I have a number of both classic asp and asp.net applications which are
writing data into a sql server 2000 database. I am am looking at a least
effort way of encrypting some of these details, I was thinking the best way
might be to create a trigger on the relevant database fields which encrypts
the information on insert. I am not sure what should go into the trigger to
do the encryption, any ideas?
There are a couple of issues to note
1. It would have to be a strong encryption algorithm like triple DES.
2. Data would from the database needs to be extracted into a vb.net
application which would need to be able to decrypt it, ideally with the
encryption functions built into .Net.
3. Encrypting the data in the asp/asp.net code before inserting is not
particularly practical due to the large number of separate applications.
ScottThere are 3rd party vendors that offer databse encryption, that SQL 2000
cannot natively provide.
Here's one of the vendors.
http://www.protegrity.com/
Some articles that may be of interest.
325757 INF: Using SQL Server 2000 with FIPS 140-1 Ciphers
http://support.microsoft.com/?id=325757
331367 PRB: Cannot Decrypt Data Using Data Encryption Standard (DES) Key
Across
http://support.microsoft.com/?id=331367
Building Secure ASP.NET Applications: Authentication, Authorization, and
Secure Communication
http://msdn.microsoft.com/library/d...-us/dnnetsec/ht
ml/SecNetHT08.asp
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.|||Hmmm .. Interesting. I am not a supporter of writing this in a trigger
personally. This will not be efficient and you will land up writing an
Extended stored procedures to do the encryption for you. In SQL Server 2005
this is out of the box feature to use and capitalize.
As a strategy I would always support things to be done in the middle tier
and then encrypting and decrypting them at that layer rather than sending it
to database and later trying to encrypt before inserting. Just my personal
views ...
HTH,
Vinod Kumar
MCSE, DBA, MCAD, MCSD
http://www.extremeexperts.com
Books Online for SQL Server SP3 at
http://www.microsoft.com/sql/techin.../2000/books.asp
"scottrm" <scottrm@.newsgroup.nospam> wrote in message
news:3CE2425A-6063-48B3-A2DF-76C6F37AA06A@.microsoft.com...
> I have a number of both classic asp and asp.net applications which are
> writing data into a sql server 2000 database. I am am looking at a least
> effort way of encrypting some of these details, I was thinking the best
way
> might be to create a trigger on the relevant database fields which
encrypts
> the information on insert. I am not sure what should go into the trigger
to
> do the encryption, any ideas?
> There are a couple of issues to note
> 1. It would have to be a strong encryption algorithm like triple DES.
> 2. Data would from the database needs to be extracted into a vb.net
> application which would need to be able to decrypt it, ideally with the
> encryption functions built into .Net.
> 3. Encrypting the data in the asp/asp.net code before inserting is not
> particularly practical due to the large number of separate applications.
>
> --
> Scott
No comments:
Post a Comment