>>>A client wants to do encryption on database level (Transparent Data Encryption (TDE)).
>>>
>>>One question that comes up is, if we need to do any changes in our client application, or that is done only on the database without any need of adaptions on the queries or database connection?
>>>
>>>we are using SQLSTRINGCONNECT and SQLEXEC in VFP with the Standard SQL ODBC driver.
>>
>>TDE is a pain to set up: it depends on a key that must be available at server bootup. Read through the setup procedure.
>>
>>Always Encrypted is just that: it is encrypted always, even in sql server memory (I have no idea how they do that) right up to the ODBC driver, which does the decryption in your app. It is the safest and the easiest encryption procedure.
>>
>>Hank
>
>Thanks, that would mean I need to use a specific ODBC driver? because if I understand it correctly, it needs to do the encryption on the application level?
You would have to use a driver that supported Always Encrypted:
https://docs.microsoft.com/en-us/sql/connect/odbc/using-always-encrypted-with-the-odbc-driver?view=sql-server-2017 And yes, you can encrypt just certain columns.
Hank