I have just created a database secured with a symmetric key.
The question is, How can I access the database with a secure conncection from a standalone C# application created in .net 3.5 and SQL Server 2008 (as sql database is a part of application)
Just putting the the key inside the .exe file would be an unsecure way to access the data,or am I missing something?
Please provide specific guide as I am (almost) new to sql.
Thanks.
Update:I mean, I have encrypted a table column with sensitive data to avoid data abuse.
And I want to write a c# code which automatically decrypt ,perform read or write actions on the data column and encrypt again.
The problem is, if I write the direct password inside the code,the whole implementation would be useless.
What exactly did you do? There is no such thing as you describe. You may had created a symmetric key, but that is something completely different from ‘securing’ a database.
Use SSL. See Encrypting Connections to SQL Server for step-by-step instructions.
If you need more specific answer about SQL Server security and/or cryptography you will need to describe what are you trying to achieve. What are you trying to protect, and against what specific threat. You should also go over the Encryption Hierachy. As a general rule though, one can never embed a secret inside an application. Data encrypted by a key hierarchy derived form a password is decrypted by asking the user for the password.