With simple encryption, to access a stolen database you "only" need to have working credentials - so you would be relying on their secretness. One might also be able to
- decipher the database file (as it's just obfuscated, cf. Graeme's evaluation) or
- load the database file on a database engine without connecting - in case cache warming is activated, I would think one could access some "un-obfuscated" database pages from memory or
- let DBTRAN run against the (not loaded) transaction log to read SQL statements.
Well, I've just done the third (on own databases, yes), but I'm sure there are enough folks who are willing and able to succeed with points 1 or 2, if your data seems worthwhile.
In contrast, with a strongly encrypted file (and a secure DBKEY), the first method should be too difficult, and the second and third do not work at all - you can't load a strongly encrypted database (nor translate a log) without spcifying the DBKEY.
Bluesky
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.