News:

Looking for documentation? Take a look on our wiki

Main Menu

Data Encryption

Started by mrtrung, October 30, 2012, 05:15:59 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

mrtrung

October 30, 2012, 05:15:59 AM Last Edit: September 22, 2013, 11:39:27 AM by Maxim Pishnyak
Hi All,
according to the tutorial it is possible to set the encryption function of data stored in the db.
would it be possible to get a listing of fields that would be encrypted in the database?

We are looking to create an e-commerce site and would like all information stored in the database, such as: customer name, order information, shipping address and billing address, to be encrypted.
We are not planning on storing credit card data, but considering storing a truncated version of the credit card data? for example 4321********1234
Thank you,

Manson

#1
November 20, 2012, 20:12:09 PM Last Edit: November 20, 2012, 20:17:33 PM by Manson
To encrypt any information,you can use  Rohos Disk or  Rohos Mini drive.
Encrypts data, Skype, ICQ, browsers and more

Click SSL

#2
December 06, 2012, 12:39:24 PM
Implementing this carries a few challenges, questions, and concerns:

1. What is the schema of our database? If we were just storing the CreditCardNumber and CreditCardExpiration fields as plain-text, they'd likely be just varchar fields. But now that we want to encrypt them, what data type should these fields be?
2. How do we enrcypt the data before inserting it into the database? Likewise, once we read back the database data how can we decrypt it so that we can see it's plain-text value?
3. What encryption algorithm should be used, and how does the choice of the encryption routine affect the overall security of this approach? More bluntly, if a hacker gets his hands on this encrypted payment information, will he be able to decrypt it?
4. What consequences, if any, does encrypting the data stored in a table carry? Does it impede performance? Usability? Maintainability? Does it limit what queries I can run against the underlying data?

These are all great questions that we'll tackle throughout this article, some now, some later.

In order to store the encrypted data we'll use a field of type varbinary. That is, the encrypted data will be saved as a series of bytes. This means that from our ASP.NET application, when inserting or updating encrypted data, we'll need to:

1. Take the user's plain-text input,
2. Encrypt it,
3. Convert it from a string into a byte array, and, finally,
4. Issue the INSERT/UPDATE statement

Conversely, when reading the encrypted data from the database we'll need to do, essentially, the inverse:

1. Read the encrypted data from the database using a SELECT statement,
2. Convert it from a byte array into a string,
3. Decrypt it, and, finally
4. Work with the plain-text data

Get more from this link: http://www.4guysfromrolla.com/articles/081705-1.aspx
Print
Go Up Pages1
User actions