DMZ databases

["Scott, Richard" <Richard.Scott () bestbuy com>]

Greetings all,

I was wondering what forms of database security anyone out there is
currently recommending for Customer held information in public databases.
One example could be Social Security numbers, another would be Credit Cards
information and so on.
I have seen some solutions use the SQL encrypt/decrypting (e/d) of a stored
procedure to access this information.  However, in the even that the SQL box
is compromised internally, this isn't affective.  Using symmetric
encryption is the problem.  Where do we store the keys, and if we write a
procedure to e/d the data., surely this could be executed by the person
compromising the Database.

Any thoughts, to how certain important information is stored in a DB?

Cheers
r.


Richard Scott   
BestBuy.Com
* Tel: 001-(612)-995-5432
* Fax: 001-(612)-947-2005
* Best Buy World Headquarters
7075 Flying Cloud Drive
Eden Prairie, MN 55344 USA

The views expressed in this email do not represent Best Buy
or any of its subsidiaries.