>>A client wants to do encryption on database level (Transparent Data Encryption (TDE)).
>>
>>One question that comes up is, if we need to do any changes in our client application, or that is done only on the database without any need of adaptions on the queries or database connection?
>>
>>we are using SQLSTRINGCONNECT and SQLEXEC in VFP with the Standard SQL ODBC driver.
>
>Apparently SQL Server 2016 and later support "Always Encrypted":
>
>
https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-2017>
https://docs.microsoft.com/en-us/sql/connect/odbc/using-always-encrypted-with-the-odbc-driver?view=sql-server-2017>
>It says earlier Enterprise versions have that feature as well, if you happen to be using that version.
>
>I read that as the data encrypted in the database, so if you have it hosted, say, at a cloud provider, the provider can't view your data.
>
>ISTR an ODBC connection option/parameter that encrypts network traffic between the client workstation and the SQL Server. That encrypts the traffic but doesn't encrypt the data within the database itself.
>
>I don't know if the "Standard" SQL Server ODBC driver supports either of the above; you may need to use either the Native Client or late-version ODBC drivers.
Thanks for the detailed information, I guess the best would be to advise the client to use version 2016. I don't know if they also look at the traffic to be encrypted, but their first question was about the database itself.
Christian Isberner
Software Consultant