Always Encrypted (SQL Server only)
- 2 minutes to read
XPO supports the Always Encrypted feature that allows you to protect sensitive data, such as credit card numbers. This article describes how to enable this feature and how it affects XPO functionality.
How to enable Always Encrypted
- Use SQL Server 2016 or newer.
- Configure Always Encrypted in your database.
- Enable Always Encrypted for application queries.
Always Encrypted Limitations
Since client applications do not reveal encryption keys to the database engine, many server-side operations do not work with encrypted columns. Refer to the Feature Details section for additional information.
Certain XPO functions do not work with encrypted columns due to Always Encrypted limitations, for example:
- Server Mode collections (XPServerCollectionSource, XPInstantFeedbackSource, XPServerModeView, XPInstantFeedbackView) cannot sort, filter, and group records against encrypted database columns. This restriction also applies to summary calculations. Disable these functions for corresponding columns in a data-bound control.
- LINQ to XPO sort, group, and filter data on the server side. Do not include encrypted columns in filter expressions and do not sort or group data against encrypted columns. If you use encrypted columns in projection operations, ensure that a projection expression does not require decryption on the server side.
- View collections (XPView, XPServerModeView, XPInstantFeedbackView) calculate expressions on the server side. If you use encrypted columns in view properties, ensure that a property expression does not require decryption on the server side.
- The Criteria or FixedFilterCriteria properties do not work if a filter expression contains encrypted columns.
You can sort and group against encrypted columns on the server side if you use the deterministic encryption.