Download eBook (PDF) - Red Gate Software

7 – One-Way EncryptionUSE HomeLending;GODENY ALTER,CONTROL,REFERENCES,DELETE,INSERT,UPDATE,SELECTON dbo.Borrower_IdentificationTO Sensitive_high, Sensitive_medium, Sensitive_lowGOListing 7-9: Denying access to the base tables.We adopt the same strategy here, using an interface consisting of a view andthree stored procedures to mediate our users' interaction with this table. Byimplementing this structure we can control the access to our data at a moregranular level than simply granting access to entire tables. In addition, thisstructure allows us the opportunity to embed cryptographic functionality andother logical methods into our views and stored procedures.Creating the ViewIn Chapter 5, we created a view called vwBorrower_Identification, bywhich authorized users in the Sensitive_high and Sensitive_mediumroles could access the values in the Borrower_Identification table (seeListing 5-13). However, only members of the Sensitive_high role wereable to use this view to view in decrypted form the cell-level-encrypted values.Here, we will recreate this view in light of our new one-way encryptionarchitecture, as shown in Listing 7-10. Users of the view will not gain access tothe Identification_Value_H column, so that the ability to reveal theplain text through comparison of hash values is limited to the database rolesthat are in the Sensitive_high database role. Instead, we include ouralternative Identification_Value_HT column, which contains a hashvalue of the original plain text truncated to its last four digits.USE HomeLending;GO-- Create the viewCREATE VIEW dbo.vwBorrower_IdentificationASSELECTBorrower_Identification_ID,Borrower_ID,Identification_Type_ID,Identification_Value_HTFROM163