Re: Encrypting data in SQL 2005
- From: "David Browne" <davidbaxterbrowne no potted meat@xxxxxxxxxxx>
- Date: Thu, 18 May 2006 19:25:17 -0500
"Jim Youmans" <jdyoumans@xxxxxxxxx> wrote in message
news:1147976240.393623.190210@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
The application is a web app for checking on personal information
(think www.citibank.com). The app would need to decrypt private data
(like ssn or CC# or whatever) for display to the user. The user would
not have access (or knowledge) of the encryption method or anything
else.
Am I going down the wrong track here? Maybe I need to look at this
from a different angle?
You can store the password in your application's configuration. Then secure
that using the OS.
There is specific tooling to make this easy in asp.net 2.0 applications.
How To: Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000005.asp
How To: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000006.asp
Otherwise you need to use the crypto API stuff to put the password (or a key
to encrypt it) in the OS secure store.
David
.
- References:
- Encrypting data in SQL 2005
- From: Jim Youmans
- Re: Encrypting data in SQL 2005
- From: David Browne
- Re: Encrypting data in SQL 2005
- From: Jim Youmans
- Re: Encrypting data in SQL 2005
- From: Laurentiu Cristofor [MSFT]
- Re: Encrypting data in SQL 2005
- From: Jim Youmans
- Encrypting data in SQL 2005
- Prev by Date: Windows authentication to sql server 2000 question
- Next by Date: Re: Am I doing this right?
- Previous by thread: Re: Encrypting data in SQL 2005
- Next by thread: Error 18452 Login failed for user <null>. The user account is not associated with a trusted SQL Server Connection
- Index(es):
