Download eBook (PDF) - Red Gate Software

7 – One-Way EncryptionEXEC sp_addextendedproperty@name='Sensitivity_Class',@value='High',@level0type='SCHEMA',@level0name='dbo',@level1type='TABLE',@level1name='Borrower_Identification',@level2type='COLUMN',@level2name='Identification_Value_H';GOListing 7-4: Documenting the encrypted column as "high" sensitivity.Create a Secondary Hash Column for SearchingWith our HomeLending database, there is an expectation by the users that themembers of the Sensitive_medium database role should be able to searchfor borrowers based upon the values contained in theIdentification_Value column. However, our security policy dictates thatthe Identification_Value_H column has a Sensitivity_Class of"High", and so only members of the Sensitive_high database role aregranted permissions to access it. This presents an interesting challenge.A solution to this challenge is to offer an additional column that will containthe hash values of truncated versions of the original plain text. For example,this column would contain a hash of the last four digits of the Social SecurityNumber. This new column will be offered to users who are not members of theSensitive_high database role, as a way to search this data.Listing 7-5 creates this new column, called Identification_Value_HT,on the Borrower_Identification table. The "T" represents the fact that itis a truncated version of the plain text value. In addition, we define itsSensitivity_Class designation as "Medium".USE HomeLending;GOALTER TABLE dbo.Borrower_IdentificationADD Identification_Value_HT varbinary(MAX) NULL;GOEXEC sp_addextendedproperty@name='Sensitivity_Class',@value='Medium',@level0type='SCHEMA',@level0name='dbo',159