>>>>A client wants to do encryption on database level (Transparent Data Encryption (TDE)).
>>>>
>>>>One question that comes up is, if we need to do any changes in our client application, or that is done only on the database without any need of adaptions on the queries or database connection?
>>>>
>>>>we are using SQLSTRINGCONNECT and SQLEXEC in VFP with the Standard SQL ODBC driver.
>>>
>>>AFAIK the data is "transparently" encrypted and decrypted, so all your code will work without any changes.
>>
>>
>>Thanks, yes that is also how I understand it, but it would be too simple to be true? I just want to be careful not to promise anything and then we are liable to make it work.
>
>Why change the rules? First you make the promises, and then you make the excuses. And in the fine print you make the client pay for the whole thing, no matter what.. At least that's how most the huge contracts to the Norwegian authorities seem to work. :-)
That indeed would normally apply, but at this stage the client asked us to store the data encrypted in fields (the old fashioned way). But I am not so eager to do that, if we encrypt all names for instance, that would make it difficult to search on parts of the name etc. So if I can convince them to do it on their side on the SQL Server level, we are out of the loop and don't need to change the program.
Christian Isberner
Software Consultant