Enterprise.  One thing I like from reading about TDE is not having it affect our apps or our developers.  My question is does TDE do anything in regards to SQL injection attacks or hacking against apps?  Sorry if that is too broad of a question.
    Tuesday, March 24, 2009 5:12 PM


  • Hi Bmurray,

    According to my understanding, Transparent Data Encryption has nothing to do with avoiding SQL Injection attacks and also it doesn't add much to prevent hacking against apps or sql server itself.

    An excerpt from Books Online:

    "Transparent data encryption (TDE) performs real-time I/O encryption and decryption of the data and log files. The encryption uses a database encryption key (DEK), which is stored in the database boot record for availability during recovery. The DEK is a symmetric key secured by using a certificate stored in the master database of the server or an asymmetric key protected by an EKM module. TDE protects data "at rest", meaning the data and log files. It provides the ability to comply with many laws, regulations, and guidelines established in various industries. This enables software developers to encrypt data by using AES and 3DES encryption algorithms without changing existing applications."

    Once you enable TDE on a database, encryption/decryption happens transparent to the user. User's interactions with the database remains the same but the server keeps encrypting and decrypting the data as per need basis in the background.

    For understanding more about TDE, please visit: http://msdn.microsoft.com/en-us/library/bb934049.aspx

    Please Indicate ("Mark as Answer") if a Post has Answered the Question. And this posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Bmurray Wednesday, March 25, 2009 12:51 PM
    Wednesday, March 25, 2009 7:14 AM