SQL Server 2016 - Data masking

By -
Dynamic Data Masking(DDM)
  • SQL Server 2016 introduced dynamic data masking (DDM) as a way to prevent unauthorized users from viewing sensitive information.
  • The database engine masks the data when it is retrieved from the database, based on masking rules defined on the column schema. 
  • IMPORTANT - The data stored within the database remains unchanged.
  • When a user queries the database, the database engine determines whether that user account has the permissions necessary to access the data in its unmasked state
  • It is implemented within the database itself, the logic is centralized and always applies when the sensitive data is queried.
  • It is quite simple to configure DDM rules on sensitive column
Key points to consider;
  • DDM is not a replacement for security access control mechanisms, nor is it a method for encrypting physical data. 
  • Data masking performance impact is minimal and often negligible
  • SQL Server 2016 and Azure SQL DB are the only platforms supporting data masking
  • It can be applied on table and not on view. View will inherit the masking permissions from respective table.
References

Comments

Post a Comment

Popular posts from this blog

Setting up Dotnetnuke (DNN) to work with Active Directory

By -
Image
Setting Up Active Directory Integration with DotNetNuke Seems like enough people ask, and the information is hidden enough around the DNN AD forum that this information could be posted in one place.  These are the steps I take to get my DNN AD integration to work every time.  I have never had it fail.  I hope you find it helpful.  Now if you are setting up your AD in Mixed-Mode most likley this little write up isn't for you. The setup process is a three step process.  The first step is done from within DNN.  The second step takes place in DNN’s web.config file.  The final step takes place in IIS. Within the DNN Website Login as Admin or Host to your DNN website. After login go to                                        ...
Read more

SQL Server 2016 TDE ( Transparent Data Encryption)

By -
Image
Transparent Data Encryption is designed to protect data by encrypting the physical files of the database, rather than the data itself These physical files include the database file (.mdf), the transaction log file (.ldf) and the backup files (.bak). Its main purpose is to prevent unauthorized access to the data by restoring the files to another server.  With Transparent Data Encryption in place, this requires the original encryption certificate and master key. The protection of the database files is accomplished through an encryption key hierarchy that exists externally from the database in which TDE has been enabled. The service master key exists at the instance level. The database master key and certificate at the Master database are used to protect the database encryption key that is located at the user database The dependency upon the encryption key hierarchy in the Master database, as well as the instance, prevents the database files from being restored to an in...
Read more

jQuery Tips for DotNetNuke Developers

By -
Image
Make sure you call jQuery.noConflict();. This is necessary to not cause other client scripts and libraries to run errors. This is due to the fact that other client scripts might be using the $ designator for a JavaScript class. [jQuery.noConflict(); documentation] If manually adding jQuery, try to load the jQuery library in the header before all others. Not doing this can lead to the jQuerylibrary not being loaded before another client script or library tries to use it. This is especially true of jQuery plugins. Always call the jQuery core methods using the jQuery() format. This is related to the previous issue. Check the jQuery plugin source code. Not all jQuery plugins use the long form of calling jQuery. This can result in errors if you have called jQuery.noConflict();. In DNN 5+, register jQuery. DNN 5+ allows module developers to register jQuery to be loaded only when modules need it. Just callDotNetNuke.Framework.jQuery.RequestRegistration(). This prevents jQuery f...
Read more