Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.databases.ms-sqlserver > #1140

encrypt, not encrypt, why encrypt and how encrypt?

From "Mojo" <please@dont.spam.com>
Newsgroups comp.databases.ms-sqlserver, microsoft.public.sqlserver, microsoft.public.sqlserver.misc, microsoft.public.sqlserver.programming
Subject encrypt, not encrypt, why encrypt and how encrypt?
Date 2012-06-21 20:00 +0100
Message-ID <s72dnZ1liZTN8n7SnZ2dnUVZ8kOdnZ2d@brightview.co.uk> (permalink)

Cross-posted to 4 groups.

Show all headers | View raw

Hi All

I know what I'm about to put down is probably more theorectical than an pure 
Db prob, but I don't know where else to post!! :0)

Basically I've created a classic asp web app that connects to an sql 2008 
express db via ssl and even though the whole sys runs on/through ssl I've 
been told that I should encrypt certain parts of the db's content just in 
case anybody gets onto my server and hacks into the db.

Now I started to use an old Base64 encryption with a key bit of code that 
I've had for a bit, but somebody told me that base64 just converts the text 
into a better transport method rather than actually encrypting it and its 
easy to hack, but I've put a long key in and it doesn't seem to convert back 
and forth properly without knowing the key - are they right??  Should I be 
using something else?

Having started to encrypt certain parts, eg a person's name, dob, etc, it 
suddenly dawned on me that although I'm encrypting and decrypting as I go if 
I want to do search queries then it ain't gonna work.  For example if I want 
to find all the people with 'gar' in their name then this isn't going to 
work and if I want to find all the people who are born between Apr and May 
then this isn't either.

My second query is, if I've got the dbs on a dedicated server running only 
one site, loads of password access only stuff and on https do I really need 
to encrypt db fields as well??  If so, how do I get round these query (and 
sort order) issues??

Thanks

M

Back to comp.databases.ms-sqlserver | Previous | NextNext in thread | Find similar

Thread

encrypt, not encrypt, why encrypt and how encrypt? "Mojo" <please@dont.spam.com> - 2012-06-21 20:00 +0100
  Re: encrypt, not encrypt, why encrypt and how encrypt? Erland Sommarskog <esquel@sommarskog.se> - 2012-06-21 23:27 +0200

csiph-web