If you specify a password in the “Encrypt compressed files” section, then the backup files will be encrypted.
Why Should Backups Be Encrypted?
Backup encryption protects you from data theft. If a hacker receives access to your backup storage, he will be able to restore the backup on his server and gain access to all the data in the database. However, if the backup is encrypted, then nothing can be extracted from the file without a password.
How Does SqlBak Encrypt Backups?
SqlBak encrypts the backups during compression. Essentially, SqlBak simply sets the password for the backup archives. The compression utilities (zip\7zip) use the AES-256 encryption algorithm.
If the compression option is disabled, but the encryption option is enabled, then compression will still be enabled with the minimum compression ratio.
Unlike the password that is required for authorization on the SqlBak website, the archive password is very vulnerable to brute-force attacks. A potential hacker is not limited in any way in the number of attempts to guess a password for a backup archive on his server.
To minimize risks, use the longest possible password, preferably in the form of a sentence. A shorter password such as “x8)oL%4&” can be figured out in a matter of hours. But the heat death of the universe may occur before a longer password such as “MyImaginationRulesTheWorld” can be cracked.
Alternative for Microsoft SQL Server: Transparent Data Encryption (TDE)
If you are using SQL Server, you can also use Transparent Data Encryption (TDE) to encrypt your database backup. TDE is a feature that encrypts the data in the database and log files directly, and the encryption occurs on the fly. TDE provides a good level of protection for your data, but you should be aware of its limitations and potential impact on performance.