In Chapter 5, you learned about the SQL Server encryption hierarchy and how data can be encrypted as part of a defense-in-depth strategy. In some situations, however, encrypted cells can become vulnerable to attack. In this chapter, you will learn about whole value substitution attacks and how to prevent them.

During a whole value substitution attack, instead of attempting to decrypt or stealing encrypted value, the attacker replaces the encrypted value with a different encrypted value, which benefits him.