Mojo
2012-06-21 19:00:15 UTC
Hi All
I know what I'm about to put down is probably more theorectical than an pure
Db prob, but I don't know where else to post!! :0)
Basically I've created a classic asp web app that connects to an sql 2008
express db via ssl and even though the whole sys runs on/through ssl I've
been told that I should encrypt certain parts of the db's content just in
case anybody gets onto my server and hacks into the db.
Now I started to use an old Base64 encryption with a key bit of code that
I've had for a bit, but somebody told me that base64 just converts the text
into a better transport method rather than actually encrypting it and its
easy to hack, but I've put a long key in and it doesn't seem to convert back
and forth properly without knowing the key - are they right?? Should I be
using something else?
Having started to encrypt certain parts, eg a person's name, dob, etc, it
suddenly dawned on me that although I'm encrypting and decrypting as I go if
I want to do search queries then it ain't gonna work. For example if I want
to find all the people with 'gar' in their name then this isn't going to
work and if I want to find all the people who are born between Apr and May
then this isn't either.
My second query is, if I've got the dbs on a dedicated server running only
one site, loads of password access only stuff and on https do I really need
to encrypt db fields as well?? If so, how do I get round these query (and
sort order) issues??
Thanks
M
I know what I'm about to put down is probably more theorectical than an pure
Db prob, but I don't know where else to post!! :0)
Basically I've created a classic asp web app that connects to an sql 2008
express db via ssl and even though the whole sys runs on/through ssl I've
been told that I should encrypt certain parts of the db's content just in
case anybody gets onto my server and hacks into the db.
Now I started to use an old Base64 encryption with a key bit of code that
I've had for a bit, but somebody told me that base64 just converts the text
into a better transport method rather than actually encrypting it and its
easy to hack, but I've put a long key in and it doesn't seem to convert back
and forth properly without knowing the key - are they right?? Should I be
using something else?
Having started to encrypt certain parts, eg a person's name, dob, etc, it
suddenly dawned on me that although I'm encrypting and decrypting as I go if
I want to do search queries then it ain't gonna work. For example if I want
to find all the people with 'gar' in their name then this isn't going to
work and if I want to find all the people who are born between Apr and May
then this isn't either.
My second query is, if I've got the dbs on a dedicated server running only
one site, loads of password access only stuff and on https do I really need
to encrypt db fields as well?? If so, how do I get round these query (and
sort order) issues??
Thanks
M