info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
encrypt, not encrypt, why encrypt and how encrypt?
1 view
Skip to first unread message
Mojo
Jun 21, 2012, 3:00:57 PM6/21/12
to
Hi All
I know what I'm about to put down is probably more theorectical than an pure
Db prob, but I don't know where else to post!! :0)
Basically I've created a classic asp web app that connects to an sql 2008
express db via ssl and even though the whole sys runs on/through ssl I've
been told that I should encrypt certain parts of the db's content just in
case anybody gets onto my server and hacks into the db.
Now I started to use an old Base64 encryption with a key bit of code that
I've had for a bit, but somebody told me that base64 just converts the text
into a better transport method rather than actually encrypting it and its
easy to hack, but I've put a long key in and it doesn't seem to convert back
and forth properly without knowing the key - are they right?? Should I be
using something else?
Having started to encrypt certain parts, eg a person's name, dob, etc, it
suddenly dawned on me that although I'm encrypting and decrypting as I go if
I want to do search queries then it ain't gonna work. For example if I want
to find all the people with 'gar' in their name then this isn't going to
work and if I want to find all the people who are born between Apr and May
then this isn't either.
My second query is, if I've got the dbs on a dedicated server running only
one site, loads of password access only stuff and on https do I really need
to encrypt db fields as well?? If so, how do I get round these query (and
sort order) issues??
Thanks
M
I know what I'm about to put down is probably more theorectical than an pure
Db prob, but I don't know where else to post!! :0)
Basically I've created a classic asp web app that connects to an sql 2008
express db via ssl and even though the whole sys runs on/through ssl I've
been told that I should encrypt certain parts of the db's content just in
case anybody gets onto my server and hacks into the db.
Now I started to use an old Base64 encryption with a key bit of code that
I've had for a bit, but somebody told me that base64 just converts the text
into a better transport method rather than actually encrypting it and its
easy to hack, but I've put a long key in and it doesn't seem to convert back
and forth properly without knowing the key - are they right?? Should I be
using something else?
Having started to encrypt certain parts, eg a person's name, dob, etc, it
suddenly dawned on me that although I'm encrypting and decrypting as I go if
I want to do search queries then it ain't gonna work. For example if I want
to find all the people with 'gar' in their name then this isn't going to
work and if I want to find all the people who are born between Apr and May
then this isn't either.
My second query is, if I've got the dbs on a dedicated server running only
one site, loads of password access only stuff and on https do I really need
to encrypt db fields as well?? If so, how do I get round these query (and
sort order) issues??
Thanks
M
hardrock...@gmail.com
Feb 8, 2013, 2:29:21 AM2/8/13
to
by encrypting the search string, wouldn't it match the user's name anyway?
eg. search for 'gar' encrypted would match 'gerald garth' in encrypted format?
I just encrypt the passwords using ASPCRypt, it's one way only (can't get back the encrypted text) but that, and some anti-injection coding has my wife's side catering business going strong on SQL/ASP.net for some time.
Mike Lalonde Sudbury, Ontario
eg. search for 'gar' encrypted would match 'gerald garth' in encrypted format?
I just encrypt the passwords using ASPCRypt, it's one way only (can't get back the encrypted text) but that, and some anti-injection coding has my wife's side catering business going strong on SQL/ASP.net for some time.
Mike Lalonde Sudbury, Ontario
0 new messages