• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 348
  • Last Modified:

security for sensitive package moving from dev to dba

the ssis package - when we transfer to the dba, we keep the security on the package as 'do not store key/password' option. but there is a package we are working which involves more secure details and data (financial etc).. the dba has asked to provide proper security before putting in the network drive for them to pick up..

what security do you recommend? how would you do it if you were the programmer?
3 Solutions
Kent DyerIT Security Analyst SeniorCommented:
Depends on what restrictions your organization has.  Are you dealing with a bank (financial institution) then you may fall under SOXX (Sarbannes Oxley)..  If you are under healthcare, then HIPPA may come into place.  It really is dependent on what your organization's best practices are defined or setup.

I mean, you can Zip the file with WinZip or another compression program with AES 128 or 256 bit compression.
You can use IPSwitch's MoveIT which offers encryption
You can use PGP
There some mail vaults you can use as well


25112Author Commented:
actually, kent, I am think at package level security. (encrypt this data with a password or a user key etc - (Protection Level of Packages)..
Alpesh PatelAssistant ConsultantCommented:
Create folder permission to those user or application user who will use the package. other than that user revoke permissions.
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Jason Yousef, MSSr. BI DeveloperCommented:

There're different ways and levels of security,

The most common will be "EncryptSensitiveWithPassword" or "EncryptAllWithPassword " and you can supply the password in the sql agent job, dtutel or whenever your need to run it.

Also check that link and it'll give you more information



25112Author Commented:
OK- so EncryptAllWithPassword seems like best option- we can just give the password to next person in line who needs to open and use the package/solution.

if we need to schedule this job everyday (with the EncryptAllWithPassword protection) is there going to be a problem?
Jason Yousef, MSSr. BI DeveloperCommented:
Nope, no problem whatever.

If the package encryption level is EncryptSensitiveWithPassword or EncryptAllWithPassword, use the Decrypt option to provide the password. If you do not inlude a password, dtexec will prompt you for the password.

from: http://msdn.microsoft.com/en-us/library/ms138023.aspx
25112Author Commented:
i could not see 'decryp' option in job properties.. is that where it is?
Jason Yousef, MSSr. BI DeveloperCommented:
When you schedule the job, click on "COMMAND LINE", then select "edit the command line manually"

then add /decrypt password a

all the options are discussed here
25112Author Commented:
v good - thanks all

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now