DATABASE MANAGEMENT
Security and full-text indexes for single databases
When you create a full-text index for a single database, selecting the option "Index encrypted fields" can compromise system security in the following ways:
Search results might display a list of all documents that contain a specific word or phrase, even in encrypted fields. The user won't be able to read the field but will know that the document contains the word or phrase. For example, the Employee form in the Personnel database contains the encrypted field Salary. Any user can search the full-text index for "50,000," and documents that contain that figure are included in the search results. However, the user cannot read the contents of the field without the encryption key.
A full-text index file is unencrypted plain text; therefore, anyone with access to the server can read the file. A user may be able to read text that was previously encrypted.
The encryption key, which is part of the server ID, is active for all databases on the server. If you index a different database and do not deselect "Index encrypted fields," any fields using that encryption key are compromised.
Related topics
Encryption
Full-text indexes for single databases
Glossary
Feedback on
Help
or
Product Usability
?
Help on Help
All Help Contents
Glossary