Like operator search on encrypted column in SQL server
I have a table in sqlserver, my table has a field as string, for example FirstName (it's just example!). This field "EncryptByPassPhrase" before insert on database.
Before encode: Ali
After encode: 0x010000001D905174BB7947AE1C600A4AB564A123310F92C21C9A4221
Now i would search on this field for example i would get all fields that contains charcters 'Al'.
I can decode this field and search on such as:
select * from EncodeTest e
where dbo.Decoder(e.FirstName) like '%Al%'
But this way very slow on many numbers of record.
Please help me for best solution.
Thanks.
What I have tried:
declare @EncodedName varbinary(max)
select @EncodedName =EncryptByPassPhrase('key', cast( @Name as varbinary(max)) )
declare @DecodedName nvarchar(max)
select @DecodedName=convert(varchar(100),DecryptByPassPhrase('key',cast( @EncodedName as varbinary(max)) ))
select * from EncodeTest e
where dbo.Decoder(e.FirstName) like '%Al%'
sql
sql-server tsql encryption edited Nov 13 '18 at 9:10
Rahul Neekhra
6001627
asked Nov 13 '18 at 7:00
mohammad Abbaszadeganmohammad Abbaszadegan
64
add a comment |
I have a table in sqlserver, my table has a field as string, for example FirstName (it's just example!). This field "EncryptByPassPhrase" before insert on database.
Before encode: Ali
After encode: 0x010000001D905174BB7947AE1C600A4AB564A123310F92C21C9A4221
Now i would search on this field for example i would get all fields that contains charcters 'Al'.
I can decode this field and search on such as:
select * from EncodeTest e
where dbo.Decoder(e.FirstName) like '%Al%'
But this way very slow on many numbers of record.
Please help me for best solution.
Thanks.
What I have tried:
declare @EncodedName varbinary(max)
select @EncodedName =EncryptByPassPhrase('key', cast( @Name as varbinary(max)) )
declare @DecodedName nvarchar(max)
select @DecodedName=convert(varchar(100),DecryptByPassPhrase('key',cast( @EncodedName as varbinary(max)) ))
select * from EncodeTest e
where dbo.Decoder(e.FirstName) like '%Al%'
sql
sql-server tsql encryption edited Nov 13 '18 at 9:10
Rahul Neekhra
6001627
asked Nov 13 '18 at 7:00
mohammad Abbaszadeganmohammad Abbaszadegan
64
1
the data is encrypted. How do you expect SQL Server to search before decrypt it ?
– Squirrel
Nov 13 '18 at 7:02
you need to change your point of view. if your encrypted column, could decrypt in SQL, I said you are doing something wrong. if you need a column in your table that you need to search on it, then you shouldn't encrypt the data; it's not efficient. if you need to protect your data you can improve your knowledge about Security and permissions in SQL.
– iman kazemi
Nov 13 '18 at 7:28
I expect SQL Server to search without decrypt it :)
– mohammad Abbaszadegan
Nov 13 '18 at 7:30
Thanks dear @imankazemi I would encrypte column for avoid show data on select and allow search on it! I know this is amazing, but i as developer must search on this content and get Convincing answer.
– mohammad Abbaszadegan
Nov 13 '18 at 7:38
add a comment |
I have a table in sqlserver, my table has a field as string, for example FirstName (it's just example!). This field "EncryptByPassPhrase" before insert on database.
Before encode: Ali
After encode: 0x010000001D905174BB7947AE1C600A4AB564A123310F92C21C9A4221
Now i would search on this field for example i would get all fields that contains charcters 'Al'.
I can decode this field and search on such as:
select * from EncodeTest e
where dbo.Decoder(e.FirstName) like '%Al%'
But this way very slow on many numbers of record.
Please help me for best solution.
Thanks.
What I have tried:
declare @EncodedName varbinary(max)
select @EncodedName =EncryptByPassPhrase('key', cast( @Name as varbinary(max)) )
declare @DecodedName nvarchar(max)
select @DecodedName=convert(varchar(100),DecryptByPassPhrase('key',cast( @EncodedName as varbinary(max)) ))
select * from EncodeTest e
where dbo.Decoder(e.FirstName) like '%Al%'
sql
sql-server tsql encryption edited Nov 13 '18 at 9:10
Rahul Neekhra
6001627
asked Nov 13 '18 at 7:00
mohammad Abbaszadeganmohammad Abbaszadegan
64
I have a table in sqlserver, my table has a field as string, for example FirstName (it's just example!). This field "EncryptByPassPhrase" before insert on database.
Before encode: Ali
After encode: 0x010000001D905174BB7947AE1C600A4AB564A123310F92C21C9A4221
Now i would search on this field for example i would get all fields that contains charcters 'Al'.
I can decode this field and search on such as:
select * from EncodeTest e
where dbo.Decoder(e.FirstName) like '%Al%'
But this way very slow on many numbers of record.
Please help me for best solution.
Thanks.
What I have tried:
declare @EncodedName varbinary(max)
select @EncodedName =EncryptByPassPhrase('key', cast( @Name as varbinary(max)) )
declare @DecodedName nvarchar(max)
select @DecodedName=convert(varchar(100),DecryptByPassPhrase('key',cast( @EncodedName as varbinary(max)) ))
select * from EncodeTest e
where dbo.Decoder(e.FirstName) like '%Al%'
sql
sql-server tsql encryption sql
sql-server tsql encryption edited Nov 13 '18 at 9:10
Rahul Neekhra
6001627
asked Nov 13 '18 at 7:00
mohammad Abbaszadeganmohammad Abbaszadegan
64
edited Nov 13 '18 at 9:10
Rahul Neekhra
6001627
asked Nov 13 '18 at 7:00
mohammad Abbaszadeganmohammad Abbaszadegan
64
edited Nov 13 '18 at 9:10
Rahul Neekhra
6001627
edited Nov 13 '18 at 9:10
Rahul Neekhra
6001627
edited Nov 13 '18 at 9:10
Rahul Neekhra
6001627
6001627
asked Nov 13 '18 at 7:00
mohammad Abbaszadeganmohammad Abbaszadegan
64
asked Nov 13 '18 at 7:00
mohammad Abbaszadeganmohammad Abbaszadegan
64
asked Nov 13 '18 at 7:00
mohammad Abbaszadeganmohammad Abbaszadegan
64
64
1
the data is encrypted. How do you expect SQL Server to search before decrypt it ?
– Squirrel
Nov 13 '18 at 7:02
you need to change your point of view. if your encrypted column, could decrypt in SQL, I said you are doing something wrong. if you need a column in your table that you need to search on it, then you shouldn't encrypt the data; it's not efficient. if you need to protect your data you can improve your knowledge about Security and permissions in SQL.
– iman kazemi
Nov 13 '18 at 7:28
I expect SQL Server to search without decrypt it :)
– mohammad Abbaszadegan
Nov 13 '18 at 7:30
Thanks dear @imankazemi I would encrypte column for avoid show data on select and allow search on it! I know this is amazing, but i as developer must search on this content and get Convincing answer.
– mohammad Abbaszadegan
Nov 13 '18 at 7:38
add a comment |
1
the data is encrypted. How do you expect SQL Server to search before decrypt it ?
– Squirrel
Nov 13 '18 at 7:02
you need to change your point of view. if your encrypted column, could decrypt in SQL, I said you are doing something wrong. if you need a column in your table that you need to search on it, then you shouldn't encrypt the data; it's not efficient. if you need to protect your data you can improve your knowledge about Security and permissions in SQL.
– iman kazemi
Nov 13 '18 at 7:28
I expect SQL Server to search without decrypt it :)
– mohammad Abbaszadegan
Nov 13 '18 at 7:30
Thanks dear @imankazemi I would encrypte column for avoid show data on select and allow search on it! I know this is amazing, but i as developer must search on this content and get Convincing answer.
– mohammad Abbaszadegan
Nov 13 '18 at 7:38
1
1
the data is encrypted. How do you expect SQL Server to search before decrypt it ?
– Squirrel
Nov 13 '18 at 7:02
the data is encrypted. How do you expect SQL Server to search before decrypt it ?
– Squirrel
Nov 13 '18 at 7:02
you need to change your point of view. if your encrypted column, could decrypt in SQL, I said you are doing something wrong. if you need a column in your table that you need to search on it, then you shouldn't encrypt the data; it's not efficient. if you need to protect your data you can improve your knowledge about Security and permissions in SQL.
– iman kazemi
Nov 13 '18 at 7:28
you need to change your point of view. if your encrypted column, could decrypt in SQL, I said you are doing something wrong. if you need a column in your table that you need to search on it, then you shouldn't encrypt the data; it's not efficient. if you need to protect your data you can improve your knowledge about Security and permissions in SQL.
– iman kazemi
Nov 13 '18 at 7:28
I expect SQL Server to search without decrypt it :)
– mohammad Abbaszadegan
Nov 13 '18 at 7:30
I expect SQL Server to search without decrypt it :)
– mohammad Abbaszadegan
Nov 13 '18 at 7:30
Thanks dear @imankazemi I would encrypte column for avoid show data on select and allow search on it! I know this is amazing, but i as developer must search on this content and get Convincing answer.
– mohammad Abbaszadegan
Nov 13 '18 at 7:38
Thanks dear @imankazemi I would encrypte column for avoid show data on select and allow search on it! I know this is amazing, but i as developer must search on this content and get Convincing answer.
– mohammad Abbaszadegan
Nov 13 '18 at 7:38
add a comment |
1 Answer
1
active
oldest
votes
Encryption (security in general) is a compromise with convenience. If you want to be secure, you must sacrifice the easy of access. If you want to be easy accessible and fast, then you must sacrifice security. Your job as developer is to find the right balance between these. In your case, obviously the server need to decrypt all of your data to be able to search for the text you want. If you need to search in encrypted data, then your design is broken. Either find another way to protect your data, or give up searching it efficiently.
I would say, why are you encrypting names? The database already has security layers to protect your data (Transparent Data Encryption, database users rights, etc.) which will protect the data from unauthorized access. You should encrypt only really sensitive information, such credit card numbers, social security numbers and its equivalents, etc. Abusing with encryption by using it for every single field (or relatively harmless fields like names) will make your application quite inconvenient and usually doesn't worth the efforts.
answered Nov 13 '18 at 7:07
Andrey NikolovAndrey Nikolov
3,8433721
That's really good conclusion.. :)
– dwir182
Nov 13 '18 at 7:11
Thanks a lot dear @andrey, I created a dictionary table and could find records faster. but i wouldn't save decrypted text in sql.
– mohammad Abbaszadegan
Nov 13 '18 at 7:48
Thanks a lot again for new editing :) Your answer is correct, but "name" just an example, I must researching for this subject as developer and get best answer for it!
– mohammad Abbaszadegan
Nov 13 '18 at 7:56
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53275478%2flike-operator-search-on-encrypted-column-in-sql-server%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Encryption (security in general) is a compromise with convenience. If you want to be secure, you must sacrifice the easy of access. If you want to be easy accessible and fast, then you must sacrifice security. Your job as developer is to find the right balance between these. In your case, obviously the server need to decrypt all of your data to be able to search for the text you want. If you need to search in encrypted data, then your design is broken. Either find another way to protect your data, or give up searching it efficiently.
I would say, why are you encrypting names? The database already has security layers to protect your data (Transparent Data Encryption, database users rights, etc.) which will protect the data from unauthorized access. You should encrypt only really sensitive information, such credit card numbers, social security numbers and its equivalents, etc. Abusing with encryption by using it for every single field (or relatively harmless fields like names) will make your application quite inconvenient and usually doesn't worth the efforts.
answered Nov 13 '18 at 7:07
Andrey NikolovAndrey Nikolov
3,8433721
That's really good conclusion.. :)
– dwir182
Nov 13 '18 at 7:11
Thanks a lot dear @andrey, I created a dictionary table and could find records faster. but i wouldn't save decrypted text in sql.
– mohammad Abbaszadegan
Nov 13 '18 at 7:48
Thanks a lot again for new editing :) Your answer is correct, but "name" just an example, I must researching for this subject as developer and get best answer for it!
– mohammad Abbaszadegan
Nov 13 '18 at 7:56
add a comment |
Encryption (security in general) is a compromise with convenience. If you want to be secure, you must sacrifice the easy of access. If you want to be easy accessible and fast, then you must sacrifice security. Your job as developer is to find the right balance between these. In your case, obviously the server need to decrypt all of your data to be able to search for the text you want. If you need to search in encrypted data, then your design is broken. Either find another way to protect your data, or give up searching it efficiently.
I would say, why are you encrypting names? The database already has security layers to protect your data (Transparent Data Encryption, database users rights, etc.) which will protect the data from unauthorized access. You should encrypt only really sensitive information, such credit card numbers, social security numbers and its equivalents, etc. Abusing with encryption by using it for every single field (or relatively harmless fields like names) will make your application quite inconvenient and usually doesn't worth the efforts.
answered Nov 13 '18 at 7:07
Andrey NikolovAndrey Nikolov
3,8433721
That's really good conclusion.. :)
– dwir182
Nov 13 '18 at 7:11
Thanks a lot dear @andrey, I created a dictionary table and could find records faster. but i wouldn't save decrypted text in sql.
– mohammad Abbaszadegan
Nov 13 '18 at 7:48
Thanks a lot again for new editing :) Your answer is correct, but "name" just an example, I must researching for this subject as developer and get best answer for it!
– mohammad Abbaszadegan
Nov 13 '18 at 7:56
add a comment |
Encryption (security in general) is a compromise with convenience. If you want to be secure, you must sacrifice the easy of access. If you want to be easy accessible and fast, then you must sacrifice security. Your job as developer is to find the right balance between these. In your case, obviously the server need to decrypt all of your data to be able to search for the text you want. If you need to search in encrypted data, then your design is broken. Either find another way to protect your data, or give up searching it efficiently.
I would say, why are you encrypting names? The database already has security layers to protect your data (Transparent Data Encryption, database users rights, etc.) which will protect the data from unauthorized access. You should encrypt only really sensitive information, such credit card numbers, social security numbers and its equivalents, etc. Abusing with encryption by using it for every single field (or relatively harmless fields like names) will make your application quite inconvenient and usually doesn't worth the efforts.
answered Nov 13 '18 at 7:07
Andrey NikolovAndrey Nikolov
3,8433721
Encryption (security in general) is a compromise with convenience. If you want to be secure, you must sacrifice the easy of access. If you want to be easy accessible and fast, then you must sacrifice security. Your job as developer is to find the right balance between these. In your case, obviously the server need to decrypt all of your data to be able to search for the text you want. If you need to search in encrypted data, then your design is broken. Either find another way to protect your data, or give up searching it efficiently.
I would say, why are you encrypting names? The database already has security layers to protect your data (Transparent Data Encryption, database users rights, etc.) which will protect the data from unauthorized access. You should encrypt only really sensitive information, such credit card numbers, social security numbers and its equivalents, etc. Abusing with encryption by using it for every single field (or relatively harmless fields like names) will make your application quite inconvenient and usually doesn't worth the efforts.
answered Nov 13 '18 at 7:07
Andrey NikolovAndrey Nikolov
3,8433721
edited Nov 13 '18 at 7:42
answered Nov 13 '18 at 7:07
Andrey NikolovAndrey Nikolov
3,8433721
answered Nov 13 '18 at 7:07
Andrey NikolovAndrey Nikolov
3,8433721
answered Nov 13 '18 at 7:07
Andrey NikolovAndrey Nikolov
3,8433721
3,8433721
That's really good conclusion.. :)
– dwir182
Nov 13 '18 at 7:11
Thanks a lot dear @andrey, I created a dictionary table and could find records faster. but i wouldn't save decrypted text in sql.
– mohammad Abbaszadegan
Nov 13 '18 at 7:48
Thanks a lot again for new editing :) Your answer is correct, but "name" just an example, I must researching for this subject as developer and get best answer for it!
– mohammad Abbaszadegan
Nov 13 '18 at 7:56
add a comment |
That's really good conclusion.. :)
– dwir182
Nov 13 '18 at 7:11
Thanks a lot dear @andrey, I created a dictionary table and could find records faster. but i wouldn't save decrypted text in sql.
– mohammad Abbaszadegan
Nov 13 '18 at 7:48
Thanks a lot again for new editing :) Your answer is correct, but "name" just an example, I must researching for this subject as developer and get best answer for it!
– mohammad Abbaszadegan
Nov 13 '18 at 7:56
That's really good conclusion.. :)
– dwir182
Nov 13 '18 at 7:11
That's really good conclusion.. :)
– dwir182
Nov 13 '18 at 7:11
Thanks a lot dear @andrey, I created a dictionary table and could find records faster. but i wouldn't save decrypted text in sql.
– mohammad Abbaszadegan
Nov 13 '18 at 7:48
Thanks a lot dear @andrey, I created a dictionary table and could find records faster. but i wouldn't save decrypted text in sql.
– mohammad Abbaszadegan
Nov 13 '18 at 7:48
Thanks a lot again for new editing :) Your answer is correct, but "name" just an example, I must researching for this subject as developer and get best answer for it!
– mohammad Abbaszadegan
Nov 13 '18 at 7:56
Thanks a lot again for new editing :) Your answer is correct, but "name" just an example, I must researching for this subject as developer and get best answer for it!
– mohammad Abbaszadegan
Nov 13 '18 at 7:56
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53275478%2flike-operator-search-on-encrypted-column-in-sql-server%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
the data is encrypted. How do you expect SQL Server to search before decrypt it ?
– Squirrel
Nov 13 '18 at 7:02
you need to change your point of view. if your encrypted column, could decrypt in SQL, I said you are doing something wrong. if you need a column in your table that you need to search on it, then you shouldn't encrypt the data; it's not efficient. if you need to protect your data you can improve your knowledge about Security and permissions in SQL.
– iman kazemi
Nov 13 '18 at 7:28
I expect SQL Server to search without decrypt it :)
– mohammad Abbaszadegan
Nov 13 '18 at 7:30
Thanks dear @imankazemi I would encrypte column for avoid show data on select and allow search on it! I know this is amazing, but i as developer must search on this content and get Convincing answer.
– mohammad Abbaszadegan
Nov 13 '18 at 7:38