Database Reference
In-Depth Information
SQL Azure offers new features, such as a firewall (as previously discussed); however, it doesn't yet
support data encryption natively (such as Transparent Data Encryption [TDE] and field-level
encryption), which places more emphasis on the other confidentiality techniques.
SQL Server, on the other hand, doesn't provide a native firewall (although it's possible to purchase
after-market database firewalls), but it offers strong encryption capabilities. Finally, both SQL Server and
SQL Azure offer hashing capabilities.
Because SQL Azure doesn't provide native encryption, your code needs to do all the hard work. Not
to worry! In this chapter, you see how to implement hashing and encryption using C# and how to store
the ciphertext in SQL Azure (or SQL Server, for that matter).
Integrity
Data
integrity
refers to the objective of ensuring that information is modified only by authorized users.
Integrity of data can be compromised in multiple ways, such as a malicious SQL Injection attack or the
unintentional execution of a
TRUNCATE
statement on a table, wiping out all the records. You can
implement integrity measures in a database as follows:
•
Authorization
. Controls who can change what data
•
Backup
. Creates a transactionally consistent database snapshot from which data
can be recovered
•
Roles-based access
. Provides the minimum access rights to different roles in a
company, such as developers and support
Auditing
. Tracks database access and data changes to provide an audit trail for
forensic analysis
From an integrity standpoint, SQL Azure doesn't yet provide the same capabilities as SQL Server.
SQL Azure does deliver strong authorization capabilities, similar to SQL Server 2008. However, regular
database backups and activity auditing aren't available as of this writing. Microsoft is building new
backup mechanisms for SQL Azure, above and beyond the BCP (Bulk Copy Program) operations
available now. See Chapter 5 for more information about how to back up your data in SQL Azure.
•
Availability
Availability
ensures service uptime so your data can be accessed when it's needed. Designing highly
available systems can be very complex and requires advanced knowledge in multiple areas including
disk configuration, system administration, disaster-recovery locations, and more. The following are
some of the technologies involved in high availability:
•
Redundant disks
. Can recover from the loss of a disk spindle. Usually involves a
RAID configuration.
•
Redundant networks
. Can survive the loss of multiple network components, such
as a network card or a router.
•
Redundant services
. Can survive the interruption of services such as security and
databases. An example is the use of Microsoft Cluster Service.
•
Redundant hardware
. Can survive the loss of machine hardware, such as a CPU or
a memory chip.
