Friday, February 24, 2012

Best approach to encrypt data?

Hi,

I want to encrypt certain data like password, ssn, credit card info etc before saving in database. Also, this encrypted data can be queried using standard SQL statements like:

select * from users where userid=454 and password = 'encrypted data'

The mechanism to encrypt data could be in a .net application. The code that does encryption/decryption should also be protected so that it doesnt work if it falls in wrong hands.

Can anyone suggest what would be the best way to accomplish above?

thanks,
dapi

You can start with the following links

http://www.microsoft.com/technet/prodtechnol/sql/2005/sqlencryption.mspx

http://articles.techrepublic.com.com/5100-22-5083541.html

Hope this helps

|||

I would suggest reading "Writing Secure Code", Chapter 6. It has a number of examples of how to encrypt data on a Windows platform, and where people make common mistakes. The book is fairly cheap ($0.10 per page) and probably available at the library. I understand C# has a rather extensive crypto library, but knowing how and why is probably better than just "plugging and chugging".

Hope that helps,

John

No comments:

Post a Comment