1. Michael Quintus
  2. PowerBuilder
  3. Thursday, 27 June 2024 18:16 PM UTC

Does anyone use Microsoft Always Encrypted for SQL databases and have a successful integration with a Powerbuilder 2021 or 2022 application?

We've been requested to encrypt some data and we're trying to figure out possible solutions for a mixed Powerbuilder/.NET world.

 

Thanks, Mike

Daryl Foster Accepted Answer Pending Moderation
  1. Friday, 28 June 2024 00:55 AM UTC
  2. PowerBuilder
  3. # 1

Hi Michael,

 

We use Transparent Data Encryption (TDE) with SQL Server which is encryption at rest of the database. That works transparently with our Powerbuilder applications.  It doesn't handle TLS, but that is done by using "Encrypt=1" in the connect string (DBParm), so our communication between client and server is encrypted as well as the database at rest.

TDE is different to Always Encrypted though so it depends on what your specific requirements are.  While TDE is transparent to the client, Always Encrypted requires some client modifications. Here is an article which explains the differences between TDE and Always Encrypted: https://azure.microsoft.com/en-us/blog/transparent-data-encryption-or-always-encrypted/

 

 

Comment
There are no comments made yet.
Armeen Mazda @Appeon Accepted Answer Pending Moderation
  1. Thursday, 27 June 2024 19:36 PM UTC
  2. PowerBuilder
  3. # 2

Hi Michael, There was a tech session at Elevate 2023 how to use the new Strict Encryption feature of SQL Server with PowerBuilder 2022 R3.  Here is the recording: https://www.youtube.com/live/H87gpnEt3mU?si=oVl9AiUyohI0ASN1&t=1860

Comment
  1. Michael Quintus
  2. Thursday, 27 June 2024 19:51 PM UTC
Awesome, thanks Armeen. I'll send this to my team too!
  1. Helpful
  1. Chris Pollach @Appeon
  2. Thursday, 27 June 2024 19:57 PM UTC
Thanks Armeen;

From what Bruce presented, it looks like the handshake data communication is the one being encrypted but not the SS DB itself. In the case of ASE's implementation, the entire DB is encrypted. So if something did get raw ASE access and a result was returned or the .DB file itself was stolen - all the Apps, DBA utilities, or hacking code etc would only see table / View / SP / SF / etc data as gobbledygook (is that a real word - LOL)..

If what interpret is true from Bruce's demo, the SS encryption feature does not protect the SS database as well - just the transmission thereof.

Love to hear other perspectives on this though (in case I am not 100% on the money) as data security is now becoming paramount in today's hacking world!

BTW: Did you know that on average, 150 new viruses are created *every day* according to the latest IT hacking stats ... OMG!
  1. Helpful
There are no comments made yet.
Chris Pollach @Appeon Accepted Answer Pending Moderation
  1. Thursday, 27 June 2024 19:06 PM UTC
  2. PowerBuilder
  3. # 3

Hi Michael;

  That is a great question to which I have no SS experience in that aspect.  However, I have used that feature via the Sybase ASE DBMS and it worked transparently to the PB Apps or IDE. ASE encrypts the server data & transmits it in the same fashion. However the native DB client (ie: SQLCA.DBMS = "ASE") decrypts the data stream (inbound to the PB App) and then hands that decrypted data stream over to the PB DB interface (PBASE.dll). So no changes to what the DB DB Client would normally see in a non-encrypted world.

   The reverse happens on the outbound request as the PB DB Driver hands the non-encrypted data stream over to the ASE DB Client which then now encrypts the data stream on its way to ASE DBMS server.

  I assume (hope) that MS-SS does it the same way. It will be interesting though to hear if any SS customers have used this SS feature and what their experiences were both functionally and performance wise.   ;-)

Regards .. Chris

Comment
  1. Michael Quintus
  2. Thursday, 27 June 2024 19:18 PM UTC
Thanks for the info Chris. Another thing to research!
  1. Helpful
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.