Security and full-text indexes for single databases

When you create a full-text index for a single database, selecting the option Index encrypted fields can compromise system security

Security might be compromised in the following ways:

  • Search results might display a list of all documents that contain a specific word or phrase, even in encrypted fields. The user won't be able to read the field but will know that the document contains the word or phrase. For example, the Employee form in the Personnel database contains the encrypted field Salary. Any user can search the full-text index for "50,000," and documents that contain that figure are included in the search results. However, the user cannot read the contents of the field without the encryption key.
  • A full-text index file is unencrypted plain text; therefore, anyone with access to the server can read the file. A user may be able to read text that was previously encrypted.
  • The encryption key, which is part of the server ID, is active for all databases on the server. If you index a different database and do not deselect Index encrypted fields, any fields using that encryption key are compromised.