|
|
|
|
|
|
by sebazzz
747 days ago
|
|
|
It sounds like they are using/implementing something similar to SQL Server Always Encrypted[0]. This basically works by encrypting specific fields using a certificate that needs to be supplied by the connecting SQL client (application). Obvious limitations is that you can't use the fields for sorting in queries (ORDER BY), and depending if deterministic encryption is not enabled, you can't use it in filters (WHERE) either. Same applies for any T-SQL logic on the data fields - because the encrypted blob is opaque to SQL Server - it is decrypted client-side. There is no workaround, except for pulling the data locally and sorting client-side. [0]: https://learn.microsoft.com/en-us/sql/relational-databases/s... |
|
|
This is a reasonable limitation when you're aware of the attacks on Order Revealing Encryption: https://blog.cryptographyengineering.com/2019/02/11/attack-o...