I am a developer tasked with maintaining a legacy application that is written in VB6. With the upcoming introduction of GDPR we are working on an encryption solution for our users. Our users use a variety of different versions of SQL Server and a variety of OS's. They host their own databases on their own servers.
I have come up with an idea of using column level encryption on the tables using certificates installed on the database server, then using a view to retrieve unencrypted data. Then using an INSTEAD OF trigger to update the encrypted data.
This means no changes to the application for data access. Unfortunately, because we connect via an ADODB.Recordset in many places the system will not allow the data to be updated (it throws an OLE DB generated error).
My next idea was to implement object model classes within the VB6 code and save via a stored procedure. This will involve allot of laborious code changes so we would ideally like to avoid this.
Does anybody have any experience solving this issue or any advice regarding implementing the correct form of encryption to enable our clients to be compliant?
Thanks in advance
Best Answer
I hope it is permitted to mention our third party product, NetLib Encryptionizer. It provides Transparent Data Encryption for all versions and editions of SQL Server including Express.