NNTP-Posting-Date: Thu, 21 Jun 2012 14:00:31 -0500 From: "Mojo" Newsgroups: comp.databases.ms-sqlserver,microsoft.public.sqlserver,microsoft.public.sqlserver.misc,microsoft.public.sqlserver.programming Subject: encrypt, not encrypt, why encrypt and how encrypt? Date: Thu, 21 Jun 2012 20:00:15 +0100 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.5512 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512 Message-ID: Lines: 34 X-Usenet-Provider: http://www.giganews.com X-Trace: sv3-4c8bZcC0miJ1S+dvbdqzallnO91Din8YQ0ndFItntgYjw1fLTLuPxUrKWwhOmddLfdBS0qSkOKZz81q!EluTSDhEmYE4q/Qa01h9daANJCN/qrw6hx3Gmz1+LznaLwijwABgdTz1jv1ir7cGUNWptRtTGYu0!Mgpba9memyY+8siRcFB33DrmtA== X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.3.40 X-Original-Bytes: 2613 Path: csiph.com!usenet.pasdenom.info!news.stben.net!border3.nntp.ams.giganews.com!Xl.tags.giganews.com!border1.nntp.ams.giganews.com!nntp.giganews.com!local2.nntp.ams.giganews.com!nntp.brightview.co.uk!news.brightview.co.uk.POSTED!not-for-mail Xref: csiph.com comp.databases.ms-sqlserver:1140 Hi All I know what I'm about to put down is probably more theorectical than an pure Db prob, but I don't know where else to post!! :0) Basically I've created a classic asp web app that connects to an sql 2008 express db via ssl and even though the whole sys runs on/through ssl I've been told that I should encrypt certain parts of the db's content just in case anybody gets onto my server and hacks into the db. Now I started to use an old Base64 encryption with a key bit of code that I've had for a bit, but somebody told me that base64 just converts the text into a better transport method rather than actually encrypting it and its easy to hack, but I've put a long key in and it doesn't seem to convert back and forth properly without knowing the key - are they right?? Should I be using something else? Having started to encrypt certain parts, eg a person's name, dob, etc, it suddenly dawned on me that although I'm encrypting and decrypting as I go if I want to do search queries then it ain't gonna work. For example if I want to find all the people with 'gar' in their name then this isn't going to work and if I want to find all the people who are born between Apr and May then this isn't either. My second query is, if I've got the dbs on a dedicated server running only one site, loads of password access only stuff and on https do I really need to encrypt db fields as well?? If so, how do I get round these query (and sort order) issues?? Thanks M