Identifying Sensitive Data

Previous page
Table of content
Next page

One of the founding security design principles for Integration Services was that passwords should never be stored in clear text. But it presents a problem. How does the persistence code know what properties are passwords or other sensitive data? For stock components that the SSIS team wrote, this wouldn't be a problem. All the password and sensitive properties could just share a common implementation of some encryption code. But, there needed to be a way to share the encryption code so that third-party custom component writers could also participate in the same encryption mechanism. So, it is necessary to somehow mark properties.

SSIS lets components differentiate between normal package data and sensitive data. To mark a property as sensitive, the component writes a Sensitive=True XML attribute to the property element when saving the component. Generally, when a property is marked as sensitive, it is a password. But the Sensitive attribute can protect any information that the custom component writer deems too sensitive to be stored in clear text. SSIS detects that attribute on properties and can give special treatment to a component's sensitive property values depending on the package-protection setting for the package.

For example, the Sensitive attribute for a password property on a task in package XML might look similar to the following.

<Password Sensitive="1" Encrypted="1">AQAAtAAqEzgw/o80More Data</Password>


This is the abbreviated XML for a property in an actual package. The SSIS runtime adds the Encrypted attribute so that it can detect that the value is encrypted and decrypt it when loading.

When the SSIS runtime saves a package, it writes all the data out to an in-memory document. It then searches the document for any nodes marked with the Sensitive attribute. If the SSIS runtime finds one, it encrypts the value of the node with either a password or user key or simply removes the value altogether, depending on the package-protection option. Then, it saves the entire document to disk.

It's a simple but important concept. This is covered in more detail in Chapter 24, "Building Custom Tasks," but for now it's important to understand how the SSIS runtime identifies sensitive properties.


Previous page
Table of content
Next page
Microsoft SQL Server 2005 Integration Services
Microsoft SQL Server 2005 Integration Services
ISBN: 0672327813
EAN: 2147483647
Year: 2006
Pages: 200
Authors: Kirk Haselden
BUY ON AMAZON
Project Management JumpStart
Inside Network Security Assessment: Guarding Your IT Infrastructure
Strategies for Information Technology Governance
SQL Tips & Techniques (Miscellaneous)
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy