But Rob, that's not the way it's typically done - or it shouldn't be!
There are several ways to do this, a common one being to use a udf that
handles the encryption/decryption and manages the keys. Whether what's
returned is the decrypted ssn, a token value or a masked value will
depend on permissions set elsewhere.
On 2/18/2014 5:52 PM, rob@xxxxxxxxx wrote:
You can create a view that has all the decryption performed automatically.
create view myfileVIEW as (select name, mothersmaidenname, decrypt(ssn,
key), yearlysalary, decrypt(creditcardnumber, key) from myfile). So the
table is 'encrypted' and now the person can simply do "select name,
mothersmaidenname, ssn, yearlysalary, creditcardnumber from myfileVIEW".
Probably gets the regulatory agencies off your back because technically
your data is 'encrypted' but is it really that secure?