Mojo
unread,Jun 21, 2012, 3:00:57 PM6/21/12You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to
Hi All
I know what I'm about to put down is probably more theorectical than an pure
Db prob, but I don't know where else to post!! :0)
Basically I've created a classic asp web app that connects to an sql 2008
express db via ssl and even though the whole sys runs on/through ssl I've
been told that I should encrypt certain parts of the db's content just in
case anybody gets onto my server and hacks into the db.
Now I started to use an old Base64 encryption with a key bit of code that
I've had for a bit, but somebody told me that base64 just converts the text
into a better transport method rather than actually encrypting it and its
easy to hack, but I've put a long key in and it doesn't seem to convert back
and forth properly without knowing the key - are they right?? Should I be
using something else?
Having started to encrypt certain parts, eg a person's name, dob, etc, it
suddenly dawned on me that although I'm encrypting and decrypting as I go if
I want to do search queries then it ain't gonna work. For example if I want
to find all the people with 'gar' in their name then this isn't going to
work and if I want to find all the people who are born between Apr and May
then this isn't either.
My second query is, if I've got the dbs on a dedicated server running only
one site, loads of password access only stuff and on https do I really need
to encrypt db fields as well?? If so, how do I get round these query (and
sort order) issues??
Thanks
M